Module: Msf::Exploit::Remote::HTTP::NagiosXi::Version

Includes:
URIs
Included in:
Msf::Exploit::Remote::HTTP::NagiosXi
Defined in:
lib/msf/core/exploit/remote/http/nagios_xi/version.rb

Instance Method Summary collapse

Methods included from URIs

#nagios_xi_backend_url, #nagios_xi_install_url, #nagios_xi_login_url

Instance Method Details

#nagios_xi_version(res_backend) ⇒ String?

Extracts the Nagios XI version information from an HTTP response body obtained after authentication. Works for index.php and perhaps other backend pages.

Parameters:

  • res_backend (String)

    HTTP response body

Returns:

  • (String, nil)

    , String containing the Nagios XI version if successful, nil otherwise


11
12
13
# File 'lib/msf/core/exploit/remote/http/nagios_xi/version.rb', line 11

def nagios_xi_version(res_backend)
  version = res_backend.scan(/product=nagiosxi&version=(.+?)&/)&.flatten&.first
end

#nagios_xi_version_no_authArray

Tries to obtain the Nagios XI version from the login.php page. This will not work for older Nagios XI versions.

Returns:

  • (Array)

    , Array containing the Nagios XI version and nil if successful, otherwise Array containing an error code and an error message


18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# File 'lib/msf/core/exploit/remote/http/nagios_xi/version.rb', line 18

def nagios_xi_version_no_auth
  res = send_request_cgi({
    'method' => 'GET',
    'uri' => ,
  })

  unless res
    return [1, 'Connection failed']
  end

  unless [200,302].include?(res.code) && res.body.include?('>Nagios XI<')
    return [3, 'Target is not a Nagios XI application']
  end

  nagios_version = res.body.scan(/name="version" value="(\d+\.\d+\.\d+)">/)&.flatten&.first

  if nagios_version.nil?
    return [2, 'Unable to obtain Nagios XI version from the login page.']
  end

  [nagios_version, nil]
end