原谅我,Ruby 新手,其实这是我第一次接触 lang,所以对我温柔点好吗?
为 Metasploit 编写一个 mod,它将扫描系统或网络以查找文件 ScriptResource.axd 上的 302/500 错误,可用于进一步的攻击。
它启动,运行,然后崩溃并出现错误:
msf auxiliary(Scriptresource) > exploit
[*] hxxp://192.168.0.18:80 hxxp://192.168.0.18:80/scriptresource.axd?d=AAAAAAAAAAAAAAAAAAAAAA1 302
[*] hxxp://192.168.0.5:80 hxxp://192.168.0.5:80/scriptresource.axd?d=AAAAAAAAAAAAAAAAAAAAAA1 302
[*] hxxp://192.168.0.106:80 hxxp://192.168.0.106:80/scriptresource.axd?d=AAAAAAAAAAAAAAAAAAAAAA1 302
[*] hxxp://192.168.0.4:80 hxxp://192.168.0.4:80/scriptresource.axd?d=AAAAAAAAAAAAAAAAAAAAAA1 302
[*] hxxp://192.168.0.43:80 hxxp://192.168.0.43:80/scriptresource.axd?d=AAAAAAAAAAAAAAAAAAAAAA1 500
[*] hxxp://192.168.0.236:80 hxxp://192.168.0.236:80/scriptresource.axd?d=AAAAAAAAAAAAAAAAAAAAAA1 500
[*] hxxp://192.168.0.238:80 hxxp://192.168.0.238:80/scriptresource.axd?d=AAAAAAAAAAAAAAAAAAAAAA1 500
[-] Auxiliary failed: NoMethodError undefined method `code' for nil:NilClass
[-] Call stack:
[-] /root/.msf4/modules/auxiliary/scanner/http/Scriptresource.rb:50:in `block in run_host'
[-] /root/.msf4/modules/auxiliary/scanner/http/Scriptresource.rb:39:in `each'
[-] /root/.msf4/modules/auxiliary/scanner/http/Scriptresource.rb:39:in `run_host'
[-] /opt/metasploit-4.2.0/msf3/lib/msf/core/auxiliary/scanner.rb:92:in `block in run'
[-] /opt/metasploit-4.2.0/msf3/lib/msf/core/thread_manager.rb:64:in `call'
[-] /opt/metasploit-4.2.0/msf3/lib/msf/core/thread_manager.rb:64:in `block in
这是程序:
需要'rex/proto/http' 需要'msf/core'
类 Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::WmapScanDir
include Msf::Auxiliary::Scanner
def initialize(info = {})
super(update_info(info,
'Name' => 'ScriptResource Scanner',
'Description' => %q{
This module Will scan for the 302/500 response codes associated
with ScriptResource.axd on a traget machine or network. This
file is required for ASP.Net Oracle Padding attack.
},
'Author' => [ 'MyChickenNinja' ],
'License' => BSD_LICENSE,))
register_options(
[
OptString.new('PATH', [ true, "The path to identify vulnerable files", '/',
]
)
], self.class)
end
def run_host(ip)
cypher = ['scriptresource.axd?d=AAAAAAAAAAAAAAAAAAAAAA1']
conn = false
spath = datastore['PATH']
cypher.each do |cy|
queue << cy.strip
begin
crypt = cy
res = send_request_cgi({
'uri' => spath+crypt,
'method' => 'GET',
'ctype' => 'text/plain'
}, 20)
if res.code == 500 or res.code == 302
print_status("#{wmap_base_url} #{wmap_base_url}#{spath}#{crypt} #{res.code}")
end
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
conn = false
rescue ::Timeout::Error, ::Errno::EPIPE
end
end
end
结尾
现在它指的是“res.code”。我看到了,但我的印象是 Metasploit 处理了 res.code。我在程序崩溃之前得到 res.code 输出这一事实是否证实了这一点?所以现在我不知所措......是的,我在这里查看了网站上的其他问题,但通常答案是它们没有定义。但是 Metasplot 定义了这个变量.. 所以...... ??
正如我所说,我是 Ruby 的新手,所以如果我能得到一个详细的答案,我将不胜感激。谢谢!