Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/scanner/http/backup_file.rb
19715 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Auxiliary
7
include Msf::Exploit::Remote::HttpClient
8
include Msf::Auxiliary::WmapScanFile
9
include Msf::Auxiliary::Scanner
10
include Msf::Auxiliary::Report
11
12
def initialize(info = {})
13
super(
14
update_info(
15
info,
16
'Name' => 'HTTP Backup File Scanner',
17
'Description' => %q{
18
This module identifies the existence of possible copies
19
of a specific file in a given path.
20
},
21
'Author' => [ 'et [at] cyberspace.org' ],
22
'License' => BSD_LICENSE,
23
'Notes' => {
24
'Reliability' => UNKNOWN_RELIABILITY,
25
'Stability' => UNKNOWN_STABILITY,
26
'SideEffects' => UNKNOWN_SIDE_EFFECTS
27
}
28
)
29
)
30
31
register_options(
32
[
33
OptString.new('PATH', [ true, "The path/file to identify backups", '/index.asp'])
34
]
35
)
36
end
37
38
def run_host(ip)
39
bakextensions = [
40
'.backup',
41
'.bak',
42
'.copy',
43
'.copia',
44
'.old',
45
'.orig',
46
'.temp',
47
'.txt',
48
'~'
49
]
50
51
bakextensions.each do |ext|
52
file = normalize_uri(datastore['PATH']) + ext
53
check_for_file(file, ip)
54
end
55
if datastore['PATH'] =~ %r#(.*)(/.+$)#
56
file = $1 + $2.sub('/', '/.') + '.swp'
57
check_for_file(file, ip)
58
end
59
end
60
61
def check_for_file(file, ip)
62
begin
63
res = send_request_cgi({
64
'uri' => file,
65
'method' => 'GET',
66
'ctype' => 'text/plain'
67
}, 20)
68
69
if (res and res.code >= 200 and res.code < 300)
70
print_good("Found #{wmap_base_url}#{file}")
71
72
report_web_vuln(
73
:host => ip,
74
:port => rport,
75
:vhost => vhost,
76
:ssl => ssl,
77
:path => file,
78
:method => 'GET',
79
:pname => "",
80
:proof => "Res code: #{res.code.to_s}",
81
:risk => 0,
82
:confidence => 100,
83
:category => 'file',
84
:description => 'Backup file found.',
85
:name => 'backup file'
86
)
87
88
else
89
vprint_status("NOT Found #{wmap_base_url}#{file}")
90
# To be removed or just displayed with verbose debugging.
91
end
92
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
93
rescue ::Timeout::Error, ::Errno::EPIPE
94
end
95
end
96
end
97
98