-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhp_ilo_4_scanner.rb
69 lines (58 loc) · 2.17 KB
/
hp_ilo_4_scanner.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
require 'msf/core'
# sudo mkdir /usr/share/metasploit-framework/modules/auxiliary/scanner/hpilo4
# reload_all
# ToDo:
# Commit this to the official metasploit framework repo
class MetasploitModule < Msf::Auxiliary
def initialize(info={})
super(update_info(info,
'Name' => 'HP iLO 4 1.00-2.50 Scanner',
'Description' => %q{
This module checks if the provided host is vulnerable to an authentication bypass in HP iLO 4 1.00 to 2.50.
},
'Author' => 'vostdev [at] gmail [dot] com',
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2017-12542' ],
[ 'URL', 'https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbhf03769en_us' ],
[ 'URL', 'https://www.synacktiv.com/en/publications/hp-ilo-talk-at-recon-brx-2018.html' ]
],
'DefaultOptions' => { 'SSL' => true }
))
register_options([
OptString.new('RHOST', [true, 'The target host', '']),
OptInt.new('RPORT', [false, 'The target port', 443])
])
end
def run
# Get the target host and port from the user input
rhost = datastore['RHOST']
rport = datastore['RPORT']
# Construct the URL for fetching the XML data
url = "https://#{rhost}:#{rport}/xmldata?item=All"
# Fetch the XML data from the remote server
print_status("Fetching XML data from #{url}...")
uri = URI.parse(url)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Get.new(uri.request_uri)
res = http.request(request)
# Parse the XML data using Nokogiri
xml = Nokogiri::XML(res.body)
# Extract the <PN> element and check if it contains "iLO 4"
ilo_element = xml.xpath('//PN').text
if ilo_element.include?('iLO 4')
# Extract and print the <FWRI> element
fwri = xml.xpath('//FWRI').text
if fwri.present? && fwri.to_f.between?(1.0, 2.50)
print_good("Version: #{fwri} - Vulnerable version")
else
print_warning("Version: #{fwri} - Not a vulnerable version")
end
else
print_status("Not an iLO 4 device")
end
end
end