Module: Msf::Exploit::Remote::HTTP::XorcomCompletePbx

Defined in:

lib/msf/core/exploit/remote/http/xorcom_complete_pbx.rb

Overview

Shared routines for Xorcom CompletePBX modules

Instance Method Summary

• #completepbx? ⇒ Msf::Exploit::CheckCode

  Probe root page and return appropriate CheckCode.

• #completepbx_login(username, password) ⇒ String

  Authenticate with supplied credentials and return the session cookie.

Instance Method Details

#completepbx? ⇒ Msf::Exploit::CheckCode

Probe root page and return appropriate CheckCode

Returns:

• (Msf::Exploit::CheckCode)

# File 'lib/msf/core/exploit/remote/http/xorcom_complete_pbx.rb', line 13

def completepbx?
  vprint_status('Checking if the target is running CompletePBX...')
  res = send_request_cgi('uri' => normalize_uri(target_uri.path), 'method' => 'GET')
  return Exploit::CheckCode::Unknown('No response from target.') unless res
  return Exploit::CheckCode::Unknown("Unexpected HTTP response code: #{res.code}") unless res.code == 200

  doc = res.get_html_document
  if doc.at('//meta[@name="description"][@content="CompletePBX"]') ||
     doc.at('//meta[@name="application-name"][@content="Ombutel"]')
    vprint_good("Detected CompletePBX on #{peer}")
    return Exploit::CheckCode::Appears
  end

  Exploit::CheckCode::Safe('Target does not appear to be running CompletePBX.')
end

#completepbx_login(username, password) ⇒ String

Authenticate with supplied credentials and return the session cookie.

Parameters:

• username (String) —

  CompletePBX username

• password (String) —

  CompletePBX password

Returns:

• (String) —

  the "sid=..." cookie value

Raises:

• (Msf::Exploit::Failure) —

  on authentication failure

# File 'lib/msf/core/exploit/remote/http/xorcom_complete_pbx.rb', line 36

def completepbx_login(username, password)
  vprint_status("Attempting authentication with username: #{username}")

  res = send_request_cgi(
    'uri' => normalize_uri(target_uri.path, 'login'),
    'method' => 'POST',
    'ctype' => 'application/x-www-form-urlencoded',
    'vars_post' => { 'userid' => username, 'userpass' => password }
  )
  unless res&.code == 200
    vprint_error('Authentication failed')
    fail_with(Msf::Module::Failure::NoAccess, 'Authentication failed')
  end

  sid = res.get_cookies.scan(/sid=[a-f0-9]+/).first
  fail_with(Msf::Module::Failure::NoAccess, 'No session ID received') unless sid

  vprint_good("Authentication successful! Session ID: #{sid}")
  sid
end