New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create nuuo_nvrmini_upgrade_rce.rb #11071

Closed
wants to merge 5 commits into
base: master
from

Conversation

Projects
None yet
2 participants
@berkdsnr

berkdsnr commented Dec 6, 2018

Tell us what this change does. If you're fixing a bug, please mention
the github issue number.

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • use exploit/windows/smb/ms08_067_netapi
  • ...
  • Verify the thing does what it should
  • Verify the thing does not do what it should not
  • Document the thing and how it works (Example)

@bcoles bcoles referenced this pull request Dec 6, 2018

Closed

nuuo_nvrmini_upgrade_rce #11069

0 of 6 tasks complete
@bcoles

Please fix syntax errors:

     SyntaxError:
       /home/travis/build/rapid7/metasploit-framework/modules/exploits/linux/http/nuuo_nvrmini_upgrade_rce.rb:85: syntax error, unexpected end-of-input, expecting keyword_end

@bcoles bcoles added the needs-docs label Dec 6, 2018

@berkdsnr

This comment has been minimized.

berkdsnr commented Dec 6, 2018

I've edited all the code. can you review it again?

@bcoles bcoles added the module label Dec 6, 2018

@bcoles

This comment has been minimized.

Contributor

bcoles commented Dec 6, 2018

Please resolve msftidy issues:

$ ./.git/hooks/post-merge
[*] Running msftidy.rb in ./.git/hooks/post-merge mode
--- Checking new and changed module syntax with tools/dev/msftidy.rb ---
modules/exploits/linux/http/nuuo_nvrmini_upgrade_rce.rb:20 - [WARNING] Spaces at EOL
modules/exploits/linux/http/nuuo_nvrmini_upgrade_rce.rb:21 - [WARNING] Spaces at EOL

@bcoles bcoles dismissed their stale review Dec 6, 2018

resolved

@berkdsnr

This comment has been minimized.

berkdsnr commented Dec 6, 2018

I've tried you hard sorry bro :( can you review it again?

berkdsnr added some commits Dec 6, 2018

'uploaddir' => "';echo '#{Rex::Text.rand_text_alphanumeric(10..15)}';'"
}
})
if res.code == 200 and res.body =~ /upload_tmp_dir/

This comment has been minimized.

@bcoles

bcoles Dec 6, 2018

Contributor

Check whether the request was successful first:

unless res
  vprint_error 'Connection failed'
  return CheckCode::Unknown
end

This comment has been minimized.

@berkdsnr

berkdsnr Dec 6, 2018

#bottom row

unless res
fail_with(Failure::Unknown, 'Failed to execute the command.')
end

{
'DisableNops' => true
},
'Platform' => %w{ unix win },

This comment has been minimized.

@bcoles

bcoles Dec 6, 2018

Contributor

unix win ? What about Linux linux ?

The module is in the modules/exploits/linux/http/ directory.

If Windows is also supported, move the module here:

modules/exploits/multi/http/nuuo_nvrmini_upgrade_rce.rb

This comment has been minimized.

@berkdsnr

berkdsnr Dec 6, 2018

okay ı updating

uri = normalize_uri(target_uri.path.to_s, "upgrade_handle.php")
res = send_request_cgi({
'method' => 'GET',
'uri' => uri,

This comment has been minimized.

@bcoles

bcoles Dec 6, 2018

Contributor

Indentation is messed up. Align the Hash rockets.

This comment has been minimized.

@berkdsnr

@berkdsnr berkdsnr closed this Dec 6, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment