retn versions in chk_setup, tests to reflect, doc
This commit is contained in:
parent
eb72edc84a
commit
4f81fcdc87
|
@ -15,7 +15,7 @@
|
|||
|
||||
## Scenarios
|
||||
|
||||
### Tested on PhpMyAdmin Versions 4.8.2, 4.8.1, 4.0.10.20
|
||||
### Tested on PhpMyAdmin Versions 4.0.10.20, 4.5.0, 4.8.1, 4.8.2, 5.0
|
||||
|
||||
```
|
||||
msf5 > use auxiliary/scanner/http/phpmyadmin_login
|
||||
|
@ -26,11 +26,8 @@
|
|||
msf5 auxiliary(scanner/http/phpmyadmin_login) > set password password
|
||||
password => password
|
||||
msf5 auxiliary(scanner/http/phpmyadmin_login) > run
|
||||
PhpMyAdmin Version: 4.8.2
|
||||
Token here: !il&>s3]t28i34x7
|
||||
Session ID: sruks7tm3bnh6jljb8h1q9gh6u
|
||||
Cookies: pma_lang=en; phpMyAdmin=anttidd9jgc8c2qnhn0kq4sshu;
|
||||
|
||||
[*] PhpMyAdmin Version: 4.8.2
|
||||
[+] 192.168.37.151:80 - Success: 'root:password'
|
||||
[*] Scanned 1 of 1 hosts (100% complete)
|
||||
[*] Auxiliary module execution completed
|
||||
|
|
|
@ -9,14 +9,14 @@ module Metasploit
|
|||
LOGIN_STATUS = Metasploit::Model::Login::Status
|
||||
|
||||
def check_setup
|
||||
version = "Not Detected"
|
||||
res = send_request({ 'uri' => uri })
|
||||
|
||||
if res && res.body.include?('phpMyAdmin')
|
||||
if res.body =~ /PMA_VERSION:"(\d+\.\d+\.\d+)"/
|
||||
version = Gem::Version.new($1)
|
||||
puts "PhpMyAdmin Version: #{version.to_s}"
|
||||
end
|
||||
return true
|
||||
return version.to_s
|
||||
end
|
||||
|
||||
false
|
||||
|
@ -32,9 +32,6 @@ module Metasploit
|
|||
token = Rex::Text.html_decode(res.body.scan(/token"\s*value="(.*?)"/).flatten[0])
|
||||
cookies = res.get_cookies.split[-2..-1].join(' ')
|
||||
|
||||
puts "Token here: #{token}"
|
||||
puts "Session ID: #{session_id}"
|
||||
puts "Cookies: #{cookies}"
|
||||
info = [session_id, token, cookies]
|
||||
return no_connect if (info.empty? || session_id.empty? || token.empty? || cookies.empty?)
|
||||
|
||||
|
|
|
@ -103,11 +103,14 @@ class MetasploitModule < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def run_host(ip)
|
||||
unless scanner(ip).check_setup
|
||||
phpmyadmin_res = scanner(ip).check_setup
|
||||
unless phpmyadmin_res
|
||||
print_brute(:level => :error, :ip => ip, :msg => "PhpMyAdmin is not available")
|
||||
return
|
||||
end
|
||||
|
||||
print_status("PhpMyAdmin Version: #{phpmyadmin_res}")
|
||||
|
||||
scanner(ip).scan! do |result|
|
||||
case result.status
|
||||
when Metasploit::Model::Login::Status::SUCCESSFUL
|
||||
|
|
|
@ -51,15 +51,14 @@ RSpec.describe Metasploit::Framework::LoginScanner::PhpMyAdmin do
|
|||
describe '#check_setup' do
|
||||
let(:phpMyAdmin_res) do
|
||||
res = Rex::Proto::Http::Response.new(200, 'OK')
|
||||
res.body = '<h1>Welcome to <bdo dir="ltr" lang="en">phpMyAdmin</bdo></h1>'
|
||||
res.body = '<h1>Welcome to <bdo dir="ltr" lang="en">phpMyAdmin</bdo></h1> PMA_VERSION:"4.8.2"'
|
||||
res
|
||||
end
|
||||
|
||||
context 'when the target is PhpMyAdmin' do
|
||||
let(:response) { phpMyAdmin_res }
|
||||
it 'should return true' do
|
||||
expect(subject.check_setup).to eql(true)
|
||||
end
|
||||
let(:phpMyAdmin_no_vers) do
|
||||
res = Rex::Proto::Http::Response.new(200, 'OK')
|
||||
res.body = '<h1>Welcome to <bdo dir="ltr" lang="en">phpMyAdmin</bdo></h1>'
|
||||
res
|
||||
end
|
||||
|
||||
context 'when the target is not PhpMyAdmin' do
|
||||
|
@ -67,6 +66,20 @@ RSpec.describe Metasploit::Framework::LoginScanner::PhpMyAdmin do
|
|||
expect(subject.check_setup).to eql(false)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the version of PhpMyAdmin is detected' do
|
||||
let(:response) { phpMyAdmin_res }
|
||||
it 'should return the version' do
|
||||
expect(subject.check_setup).to eql("4.8.2")
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the version of PhpMyAdmin is not detected' do
|
||||
let(:response) { phpMyAdmin_no_vers }
|
||||
it 'should return "Not Detected"' do
|
||||
expect(subject.check_setup).to eql("Not Detected")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#get_session_info' do
|
||||
|
|
Loading…
Reference in New Issue