Module: Msf::Exploit::Remote::Web
- Includes:
- HttpClient, Tcp
- Defined in:
- lib/msf/core/exploit/remote/web.rb
Overview
This module exposes methods that may be useful to exploits that deal with webservers.
Constant Summary collapse
- WEB_PAYLOAD_STUB =
Default value for #web_payload_stub
'!payload!'
Instance Attribute Summary collapse
-
#web_payload_stub ⇒ Object
Optional stub to be replaced with the exploit payload.
Attributes included from HttpClient
Attributes included from Tcp
Instance Method Summary collapse
- #check ⇒ Object
- #cookies ⇒ Object
- #exploit ⇒ Object
- #get ⇒ Object
- #headers ⇒ Object
-
#initialize(info = {}) ⇒ Object
Creates an instance of a Telnet exploit module.
- #method ⇒ Object
- #path ⇒ Object
- #post ⇒ Object
- #tries ⇒ Object
Methods included from HttpClient
#basic_auth, #cleanup, #configure_http_login_scanner, #connect, #connect_ws, #deregister_http_client_options, #disconnect, #download, #full_uri, #handler, #http_fingerprint, #lookup_http_fingerprints, #normalize_uri, #path_from_uri, #peer, #proxies, #reconfig_redirect_opts!, #request_opts_from_url, #request_url, #rhost, #rport, #send_request_cgi, #send_request_cgi!, #send_request_raw, #service_details, #setup, #ssl, #ssl_version, #strip_tags, #target_uri, #validate_fingerprint, #vhost
Methods included from Auxiliary::Report
#active_db?, #create_cracked_credential, #create_credential, #create_credential_and_login, #create_credential_login, #db, #db_warning_given?, #get_client, #get_host, #inside_workspace_boundary?, #invalidate_login, #mytask, #myworkspace, #myworkspace_id, #report_auth_info, #report_client, #report_exploit, #report_host, #report_loot, #report_note, #report_service, #report_vuln, #report_web_form, #report_web_page, #report_web_site, #report_web_vuln, #store_cred, #store_local, #store_loot
Methods included from Metasploit::Framework::Require
optionally, optionally_active_record_railtie, optionally_include_metasploit_credential_creation, #optionally_include_metasploit_credential_creation, optionally_require_metasploit_db_gem_engines
Methods included from Tcp
#chost, #cleanup, #connect, #connect_timeout, #cport, #disconnect, #handler, #lhost, #lport, #peer, #print_prefix, #proxies, #rhost, #rport, #set_tcp_evasions, #shutdown, #ssl, #ssl_cipher, #ssl_verify_mode, #ssl_version
Instance Attribute Details
#web_payload_stub ⇒ Object
Optional stub to be replaced with the exploit payload.
Default stub is ‘WEB_PAYLOAD_STUB’.
23 24 25 |
# File 'lib/msf/core/exploit/remote/web.rb', line 23 def web_payload_stub @web_payload_stub end |
Instance Method Details
#check ⇒ Object
65 66 67 68 69 70 71 72 73 74 |
# File 'lib/msf/core/exploit/remote/web.rb', line 65 def check path = datastore['PATH'] print_status "Checking #{path}" response = send_request_raw( 'uri' => path ) return Exploit::CheckCode::Detected if response.code == 200 print_error "Server responded with #{response.code}" Exploit::CheckCode::Unknown end |
#cookies ⇒ Object
53 54 55 |
# File 'lib/msf/core/exploit/remote/web.rb', line 53 def substitute_web_payload_stub( datastore['COOKIES'], ',;' ) end |
#exploit ⇒ Object
76 77 78 79 80 81 82 83 84 85 |
# File 'lib/msf/core/exploit/remote/web.rb', line 76 def exploit print_status "Sending HTTP request for #{path}" res = perform_request if res print_status "The server responded with HTTP status code #{res.code}." else print_status 'The server did not respond to our request.' end handler end |
#get ⇒ Object
45 46 47 |
# File 'lib/msf/core/exploit/remote/web.rb', line 45 def get substitute_in_hash( parse_query( datastore['GET'] ) ) end |
#headers ⇒ Object
57 58 59 |
# File 'lib/msf/core/exploit/remote/web.rb', line 57 def headers substitute_in_hash( parse_query( datastore['HEADERS'] ) ) end |
#initialize(info = {}) ⇒ Object
Creates an instance of a Telnet exploit module.
27 28 29 30 31 32 33 34 35 36 37 38 39 |
# File 'lib/msf/core/exploit/remote/web.rb', line 27 def initialize( info = {} ) super ([ OptString.new( 'PATH', [ true, 'The path to the vulnerable script.', '/' ] ), OptString.new( 'GET', [ false, "GET parameters. ('foo=bar&vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)", "" ] ), OptString.new( 'POST', [ false, "POST parameters. ('foo=bar&vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)", "" ] ), OptString.new( 'COOKIES', [ false, "Cookies to be sent with the request. ('foo=bar;vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)", "" ] ), OptString.new( 'HEADERS', [ false, "Headers to be sent with the request. ('User-Agent=bar&vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)", "" ] ), ], self.class ) self.web_payload_stub = WEB_PAYLOAD_STUB end |
#method ⇒ Object
61 62 63 |
# File 'lib/msf/core/exploit/remote/web.rb', line 61 def method post.empty? ? 'GET' : 'POST' end |
#path ⇒ Object
41 42 43 |
# File 'lib/msf/core/exploit/remote/web.rb', line 41 def path Rex::Text.uri_encode( substitute_web_payload_stub( datastore['PATH'] ) ) end |
#post ⇒ Object
49 50 51 |
# File 'lib/msf/core/exploit/remote/web.rb', line 49 def post substitute_in_hash( parse_query( datastore['POST'] ) ) end |
#tries ⇒ Object
87 88 89 |
# File 'lib/msf/core/exploit/remote/web.rb', line 87 def tries 1 end |