Some variables don't need to be in a double-quote.
This commit is contained in:
parent
acac3fa38d
commit
7c77fe20cc
|
@ -106,7 +106,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
print_good("File(s) found:")
|
||||
|
||||
@files_found.each do |f|
|
||||
print_good("#{f}")
|
||||
print_good(f)
|
||||
end
|
||||
else
|
||||
print_good("No File(s) found")
|
||||
|
|
|
@ -102,7 +102,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
print_good("File(s) found:")
|
||||
|
||||
@files_found.each do |f|
|
||||
print_good("#{f}")
|
||||
print_good(f)
|
||||
end
|
||||
else
|
||||
print_good("No File(s) found")
|
||||
|
|
|
@ -639,7 +639,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
accts = {}
|
||||
returnedstring.each do |record|
|
||||
user,pass = record.split(",")
|
||||
accts["#{pass.chomp}"] = "#{user}"
|
||||
accts["#{pass.chomp}"] = user
|
||||
end
|
||||
::File.open(ordfltpss, "rb").each_line do |l|
|
||||
accrcrd = l.split(",")
|
||||
|
|
|
@ -55,7 +55,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
begin
|
||||
connect
|
||||
rescue => e
|
||||
print_error("#{e}")
|
||||
print_error(e.to_s)
|
||||
disconnect
|
||||
return
|
||||
end
|
||||
|
|
|
@ -55,11 +55,11 @@ class Metasploit3 < Msf::Auxiliary
|
|||
connect
|
||||
end
|
||||
@connected=true
|
||||
sock.put("#{data}")
|
||||
sock.put(data)
|
||||
@result=sock.get_once
|
||||
@codresult=@result[0..2]
|
||||
rescue ::Exception => e
|
||||
print_error("Error #{e}")
|
||||
print_error(e.to_s)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -65,7 +65,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
if (ip or rhost) and rport
|
||||
[(ip || rhost),rport].map {|x| x.to_s}.join(":") << " "
|
||||
elsif (ip or rhost)
|
||||
"#{rhost}"
|
||||
rhost
|
||||
else
|
||||
""
|
||||
end
|
||||
|
|
|
@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
begin
|
||||
res = send_request_raw({
|
||||
'method' => 'GET',
|
||||
'uri' => "#{uri}",
|
||||
'uri' => uri,
|
||||
}, 25)
|
||||
|
||||
if (res and res.code == 200)
|
||||
|
|
|
@ -77,7 +77,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:port => rport,
|
||||
:vhost => vhost,
|
||||
:ssl => ssl,
|
||||
:path => "#{file}",
|
||||
:path => file,
|
||||
:method => 'GET',
|
||||
:pname => "",
|
||||
:proof => "Res code: #{res.code.to_s}",
|
||||
|
|
|
@ -236,9 +236,9 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:port => rport,
|
||||
:vhost => vhost,
|
||||
:ssl => ssl,
|
||||
:path => "#{datastore['PATH']}",
|
||||
:path => datastore['PATH'],
|
||||
:method => http_method,
|
||||
:pname => "#{key}",
|
||||
:pname => key,
|
||||
:proof => "blind sql inj.",
|
||||
:risk => 2,
|
||||
:confidence => 50,
|
||||
|
@ -327,9 +327,9 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:port => rport,
|
||||
:vhost => vhost,
|
||||
:ssl => ssl,
|
||||
:path => "#{datastore['PATH']}",
|
||||
:path => datastore['PATH'],
|
||||
:method => http_method,
|
||||
:pname => "#{key}",
|
||||
:pname => key,
|
||||
:proof => "blind sql inj.",
|
||||
:risk => 2,
|
||||
:confidence => 50,
|
||||
|
|
|
@ -256,8 +256,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:ssl => ssl,
|
||||
:path => datastore['PATH'],
|
||||
:method => datastore['METHOD'],
|
||||
:pname => "#{key}",
|
||||
:proof => "#{istr}",
|
||||
:pname => key,
|
||||
:proof => istr,
|
||||
:risk => 2,
|
||||
:confidence => 50,
|
||||
:category => 'SQL injection',
|
||||
|
|
|
@ -64,7 +64,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
# Sheck for alternates header
|
||||
if(res.code == 406)
|
||||
print_status("#{ip}")
|
||||
print_status(ip.to_s)
|
||||
end
|
||||
|
||||
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
||||
|
|
|
