CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/lib/msf/core/exploit/cacti.rb
Views: 1904
# -*- coding: binary -*-1###2#3# This mixin provides helper methods for Cacti4#5###67module Msf8module Exploit::Cacti910include Msf::Exploit::Remote::HttpClient1112class CactiError < StandardError; end13class CactiNotFoundError < CactiError; end14class CactiVersionNotFoundError < CactiError; end15class CactiNoAccessError < CactiError; end16class CactiCsrfNotFoundError < CactiError; end17class CactiLoginError < CactiError; end1819# Extract the version number from an HTML response20#21# @param html [Nokogiri::HTML::Document] The HTML response22# @return [String] The version number23# @raise [CactiNotFoundError] If the web server is not running Cacti24# @raise [CactiVersionNotFoundError] If the version string was not found25def parse_version(html)26# This will return an empty string if there is no match27version_str = html.xpath('//div[@class="versionInfo"]').text28unless version_str.include?('The Cacti Group')29raise CactiNotFoundError, 'The web server is not running Cacti'30end31unless version_str.match(/Version (?<version>\d{1,2}[.]\d{1,2}[.]\d{1,2})/)32raise CactiVersionNotFoundError, 'Could not detect the version'33end3435Regexp.last_match[:version]36end3738# Extract the CSRF token from an HTML response39#40# @param html [Nokogiri::HTML::Document] The HTML response to parse41# @return [String] The CSRF token42def parse_csrf_token(html)43html.xpath('//form/input[@name="__csrf_magic"]/@value').text44end4546# Get the CSRF token by querying the `index.php` web page and extracting it47# from the response.48#49# @return [String] The CSRF token50# @raise [CactiNoAccessError] If the server is unreachable51# @raise [CactiCsrfNotFoundError] If it was not possible to get the CSRF token52def get_csrf_token53res = send_request_cgi(54'uri' => normalize_uri(target_uri.path, 'index.php'),55'method' => 'GET',56'keep_cookies' => true57)58raise CactiNoAccessError, 'Could not access `index.php` - no response' if res.nil?5960html = res.get_html_document61csrf_token = parse_csrf_token(html)62raise CactiCsrfNotFoundError, 'Unable to get the CSRF token' if csrf_token.empty?6364csrf_token65end6667# Log in to Cacti. It will take care of grabbing the CSRF token if not provided.68#69# @param username [String] The username70# @param password [String] The password71# @raise [CactiNoAccessError] If the server is unreachable72# @raise [CactiCsrfNotFoundError] If the CSRF token was not provided and it was not possible to retrieve it73# @raise [CactiLoginError] If the login failed74def do_login(username, password, csrf_token: nil)75if csrf_token.blank?76print_status('Getting the CSRF token to login')77begin78csrf_token = get_csrf_token79rescue CactiError => e80raise CactiLoginError, "Unable to login: #{e.class} - #{e}"81end8283vprint_good("CSRF token: #{csrf_token}")84end8586print_status("Attempting login with user `#{username}` and password `#{password}`")87res = send_request_cgi(88'uri' => normalize_uri(target_uri.path, 'index.php'),89'method' => 'POST',90'keep_cookies' => true,91'vars_post' => {92'__csrf_magic' => csrf_token,93'action' => 'login',94'login_username' => username,95'login_password' => password96}97)98raise CactiNoAccessError, 'Could not login - no response' if res.nil?99raise CactiLoginError, "Login failure - unexpected HTTP response code: #{res.code}" unless res.code == 302100101print_good('Logged in')102103nil104end105106end107end108109110