Module: Msf::Exploit::Remote::Nuuo
- Defined in:
- lib/msf/core/exploit/remote/nuuo.rb
Instance Attribute Summary collapse
-
#client ⇒ Object
Returns the value of attribute client.
-
#server_version ⇒ Object
Returns the value of attribute server_version.
-
#user_session ⇒ Object
Returns the value of attribute user_session.
Instance Method Summary collapse
- #connect(global = true) ⇒ Object
- #generate_req(opts = {}) ⇒ Object
-
#initialize(info = {}) ⇒ Object
Creates an instance of an Nuuo exploit module.
- #ncs_login ⇒ Object
- #ncs_send_request(opts = {}, req = nil, temp: true) ⇒ Object
- #ncs_version_bruteforce ⇒ Object
Instance Attribute Details
#client ⇒ Object
Returns the value of attribute client.
150 151 152 |
# File 'lib/msf/core/exploit/remote/nuuo.rb', line 150 def client @client end |
#server_version ⇒ Object
Returns the value of attribute server_version.
151 152 153 |
# File 'lib/msf/core/exploit/remote/nuuo.rb', line 151 def server_version @server_version end |
#user_session ⇒ Object
Returns the value of attribute user_session.
152 153 154 |
# File 'lib/msf/core/exploit/remote/nuuo.rb', line 152 def user_session @user_session end |
Instance Method Details
#connect(global = true) ⇒ Object
39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
# File 'lib/msf/core/exploit/remote/nuuo.rb', line 39 def connect(global=true) c = Rex::Proto::Nuuo::Client.new({ host: datastore['RHOST'], username: datastore['NCSUSER'], password: datastore['NCSPASS'], user_session: datastore['NCSSESSION'], context: { 'Msf' => framework, 'MsfExploit' => self } }) client.close if self.client && global self.client = c if global c end |
#generate_req(opts = {}) ⇒ Object
54 55 56 57 58 59 60 61 62 63 64 |
# File 'lib/msf/core/exploit/remote/nuuo.rb', line 54 def generate_req(opts={}) case opts['method'] when 'PING' then client.request_ping(opts) when 'SENDLICFILE' then client.request_sendlicfile(opts) when 'GETCONFIG' then client.request_getconfig(opts) when 'COMMITCONFIG' then client.request_commitconfig(opts) when 'USERLOGIN' then client.request_userlogin(opts) when 'GETOPENALARM' then client.request_getopenalarm(opts) else nil end end |
#initialize(info = {}) ⇒ Object
Creates an instance of an Nuuo exploit module.
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
# File 'lib/msf/core/exploit/remote/nuuo.rb', line 14 def initialize(info = {}) super(update_info(info, 'Author' => [ 'Pedro Ribeiro <pedrib@gmail.com>' ], )) ( [ Opt::RHOST, Opt::RPORT(5180), OptString.new('NCSSESSION', [false, 'Session number of logged in user']), OptString.new('NCSUSER', [false, 'NUUO Central Management System username', 'admin']), OptString.new('NCSPASS', [false, 'Password for NCSUSER',]) ], Msf::Exploit::Remote::Nuuo) ( [ OptString.new('NCSVERSION', [false, 'Version header used during login']), OptBool.new('NCSBRUTEAPI', [false, 'Bruteforce Version header used during login', false]), OptBool.new('NCSTRACE', [false, 'Show NCS requests and responses', false]) ], Msf::Exploit::Remote::Nuuo) end |
#ncs_login ⇒ Object
99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 |
# File 'lib/msf/core/exploit/remote/nuuo.rb', line 99 def ncs_login unless datastore['NCSVERSION'] || server_version if datastore['NCSBRUTEAPI'] vprint_status('Bruteforcing Version string') self.server_version = ncs_version_bruteforce else print_error('Set NCSBRUTEAPI to bruteforce the Version string or NCSVERSION to set a version string') return nil end end self.server_version ||= datastore['NCSVERSION'] unless server_version print_error('Failed to determine server version') return nil end res = ncs_send_request({ 'method' => 'USERLOGIN', 'server_version' => server_version }, temp: false) if res.headers['User-Session-No'] self.user_session = res.headers['User-Session-No'] end res end |
#ncs_send_request(opts = {}, req = nil, temp: true) ⇒ Object
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
# File 'lib/msf/core/exploit/remote/nuuo.rb', line 66 def ncs_send_request(opts={}, req=nil, temp: true) req = generate_req(opts) unless req return nil unless req if datastore['NCSTRACE'] print_status("Request:\r\n#{req.to_s}") end begin conn = temp ? client.connect(temp: temp) : nil res = client.send_recv(req, conn) if conn && temp conn.shutdown conn.close end if datastore['NCSTRACE'] && res print_status("Response:\r\n#{res.to_s}") end res rescue ::Errno::EPIPE, ::Timeout::Error => e print_line(e.) if datastore['NCSTRACE'] nil rescue Rex::ConnectionError => e vprint_error(e.to_s) nil rescue ::Exception => e print_line(e.) if datastore['NCSTRACE'] raise e end end |
#ncs_version_bruteforce ⇒ Object
128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 |
# File 'lib/msf/core/exploit/remote/nuuo.rb', line 128 def ncs_version_bruteforce res = '' Rex::Proto::Nuuo::Constants::VERSIONS.shuffle.each do |version| begin res = ncs_send_request({ 'method' => 'USERLOGIN', 'server_version' => version }) rescue print_error('Request failed') end client.close if res && res.headers['User-Session-No'] vprint_good("Valid version detected: #{version}") return version end end return nil end |