@ -99,7 +99,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:port => rport,
|
||||
:vhost => vhost,
|
||||
:ssl => ssl,
|
||||
:path => "#{testf}",
|
||||
:path => testf,
|
||||
:method => 'GET',
|
||||
:pname => "",
|
||||
:proof => "Res code: #{res.code.to_s}",
|
||||
|
|
|
@ -166,7 +166,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:port => rport,
|
||||
:vhost => vhost,
|
||||
:ssl => ssl,
|
||||
:path => "#{tpath}",
|
||||
:path => tpath,
|
||||
:method => 'GET',
|
||||
:pname => "",
|
||||
:proof => "Res code: #{res.code.to_s}",
|
||||
|
|
|
@ -82,7 +82,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:proto => 'tcp',
|
||||
:sname => (ssl ? 'https' : 'http'),
|
||||
:type => 'ROBOTS_TXT',
|
||||
:data => "#{u}",
|
||||
:data => u,
|
||||
:update => :unique_data
|
||||
)
|
||||
end
|
||||
|
|
|
@ -74,10 +74,10 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:port => rport,
|
||||
:vhost => vhost,
|
||||
:ssl => ssl,
|
||||
:path => "#{tpath}",
|
||||
:path => tpath,
|
||||
:method => 'GET',
|
||||
:pname => "",
|
||||
:proof => "#{u}",
|
||||
:proof => u,
|
||||
:risk => 0,
|
||||
:confidence => 100,
|
||||
:category => 'scraper',
|
||||
|
|
|
@ -129,7 +129,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:port => rport,
|
||||
:vhost => vhost,
|
||||
:ssl => ssl,
|
||||
:path => "#{turl}",
|
||||
:path => turl,
|
||||
:method => 'GET',
|
||||
:pname => "",
|
||||
:proof => "Res code: #{res.code.to_s}",
|
||||
|
@ -176,7 +176,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:sname => (ssl ? 'https' : 'http'),
|
||||
:port => rport,
|
||||
:type => 'USERNAME',
|
||||
:data => "#{slastauthor}",
|
||||
:data => slastauthor,
|
||||
:update => :unique_data
|
||||
)
|
||||
|
||||
|
@ -190,7 +190,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:sname => (ssl ? 'https' : 'http'),
|
||||
:port => rport,
|
||||
:type => 'DIRECTORY',
|
||||
:data => "#{sname}",
|
||||
:data => sname,
|
||||
:update => :unique_data
|
||||
)
|
||||
end
|
||||
|
@ -202,7 +202,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:sname => (ssl ? 'https' : 'http'),
|
||||
:port => rport,
|
||||
:type => 'FILE',
|
||||
:data => "#{sname}",
|
||||
:data => sname,
|
||||
:update => :unique_data
|
||||
)
|
||||
|
||||
|
@ -221,7 +221,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
if srcres and srcres.body.length > 0
|
||||
if datastore['SHOW_SOURCE']
|
||||
print_status("#{srcres.body}")
|
||||
print_status(srcres.body)
|
||||
end
|
||||
|
||||
report_note(
|
||||
|
|
|
@ -128,7 +128,7 @@ require 'cgi'
|
|||
:sname => (ssl ? 'https' : 'http'),
|
||||
:port => rport,
|
||||
:type => 'VHOST',
|
||||
:data => "#{thost}",
|
||||
:data => thost,
|
||||
:update => :unique_data
|
||||
)
|
||||
|
||||
|
|
|
@ -68,7 +68,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:sname => (ssl ? 'https' : 'http'),
|
||||
:port => rport,
|
||||
:type => 'INTERNAL_IP',
|
||||
:data => "#{addr}"
|
||||
:data => addr
|
||||
)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -67,7 +67,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:sname => (ssl ? 'https' : 'http'),
|
||||
:port => rport,
|
||||
:type => 'WEBDAV_FILE_DIRECTORY',
|
||||
:data => "#{u}"
|
||||
:data => u
|
||||
)
|
||||
|
||||
end
|
||||
|
|
|
@ -51,7 +51,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:port => datastore['RPORT'],
|
||||
:proto => 'tcp',
|
||||
:type => 'oracle_sid',
|
||||
:data => "#{sid}",
|
||||
:data => sid,
|
||||
:update => :unique_data
|
||||
)
|
||||
print_status("Discovered SID: '#{sid}' for host #{ip}")
|
||||
|
|
|
@ -72,7 +72,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:port => datastore['RPORT'],
|
||||
:proto => 'tcp',
|
||||
:type => 'oracle_sid',
|
||||
