Improve NagiosXI authenticated exploit modules to increase resilience and for use with Autocheck disabled

[k0pak4]

Summary

During the course of #17494 there were several concerns with how the NagiosXI login mixin was being used in the check method, which prevents the module from working when Autocheck is disabled. Additionally, other improvements were made including cleaner regexes in version detection, nil checks on objects that were assumed to be not nil, and other improvements. After examining the other NagiosXI modules the following modules should be modified to also take advantage of these improvements:

• modules\exploits\linux\http\nagios_xi_autodiscovery_webshell.rb
• modules\exploits\linux\http\nagios_xi_mibs_authenticated_rce.rb
• modules\exploits\linux\http\nagios_xi_plugins_check_plugin_authenticated_rce.rb
• modules\exploits\linux\http\nagios_xi_plugins_filename_authenticated_rce.rb

Improvements

• Move the authentication to its own function, and call it in check and exploit when necessary (Add NagiosXI authenticated RCE (CVE-2021-25296, CVE-2021-25297,CVE-2021-25298) exploit module #17494 (comment))
• Use better regexes for version detection (Add NagiosXI authenticated RCE (CVE-2021-25296, CVE-2021-25297,CVE-2021-25298) exploit module #17494 (comment))
• Refactor case statements to use accurate error codes, error messages, and Failure codes (Add NagiosXI authenticated RCE (CVE-2021-25296, CVE-2021-25297,CVE-2021-25298) exploit module #17494 (comment))
• Improve documentation to give detailed installation instructions (see documentation\modules\exploit\linux\http\nagios_xi_configwizards_authenticated_rce.md)
• Improve lib\msf\core\exploit\remote\http\nagios_xi\login.rb to make the return structure consistent (currently reversed on failure from success) (Add NagiosXI authenticated RCE (CVE-2021-25296, CVE-2021-25297,CVE-2021-25298) exploit module #17494 (comment))

Generally, these modules can also be cleaned up and shortened similarly to how the config wizards RCE module was through PR.

Motivation

Currently, these modules will fail with AutoCheck disabled, so we want to improve that first and foremost. Additionally, the version checking and error codes will provide more support when running the modules against old versions of NagiosXI.

Vulnerable Software

In general, older versions of NagiosXI can be found:

• As an OVA (replace version number in the link to the one you want to download): https://assets.nagios.com/downloads/nagiosxi/5/ovf/nagiosxi-5.7.5-64.ova
• As a package: https://www.nagios.com/downloads/nagios-xi/older-releases/

documentation\modules\exploit\linux\http\nagios_xi_configwizards_authenticated_rce.md has detailed installation instructions if help is needed on install

[Sidharthareddy99]

I want to work on this issue please assign me this issue.

[gwillcox-r7]

@Sidharthareddy99 Your assigned now, let me know if you need additional info on anything.

[k0pak4]

Yup feel free to ask questions if you need @Sidharthareddy99 , it's very top of mind at the moment 😅

[gwillcox-r7]

Unassigning for now, if a PR is put up though I can reassign. We mostly use assignment internally to track who is working on what. Anyone is free to put up a PR to fix an issue at any time, at which point we can look into assigning people at that point

[XEHIL]

Can I get to work on this? I'd like to contribute.

[gwillcox-r7]

Sure @XEHIL, feel free to take it on 👍 Do you need help forking the repo? I see you haven't done so yet.

[XEHIL]

@gwillcox-r7 thank you. I was waiting for the issue to be assigned.