refactor tomcat_mgr_deploy

2014-06-04 16:22:22 -05:00 · 2014-06-04 16:22:22 -05:00 · 62866374b8
parent f22447f91e
commit 62866374b8
1 changed files with 31 additions and 18 deletions
--- a/modules/exploits/multi/http/tomcat_mgr_deploy.rb
+++ b/modules/exploits/multi/http/tomcat_mgr_deploy.rb
@ -118,15 +118,7 @@ class Metasploit3 < Msf::Exploit::Remote
      return CheckCode::Unknown
    end

-    report_auth_info(
-      :host   => rhost,
-      :port   => rport,
-      :sname  => (ssl ? "https" : "http"),
-      :user   => datastore['USERNAME'],
-      :pass   => datastore['PASSWORD'],
-      :proof  => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
-      :active => true
-    )
+    report_tomcat_credential

    vprint_status("Target is #{detect_platform(res.body)} #{detect_arch(res.body)}")
    return CheckCode::Appears
@ -209,15 +201,7 @@ class Metasploit3 < Msf::Exploit::Remote
      fail_with(Failure::Unknown, "Upload failed on #{path_tmp} [#{res.code} #{res.message}]")
    end

-    report_auth_info(
-      :host   => rhost,
-      :port   => rport,
-      :sname  => (ssl ? "https" : "http"),
-      :user   => datastore['USERNAME'],
-      :pass   => datastore['PASSWORD'],
-      :proof  => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
-      :active => true
-    )
+    report_tomcat_credential

    #
    # EXECUTE
@ -315,4 +299,33 @@ class Metasploit3 < Msf::Exploit::Remote
    }
  end

+  def report_tomcat_credential
+    service_data = {
+        address: ::Rex::Socket.getaddress(datastore['RHOST'],true),
+        port: datastore['RPORT'],
+        service_name: (ssl ? "https" : "http"),
+        protocol: 'tcp',
+        workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+        origin_type: :service,
+        module_fullname: self.fullname,
+        private_type: :password,
+        private_data: datastore['USERNAME'],
+        username: datastore['PASSWORD'].downcase
+    }
+
+    credential_data.merge!(service_data)
+
+    credential_core = create_credential(credential_data)
+
+    login_data = {
+        access_level: 'Admin',
+        core: credential_core,
+        last_attempted_at: DateTime.now,
+        status: Metasploit::Credential::Login::Status::SUCCESSFUL
+    }
+  end
+
 end