Module: Msf::Exploit::Remote::HTTP::Nifi

Includes:: Auth, Dbconnectionpool, Processor, Msf::Exploit::Remote::HttpClient

Defined in:: lib/msf/core/exploit/remote/http/nifi.rb

Overview

This module provides a way of interacting with Apache NiFi installations

Defined Under Namespace

Modules: Auth, Dbconnectionpool, Processor

Instance Attribute Summary

Attributes included from Msf::Exploit::Remote::HttpClient

#client, #cookie_jar

Instance Method Summary collapse

#fetch_root_process_group(token) ⇒ String

Fetch the root process group's UUID.
#get_version ⇒ Gem::Version

Find the version number of the Apache NiFi system based on JS calls on the nifi/ page.
#initialize(info = {}) ⇒ Object

Instance Method Details

#fetch_root_process_group(token) ⇒ `String`

Fetch the root process group's UUID

Parameters:

token (String) —

The bearer token from a valid login, or nil for no Authorization headers

Returns:

(String) —

The UUID of the root process group

# File 'lib/msf/core/exploit/remote/http/nifi.rb', line 60

def fetch_root_process_group(token)
  vprint_status('Attempting to retrieve root process group')
  opts = {
    'method' => 'GET',
    'uri' => normalize_uri(target_uri.path, 'nifi-api', 'process-groups', 'root')
  }
  opts['headers'] = { 'Authorization' => "Bearer #{token}" } if token
  res = send_request_cgi(opts)
  
  if res.nil?
    print_bad("#{peer} - Could not connect to web service - no response")
    return nil
  end

  unless res.code == 200
    print_bad("Unexpected response code: #{res.code}")
    return nil
  end
  res.get_json_document['id']
end

#get_version ⇒ `Gem::Version`

Find the version number of the Apache NiFi system based on JS calls on the nifi/ page.

Returns:

(Gem::Version) —

version number of the system, or nil on error

# File 'lib/msf/core/exploit/remote/http/nifi.rb', line 35

def get_version
  vprint_status('Attempting to retrieve version number')
  res = send_request_cgi!(
    'uri' => normalize_uri(target_uri.path, 'nifi/')
  )

  if res.nil?
    print_bad("#{peer} - Could not connect to web service - no response")
    return nil
  end

  unless res.code == 200
    print_bad("#{peer} - Unexpected Response Code (response code: #{res.code})")
    return nil
  end

  return Rex::Version.new(Regexp.last_match(1)) if res.body =~ %r{js/nf/nf-namespace\.js\?([\d.]*)">}

  nil
end

#initialize(info = {}) ⇒ `Object`

# File 'lib/msf/core/exploit/remote/http/nifi.rb', line 14

def initialize(info = {})
  super

  register_options(
    [
      Msf::Opt::RPORT(8443),
      Msf::OptString.new('TARGETURI', [ true, 'The URI of the Apache NiFi Application', '/']),
      Msf::OptString.new('USERNAME', [false, 'Username to authenticate with']),
      Msf::OptString.new('PASSWORD', [false, 'Password to authenticate with']),
      Msf::OptString.new('BEARER-TOKEN', [false, 'JWT authenticate with']),
    ], Msf::Exploit::Remote::HTTP::Nifi
  )

  register_advanced_options([
    Msf::OptBool.new('SSL', [true, 'Negotiate SSL connection', true])
  ])
end

Module: Msf::Exploit::Remote::HTTP::Nifi

Overview

Defined Under Namespace

Instance Attribute Summary

Attributes included from Msf::Exploit::Remote::HttpClient

Instance Method Summary collapse

Methods included from Dbconnectionpool

Methods included from Msf::Exploit::Remote::HttpClient

Methods included from Auxiliary::Report

Methods included from Metasploit::Framework::Require

Methods included from Processor

Methods included from Auth

Instance Method Details

#fetch_root_process_group(token) ⇒ String

#get_version ⇒ Gem::Version

#initialize(info = {}) ⇒ Object

#fetch_root_process_group(token) ⇒ `String`

#get_version ⇒ `Gem::Version`

#initialize(info = {}) ⇒ `Object`