beef/modules/exploits/zenoss_3x_command_execution/module.rb

#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
################################################################################
# For more information see: http://itsecuritysolutions.org/2012-07-30-zenoss-3.2.1-multiple-security-vulnerabilities/
################################################################################
class Zenoss_command_execution < BeEF::Core::Command
  def self.options
    @configuration = BeEF::Core::Configuration.instance
    lhost = @configuration.beef_host
    lhost = '' if lhost == '0.0.0.0'
    [
      { 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1' },
      { 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '8080' },
      { 'name' => 'lhost', 'ui_label' => 'Local Host',  'value' => lhost },
      { 'name' => 'lport', 'ui_label' => 'Local Port',  'value' => '4444' },
      { 'name' => 'user',  'ui_label' => 'Username',    'value' => 'admin' },
      { 'name' => 'pass',  'ui_label' => 'Password',    'value' => 'zenoss' }
    ]
  end

  def post_execute
    save({ 'result' => @datastore['result'] })
  end
end