130
Chapter 9
Within the initialization constructor we define much of the informa-
tion that is reported back when issuing the
info
command in
msfconsole
.
We can see where the various options are defined and whether they are
required. So far, all are pretty direct and their purposes are clear. Still, we
have yet to see any actual logic being performed. That comes next.
def run
begin
user = datastore['USERNAME']
pass = datastore['PASSWORD']
venid = datastore['VENUEID']
user_pass = Rex::Text.encode_base64(user + ":" + pass)
decode = Rex::Text.decode_base64(user_pass)
postrequest = "twitter=1\n" #add facebook=1 if you want facebook
print_status("Base64 Encoded User/Pass: #{user_pass}") #debug
print_status("Base64 Decoded User/Pass: #{decode}") #debug
res = send_request_cgi({
'uri' => "/v1/checkin?vid=#{venid}",
'version' => "1.1",
'method' => 'POST',
'data' => postrequest,
'headers' =>
{
'Authorization' => "Basic #{user_pass}",
'Proxy-Connection' => "Keep-Alive",
}
}, 25)
Now we reach the actual logic of the script—what happens when
run
is
called within the module. Initially the provided options are set to local vari-
able names along with defining various other objects. An object is then
created by calling the
send_request_cgi
method imported into the script
from
lib/msf/core/exploit/http.rb
and defined as “Connects to the server, cre-
ates a request, sends the request, reads the response.” This method takes var-
ious parameters that make up the call to the actual server, as shown here.
print_status("#{res}") #this outputs the entire response. We could probably do
#without this but it's nice to see what's going on.
end
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
rescue ::Timeout::Error, ::Errno::EPIPE =>e
puts e.message
end
end
After this object is created, the results are printed . If anything goes
wrong, logic exists for catching any errors and reporting them to the user.
All of this logic is simple and is just a matter of plugging various parameters