:data => "#{sid}",
|
||||
:data => sid,
|
||||
:update => :unique_data
|
||||
)
|
||||
print_status("Discovered SID: '#{sid}' for host #{ip}:#{datastore['RPORT']} with #{datastore['DBUSER']} / #{datastore['DBPASS']}")
|
||||
|
|
|
@ -93,7 +93,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:proto => 'tcp',
|
||||
:port => datastore['RPORT'],
|
||||
:type => 'SERVICE_NAME',
|
||||
:data => "#{sid}",
|
||||
:data => sid,
|
||||
:update => :unique_data
|
||||
)
|
||||
print_good("Discovered SID: '#{sid[0]}' for host #{ip}:#{datastore['RPORT']} with #{datastore['DBUSER']} / #{datastore['DBPASS']}")
|
||||
|
@ -224,7 +224,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:port => datastore['RPORT'],
|
||||
:sname => 'xdb',
|
||||
:type => 'oracle_sid',
|
||||
:data => "#{sid}",
|
||||
:data => sid,
|
||||
:update => :unique_data
|
||||
)
|
||||
else
|
||||
|
|
|
@ -78,10 +78,10 @@ class Metasploit3 < Msf::Auxiliary
|
|||
select(nil,nil,nil,0.4)
|
||||
end
|
||||
@connected=true
|
||||
sock.put("#{data}")
|
||||
sock.put(data)
|
||||
@result=sock.get_once
|
||||
rescue ::Exception => err
|
||||
print_error("Error: #{err}")
|
||||
print_error("Error: #{err.to_s}")
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -166,58 +166,58 @@ class Metasploit4 < Msf::Auxiliary
|
|||
end
|
||||
if sapsystem
|
||||
print_good("#{rhost}:#{rport} [SAP] SAP System Number: #{sapsystem}")
|
||||
report_note(:host => "#{rhost}",
|
||||
report_note(:host => rhost,
|
||||
:proto => 'tcp',
|
||||
:port => "#{rport}",
|
||||
:port => rport,
|
||||
:type => 'sap.sapsystem',
|
||||
:data => {:proto => "soap", :sapsystem => sapsystem})
|
||||
end
|
||||
if sapsystemname
|
||||
print_good("#{rhost}:#{rport} [SAP] SAP System Name: #{sapsystemname}")
|
||||
report_note(:host => "#{rhost}",
|
||||
report_note(:host => rhost,
|
||||
:proto => 'tcp',
|
||||
:port => "#{rport}",
|
||||
:port => rport,
|
||||
:type => 'sap.systemname',
|
||||
:data => {:proto => "soap", :sapsystemname => sapsystemname})
|
||||
end
|
||||
if saplocalhost
|
||||
print_good("#{rhost}:#{rport} [SAP] SAP Localhost: #{saplocalhost}")
|
||||
report_note(:host => "#{rhost}",
|
||||
report_note(:host => rhost,
|
||||
:proto => 'tcp',
|
||||
:port => "#{rport}",
|
||||
:port => rport,
|
||||
:type => 'sap.localhost',
|
||||
:data => {:proto => "soap", :saplocalhost => saplocalhost})
|
||||
end
|
||||
if instancename
|
||||
print_good("#{rhost}:#{rport} [SAP] Instance Name: #{instancename}")
|
||||
report_note(:host => "#{rhost}",
|
||||
report_note(:host => rhost,
|
||||
:proto => 'tcp',
|
||||
:port => "#{rport}",
|
||||
:port => rport,
|
||||
:type => 'sap.instancename',
|
||||
:data => {:proto => "soap", :instancename => instancename})
|
||||
end
|
||||
if icmurl
|
||||
print_good("#{rhost}:#{rport} [SAP] ICM URL: #{icmurl}")
|
||||
report_note(:host => "#{rhost}",
|
||||
report_note(:host => rhost,
|
||||
:proto => 'tcp',
|
||||
:port => "#{rport}",
|
||||
:port => rport,
|
||||
:type => 'sap.icm.url',
|
||||
:data => {:proto => "soap", :icmurl => icmurl})
|
||||
end
|
||||
if igsurl
|
||||
print_good("#{rhost}:#{rport} [SAP] IGS URL: #{igsurl}")
|
||||
report_note(:host => "#{rhost}",
|
||||
report_note(:host => rhost,
|
||||
:proto => 'tcp',
|
||||
:port => "#{rport}",
|
||||
:port => rport,
|
||||
:type => 'sap.igs.url',
|
||||
:data => {:proto => "soap", :igsurl => igsurl})
|
||||
end
|
||||
if dbstring
|
||||
dbstring = CGI.unescapeHTML(dbstring)
|
||||
print_good("#{rhost}:#{rport} [SAP] ABAP DATABASE: #{dbstring}")
|
||||
report_note(:host => "#{rhost}",
|
||||
report_note(:host => rhost,
|
||||
:proto => 'tcp',
|
||||
:port => "#{rport}",
|
||||
:port => rport,
|
||||
:type => 'sap.dbstring',
