Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add VHOST support to full_uri #11485

Merged
merged 1 commit into from
Feb 26, 2019
Merged

Add VHOST support to full_uri #11485

merged 1 commit into from
Feb 26, 2019

Conversation

wvu
Copy link
Contributor

@wvu wvu commented Feb 25, 2019
edited
Loading 

msf5 exploit(unix/webapp/drupal_drupalgeddon2) > options

Module options (exploit/unix/webapp/drupal_drupalgeddon2):

   Name         Current Setting  Required  Description
   ----         ---------------  --------  -----------
   DUMP_OUTPUT  false            no        Dump payload command output
   PHP_FUNC     passthru         yes       PHP function to execute
   Proxies                       no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS       ::1              yes       The target address range or CIDR identifier
   RPORT        8443             yes       The target port (TCP)
   SSL          true             no        Negotiate SSL/TLS for outgoing connections
   TARGETURI    /drupal          yes       Path to Drupal install
   VHOST        localhost        no        HTTP server virtual host


Exploit target:

   Id  Name
   --  ----
   0   Automatic (PHP In-Memory)


msf5 exploit(unix/webapp/drupal_drupalgeddon2) > pry
[*] Starting Pry shell...
[*] You are in exploit/unix/webapp/drupal_drupalgeddon2

[1] pry(#<Msf::Modules::Exploit__Unix__Webapp__Drupal_drupalgeddon2::MetasploitModule>)> full_uri
=> "https://[::1]:8443/drupal"
[2] pry(#<Msf::Modules::Exploit__Unix__Webapp__Drupal_drupalgeddon2::MetasploitModule>)> full_uri(vhost_uri: true)
=> "https://localhost:8443/drupal"
[3] pry(#<Msf::Modules::Exploit__Unix__Webapp__Drupal_drupalgeddon2::MetasploitModule>)>

For #11481. Cf. #7905 (comment) and #9285.

busterb
busterb approved these changes Feb 26, 2019
View reviewed changes
Copy link
Member

@busterb busterb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, doesn't change any existing users.

@wvu wvu merged commit d55fbdf into rapid7:master Feb 26, 2019
wvu added a commit that referenced this pull request Feb 26, 2019
@wvu
Land #11485, VHOST support for full_uri
d11d391
@wvu wvu mentioned this pull request Feb 26, 2019
Merged
msjenkins-r7 pushed a commit that referenced this pull request Feb 26, 2019
@wvu @msjenkins-r7
Land #11485, VHOST support for full_uri
829e274
@wvu wvu self-assigned this Feb 26, 2019
@wvu
Copy link
Contributor Author

wvu commented Feb 26, 2019

Release Notes

This adds the vhost_uri keyword argument to the full_uri method in the HttpClient library, providing developers with a means to display the VHOST instead of the RHOST in the output returned by full_uri.

@wvu wvu deleted the feature/full_uri branch February 26, 2019 17:49
rotemreiss added a commit to rotemreiss/metasploit-framework that referenced this pull request Feb 26, 2019
@rotemreiss
Remove custom imp. in favor of library change
2c2e1f0 
Remove custom full_uri implementation in favor of a library change in rapid7#11485 which adds vhost support in the full_uri method.
@gdavidson-r7 gdavidson-r7 added the rn-enhancement release notes enhancement label Mar 5, 2019
@t0-n1 t0-n1 mentioned this pull request Mar 9, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@busterb busterb busterb approved these changes

Assignees

@wvu wvu

Labels
easy enhancement library rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@wvu @busterb @gdavidson-r7