Module: Msf::Exploit::Remote::HTTP::Gitea::Base

Included in:
Msf::Exploit::Remote::HTTP::Gitea
Defined in:
lib/msf/core/exploit/remote/http/gitea/base.rb

Instance Method Summary collapse

Instance Method Details

#get_gitea_versionString?

Checks if the site is online and running gitea

Returns:

  • (String, nil)

    if the site is online and running gitea, nil or raise UnknownError, VersionError and ::Rex exceptions otherwise



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# File 'lib/msf/core/exploit/remote/http/gitea/base.rb', line 8

def get_gitea_version
  unless datastore['GITEACHECK']
    vprint_status 'Skipping Gitea check...'
    return true
  end

  gitea_detect_regexes = [
    /i_like_gitea=\w+/,
  ]

  res = send_request_cgi({
    'method' => 'GET',
    'uri' => normalize_uri(target_uri.path)
  })

  raise Msf::Exploit::Remote::HTTP::Gitea::Error::UnknownError.new('Check TARGETURI - Unexpected HTTP response code') if res&.code != 200

  if gitea_detect_regexes.none? { |r| res.get_cookies =~ r }
    raise Msf::Exploit::Remote::HTTP::Gitea::Error::UnknownError.new('No web server or gitea instance found')
  end

  version = gitea_version(res)
  raise Msf::Exploit::Remote::HTTP::Gitea::Error::VersionError.new unless version
  version

rescue ::Rex::ConnectionError, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
  raise Msf::Exploit::Remote::HTTP::Gitea::Error::UnknownError.new('Could not connect to the web service')
end