0
請原諒我,Ruby的新手,實際上這是我接收的第一個語言,所以對我溫柔一點,好嗎?Ruby/Metasploit NoMethodError未定義的方法`代碼'
爲Metasploit編寫一個mod,它將掃描系統或網絡上302/500錯誤的文件ScriptResource.axd,該文件可用於進一步的攻擊。
它開始,它運行,然後崩潰,出現錯誤:
msf auxiliary(Scriptresource) > exploit
[*] hxxp://192.168.0.18:80 hxxp://192.168.0.18:80/scriptresource.axd?d=AAAAAAAAAAAAAAAAAAAAAA1 302
[*] hxxp://192.168.0.5:80 hxxp://192.168.0.5:80/scriptresource.axd?d=AAAAAAAAAAAAAAAAAAAAAA1 302
[*] hxxp://192.168.0.106:80 hxxp://192.168.0.106:80/scriptresource.axd?d=AAAAAAAAAAAAAAAAAAAAAA1 302
[*] hxxp://192.168.0.4:80 hxxp://192.168.0.4:80/scriptresource.axd?d=AAAAAAAAAAAAAAAAAAAAAA1 302
[*] hxxp://192.168.0.43:80 hxxp://192.168.0.43:80/scriptresource.axd?d=AAAAAAAAAAAAAAAAAAAAAA1 500
[*] hxxp://192.168.0.236:80 hxxp://192.168.0.236:80/scriptresource.axd?d=AAAAAAAAAAAAAAAAAAAAAA1 500
[*] hxxp://192.168.0.238:80 hxxp://192.168.0.238:80/scriptresource.axd?d=AAAAAAAAAAAAAAAAAAAAAA1 500
[-] Auxiliary failed: NoMethodError undefined method `code' for nil:NilClass
[-] Call stack:
[-] /root/.msf4/modules/auxiliary/scanner/http/Scriptresource.rb:50:in `block in run_host'
[-] /root/.msf4/modules/auxiliary/scanner/http/Scriptresource.rb:39:in `each'
[-] /root/.msf4/modules/auxiliary/scanner/http/Scriptresource.rb:39:in `run_host'
[-] /opt/metasploit-4.2.0/msf3/lib/msf/core/auxiliary/scanner.rb:92:in `block in run'
[-] /opt/metasploit-4.2.0/msf3/lib/msf/core/thread_manager.rb:64:in `call'
[-] /opt/metasploit-4.2.0/msf3/lib/msf/core/thread_manager.rb:64:in `block in
下面是程序:
需要 '雷克斯/原/ HTTP' 需要 'MSF /核心'
class Metasploit3 < Msf ::輔助
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::WmapScanDir
include Msf::Auxiliary::Scanner
def initialize(info = {})
super(update_info(info,
'Name' => 'ScriptResource Scanner',
'Description' => %q{
This module Will scan for the 302/500 response codes associated
with ScriptResource.axd on a traget machine or network. This
file is required for ASP.Net Oracle Padding attack.
},
'Author' => [ 'MyChickenNinja' ],
'License' => BSD_LICENSE,))
register_options(
[
OptString.new('PATH', [ true, "The path to identify vulnerable files", '/',
]
)
], self.class)
end
def run_host(ip)
cypher = ['scriptresource.axd?d=AAAAAAAAAAAAAAAAAAAAAA1']
conn = false
spath = datastore['PATH']
cypher.each do |cy|
queue << cy.strip
begin
crypt = cy
res = send_request_cgi({
'uri' => spath+crypt,
'method' => 'GET',
'ctype' => 'text/plain'
}, 20)
if res.code == 500 or res.code == 302
print_status("#{wmap_base_url} #{wmap_base_url}#{spath}#{crypt} #{res.code}")
end
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
conn = false
rescue ::Timeout::Error, ::Errno::EPIPE
end
end
end
end
現在它指的是「res.code」。我明白了,但我的印象是Metasploit處理res.code。這不是事實證明我得到res.code輸出之前程序崩潰?所以,現在我不知所措......是的,我在這裏查看了網站上的其他問題,但通常答案是它們沒有定義。但是Metasplot定義了這個變量..所以...?
正如我所說,我是Ruby新手,所以如果我能得到一個有點詳細的答案,我將不勝感激。 謝謝!