Open h00die opened 10 months ago
The next line down doesn't work either:
>> Msf::Exploit::Remote::HTTP::HttpCookie.new('AsWebStatisticsCooKie', 1)
/usr/lib/ruby/vendor_ruby/http/cookie.rb:373:in `value=': Integer is not a String (TypeError)
I tried to initialize an HTTPCookie object with a domain. Got this error:
/Users/corery/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/http-cookie-1.0.5/lib/http/cookie_jar.rb:110:in `rescue in add': domain is missing (ArgumentError)
from /Users/corery/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/http-cookie-1.0.5/lib/http/cookie_jar.rb:107:in `add'
from /Users/corery/metasploit-framework/lib/msf/core/exploit/remote/http/http_cookie_jar.rb:32:in `add'
from (irb):8:in `<main>'
from /Users/corery/metasploit-framework/lib/rex/ui/text/irb_shell.rb:53:in `block in run'
from /Users/corery/metasploit-framework/lib/rex/ui/text/irb_shell.rb:52:in `catch'
from /Users/corery/metasploit-framework/lib/rex/ui/text/irb_shell.rb:52:in `run'
from /Users/corery/metasploit-framework/lib/msf/ui/console/command_dispatcher/developer.rb:139:in `block in cmd_irb'
from /Users/corery/metasploit-framework/lib/rex/ui/text/shell/history_manager.rb:33:in `with_context'
from /Users/corery/metasploit-framework/lib/msf/ui/console/command_dispatcher/developer.rb:132:in `cmd_irb'
from /Users/corery/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:in `run_command'
from /Users/corery/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in `block in run_single'
from /Users/corery/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `each'
from /Users/corery/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `run_single'
from /Users/corery/metasploit-framework/lib/rex/ui/text/shell.rb:165:in `block in run'
from /Users/corery/metasploit-framework/lib/rex/ui/text/shell.rb:309:in `block in with_history_manager_context'
from /Users/corery/metasploit-framework/lib/rex/ui/text/shell/history_manager.rb:33:in `with_context'
... 5 levels...
/Users/corery/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/http-cookie-1.0.5/lib/http/cookie.rb:572:in `acceptable?': domain is missing (RuntimeError)
When I create the object on it's own and look at the attributes domain is not set, however using the domain=
method it can be set.
x = Msf::Exploit::Remote::HTTP::HttpCookie.new('PHPSESSID', @phpsessid, attr_hash: {domain: "foo.com"}
>> )
=>
#<Msf::Exploit::Remote::HTTP::HttpCookie:0x0000000125be2500
...
>> x
=>
#<Msf::Exploit::Remote::HTTP::HttpCookie:0x0000000125be2500
@cookie=
#<HTTP::Cookie:name="PHPSESSID", value="", domain=nil, for_domain=false, path=nil, secure=false, httponly=false, expires=1969-12-31 19:00:00 -0500, max_age=nil, created_at=2024-03-25 13:32:09.337654 -0400, accessed_at=2024-03-25 13:32:09.337654 -0400 origin=nil>>
?> x = Msf::Exploit::Remote::HTTP::HttpCookie.new('PHPSESSID', @phpsessid, attr_hash: {domain: "foo.com", httponly: true}
>> )
=>
#<Msf::Exploit::Remote::HTTP::HttpCookie:0x00000001260b3c28
...
>> x
=>
#<Msf::Exploit::Remote::HTTP::HttpCookie:0x00000001260b3c28
@cookie=
#<HTTP::Cookie:name="PHPSESSID", value="", domain=nil, for_domain=false, path=nil, secure=false, httponly=false, expires=1969-12-31 19:00:00 -0500, max_age=nil, created_at=2024-03-25 13:32:47.231918 -0400, accessed_at=2024-03-25 13:32:47.231918 -0400 origin=nil>>
>> x.domain="foo"
=> "foo"
>> x
=>
#<Msf::Exploit::Remote::HTTP::HttpCookie:0x00000001260b3c28
@cookie=
#<HTTP::Cookie:name="PHPSESSID", value="", domain="foo", for_domain=false, path=nil, secure=false, httponly=false, expires=1969-12-31 19:00:00 -0500, max_age=nil, created_at=2024-03-25 13:32:47.231918 -0400, accessed_at=2024-03-25 13:32:47.231918 -0400 origin=nil>>
Am I not initializing the HttpCookie object properly?
https://docs.metasploit.com/docs/development/developing-modules/libraries/http/how-to-send-an-http-request-using-httpclient.html#cookies--cookiejars
Use the first 2 lines in the example: