Module: Msf::Exploit::Remote::HTTP::NagiosXi::Version

Includes:
URIs
Included in:
Msf::Exploit::Remote::HTTP::NagiosXi
Defined in:
lib/msf/core/exploit/remote/http/nagios_xi/version.rb

Constant Summary collapse

PRE_5_2_VERSION_REGEX =

Versions of NagiosXI pre-5.2 have different formats (5r1.0, 2014r2.7, 2012r2.8b, etc.) that Rex cannot handle, so we set pre-5.2 versions to 1.0.0 for easier Rex comparison because the module only works on post-5.2 versions.

'^\d{4}r\d(?:\.\d)?(?:(?:RC\d)|(?:[a-z]{1,3}))?$'

Instance Method Summary collapse

Methods included from URIs

#nagios_xi_backend_url, #nagios_xi_install_url, #nagios_xi_login_url

Instance Method Details

#nagios_xi_version(res_backend) ⇒ String?

Extracts the Nagios XI version information from an HTTP response body obtained after authentication. Works for index.php and perhaps other backend pages.

Parameters:

  • res_backend (String)

    HTTP response body

Returns:

  • (String, nil)

    , String containing the Nagios XI version if successful, nil otherwise



15
16
17
# File 'lib/msf/core/exploit/remote/http/nagios_xi/version.rb', line 15

def nagios_xi_version(res_backend)
  version = res_backend.scan(/product=nagiosxi&version=(.+?)&/)&.flatten&.first
end

#nagios_xi_version_no_authArray

Tries to obtain the Nagios XI version from the login.php page. This will not work for older Nagios XI versions.

Returns:

  • (Array)

    , Array containing the Nagios XI version and nil if successful, otherwise Array containing an error code and an error message



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# File 'lib/msf/core/exploit/remote/http/nagios_xi/version.rb', line 22

def nagios_xi_version_no_auth
  res = send_request_cgi({
    'method' => 'GET',
    'uri' => ,
  })

  unless res
    return [1, 'Connection failed']
  end

  unless [200,302].include?(res.code) && res.body.include?('>Nagios XI<')
    return [3, 'Target is not a Nagios XI application']
  end

  nagios_version = res.body.scan(/name="version" value="(\d+\.\d+\.\d+)">/)&.flatten&.first

  if nagios_version.nil?
    return [2, 'Unable to obtain Nagios XI version from the login page.']
  end

  [nagios_version, nil]
end