Add ':' for split of PATH in backup_file.rb #19130
Conversation
| @@ -23,7 +23,7 @@ def initialize(info = {}) | |||
|
|
|||
| register_options( | |||
| [ | |||
| OptString.new('PATH', [ true, "The path/file to identify backups", '/index.asp']) | |||
| OptString.new('PATH', [ true, "The path/file to identify backups, use ':' as a delimiter for multi-path/file input", '/index.asp']) | |||
There was a problem hiding this comment.
I don't have the full context on this module; Does this module need to work with full paths for windows envs? If so I don't think this will work for this scenario: C:\\inetpub\\wwwroot\\foo.asp
Potentially PATH is just a misnomer though, and this is really FILE_LIST or something
There was a problem hiding this comment.
The module does HTTP requests to a server trying to find 'backup' files (by adding an extension of .backup for example)
I do not believe : is a valid HTTP (URI part)
There was a problem hiding this comment.
Ah; gotcha. I believe the normal pattern is to take such wordlists from a file
So this would become OptPath and it would point towards a default wordlist that ships with metasploit, but the user can override it to point to their own wordlist
Like this - I'd probably use this pattern for the file reading:
Another example, but the file reading implementation isn't as good as the above:
There was a problem hiding this comment.
I see
We can migrate to the one TARGET_URIS_FILE as it more suitable - though none of those paths are relevant for backup files..
For best outcome we should use dirb (a tool used to bruteforce files and directories) common.txt file:
https://salsa.debian.org/pkg-security-team/dirb/-/blob/debian/master/wordlists/common.txt
At the moment
backup_file.rbsupport single path lookup, by adding the ability to use:delimiter you can now use the module with multiple paths at one 'run'Step to recreate (the web server target I use, returns 200 OK on everything):