dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Switch to match over scan and add troubleshooting steps

This commit is contained in:
Matthew Dunn 2023-02-06 17:40:45 -05:00 committed by Grant Willcox
parent 8cddf56238
commit 90e07ef5ed
No known key found for this signature in database
GPG Key ID: D35E05C0F2B81E83
2 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
documentation/modules/exploit/linux/http/nagios_xi_configwizards_authenticated_rce.md
View File

@ -20,7 +20,8 @@ Note: The module can attempt to complete the configuration steps after NagiosXI
2. To download other vulnerable versions, replace the version number in the URL with the desired version.
2. Configure the NagiosXI installation
1. The OVA has NagiosXI running on startup. Launch the VM and visit the VM's IP in a browser.
2. Configure the `nagiosadmin` user's password and whether you'd like to force HTTPS.
2. Go through defaults on the install. When you get to Admin Account Settings, configure the `nagiosadmin`
user's password and whether you'd like to force HTTPS.
3. Login as the `nagiosadmin` user and accept the license agreement when prompted.
#### Manual Install on Linux
@ -38,9 +39,18 @@ on newer distributions.
3. `./fullinstall`
3. Configure the NagiosXI installation
1. Visit the installed NagiosXI application in a web browser.
2. Configure the `nagiosadmin` user's password and whether you'd like to force HTTPS.
2. Go through defaults on the install. When you get to Admin Account Settings, configure the `nagiosadmin`
user's password and whether you'd like to force HTTPS.
3. Login as the `nagiosadmin` user and accept the license agreement when prompted.
### Troubleshooting Installation
- NagiosXI doesn't show it's ip address
- Login as the `root` user with `nagiosxi` as the password, and run `ip a` to get the IP
- Ensure it's on a network accessible from your attacking machine (e.g. Nat network instead of Bridged)
- NagiosXI fails when attempting to login manually with an "NSP Sorry Dave" message
- The NagiosXI installation is likely out of sync with its date/time.
- Set it manually with `timedatectl set-ntp false` and `timedatectl set-time 2023-02-06 17:34:00` but with the actual time and date
## Verification Steps
- [ ] Start `msfconsole`

4
modules/exploits/linux/http/nagios_xi_configwizards_authenticated_rce.rb
View File

@ -133,9 +133,9 @@ class MetasploitModule < Msf::Exploit::Remote
else
return login_result, 'Failed to extract authentication cookies'
end
nsp = res_array[0].scan(/nsp_str = "([a-z0-9]+)/)
nsp = res_array[0].match(/nsp_str = "([a-z0-9]+)/)
if nsp
@nsp = nsp[0][0]
@nsp = nsp[0]
else
return login_result, 'Failed to extract nsp string'
end