|
||||
:data => {:proto => "soap", :dbstring => dbstring},
|
||||
:update => :unique_data )
|
||||
|
@ -225,9 +225,9 @@ class Metasploit4 < Msf::Auxiliary
|
|||
if j2eedbstring
|
||||
j2eedbstring = CGI.unescapeHTML(j2eedbstring)
|
||||
print_good("#{rhost}:#{rport} [SAP] J2EE DATABASE: #{j2eedbstring}")
|
||||
report_note(:host => "#{rhost}",
|
||||
report_note(:host => rhost,
|
||||
:proto => 'tcp',
|
||||
:port => "#{rport}",
|
||||
:port => rport,
|
||||
:type => 'sap.j2eedbstring',
|
||||
:data => {:proto => "soap", :j2eedbstring => j2eedbstring},
|
||||
:update => :unique_data )
|
||||
|
@ -238,9 +238,9 @@ class Metasploit4 < Msf::Auxiliary
|
|||
protectedweb_arr.each do | pweb |
|
||||
print_status("#{pweb}")
|
||||
end
|
||||
report_note(:host => "#{rhost}",
|
||||
report_note(:host => rhost,
|
||||
:proto => 'tcp',
|
||||
:port => "#{rport}",
|
||||
:port => rport,
|
||||
:type => 'sap.protected.web.methods',
|
||||
:data => {:proto => "soap", :protectedweb => protectedweb},
|
||||
:update => :unique_data )
|
||||
|
@ -252,9 +252,9 @@ class Metasploit4 < Msf::Auxiliary
|
|||
# Only print webmethods not found in protectedweb_arr
|
||||
print_status("#{webm}") if not protectedweb_arr.include?(webm)
|
||||
end
|
||||
report_note(:host => "#{rhost}",
|
||||
report_note(:host => rhost,
|
||||
:proto => 'tcp',
|
||||
:port => "#{rport}",
|
||||
:port => rport,
|
||||
:type => 'sap.web.methods',
|
||||
:data => {:proto => "soap", :webmethods => webmethods},
|
||||
:update => :unique_data )
|
||||
|
|
|
@ -101,11 +101,11 @@ class Metasploit4 < Msf::Auxiliary
|
|||
if res.code == 200
|
||||
body = res.body
|
||||
if body.match(/<VersionInfo>([^<]+)<\/VersionInfo>/)
|
||||
version = "#{$1}"
|
||||
version = $1
|
||||
success = true
|
||||
end
|
||||
if body.match(/[\\\/]sap[\\\/](\w{3})/i)
|
||||
sapsid = "#{$1}"
|
||||
sapsid = $1
|
||||
success = true
|
||||
else
|
||||
sapsid = "Unknown"
|
||||
|
@ -113,7 +113,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
elsif res.code == 500
|
||||
case res.body
|
||||
when /<faultstring>(.*)<\/faultstring>/i
|
||||
faultcode = "#{$1}"
|
||||
faultcode = $1
|
||||
fault = true
|
||||
end
|
||||
end
|
||||
|
@ -129,17 +129,17 @@ class Metasploit4 < Msf::Auxiliary
|
|||
print_good("[SAP] SID: #{sapsid.upcase}")
|
||||
|
||||
report_note(
|
||||
:host => "#{rhost}",
|
||||
:host => rhost,
|
||||
:proto => 'SOAP',
|
||||
:port => "#{rport}",
|
||||
:port => rport,
|
||||
:type => 'SAP Version',
|
||||
:data => "SAP Version: #{version}"
|
||||
)
|
||||
|
||||
report_note(
|
||||
:host => "#{rhost}",
|
||||
:host => rhost,
|
||||
:proto => 'SOAP',
|
||||
:port => "#{rport}",
|
||||
:port => rport,
|
||||
:type => 'SAP SID',
|
||||
:data => "SAP SID: #{sapsid.upcase}"
|
||||
)
|
||||
|
|
|
@ -134,7 +134,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
rescue EOFError
|
||||
rescue => e
|
||||
print_error("#{e}")
|
||||
print_error(e.to_s)
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -63,7 +63,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
response = send_request_cgi({
|
||||
'method' => "POST",
|
||||
'uri' => uri,
|
||||
'data' => "#{data}"
|
||||
'data' => data
|
||||
})
|
||||
|
||||
if response.code == 200 and response.body =~ /#{flag}/
|
||||
|
|
|
@ -88,7 +88,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
sock.put(buf)
|
||||
res = sock.get(-1,3)
|
||||
|
||||
print_status("#{res}")
|
||||
print_status(res.to_s)
|
||||
|
||||
handler
|
||||
disconnect
|
||||
|
|
|
@ -107,7 +107,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
rescue EOFError
|
||||
rescue => e
|
||||
print_error("#{e}")
|
||||
print_error(e.to_s)
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue