background image

130

Chapter 9

Within the initialization constructor   we define much of the informa-

tion   that is reported back when issuing the 

info

 command in 

msfconsole

We can see where the various options are defined   and whether they are 
required. So far, all are pretty direct and their purposes are clear. Still, we 
have yet to see any actual logic being performed. That comes next.

    def run
    
        begin

user = datastore['USERNAME']

            pass = datastore['PASSWORD']
            venid = datastore['VENUEID']
            user_pass = Rex::Text.encode_base64(user + ":" + pass)
            decode = Rex::Text.decode_base64(user_pass)
            postrequest = "twitter=1\n" #add facebook=1 if you want facebook

            print_status("Base64 Encoded User/Pass: #{user_pass}") #debug
            print_status("Base64 Decoded User/Pass: #{decode}") #debug

res = send_request_cgi({

                'uri'     => "/v1/checkin?vid=#{venid}",
                'version'    => "1.1",
                'method'  => 'POST',
                'data'   => postrequest,
                'headers' =>
                    {
                        'Authorization' => "Basic #{user_pass}",
                        'Proxy-Connection' =>  "Keep-Alive",
                    }
            }, 25)

Now we reach the actual logic of the script—what happens when 

run

 is 

called within the module. Initially the provided options are set to local vari-
able names   along with defining various other objects. An object is then 
created by calling the 

send_request_cgi

 method   imported into the script 

from 

lib/msf/core/exploit/http.rb

 and defined as “Connects to the server, cre-

ates a request, sends the request, reads the response.” This method takes var-
ious parameters that make up the call to the actual server, as shown here.

print_status("#{res}") #this outputs the entire response. We could probably do 

#without this but it's nice to see what's going on.

            end

rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout 

        rescue ::Timeout::Error, ::Errno::EPIPE =>e
            puts e.message
    end
end

After this object is created, the results are printed  . If anything goes 

wrong, logic exists for catching any errors   and reporting them to the user. 
All of this logic is simple and is just a matter of plugging various parameters