Yard doc

2014-09-02 20:48:07 -05:00 · 2014-09-02 20:48:07 -05:00 · 61e58dc6d3
parent 954475c0bf
commit 61e58dc6d3
1 changed files with 25 additions and 1 deletions
--- a/lib/metasploit/framework/login_scanner/glassfish.rb
+++ b/lib/metasploit/framework/login_scanner/glassfish.rb
@ -1,6 +1,13 @@

 require 'metasploit/framework/login_scanner/http'

+##
+#
+# The Metasploit::Framework::LoginScanner::Glassfish class provides methods to do login routines
+# for Glassfish 2, 3 and 4.
+#
+##
+
 module Metasploit
  module Framework
    module LoginScanner
@ -23,7 +30,9 @@ module Metasploit

        #
        # Sends a HTTP request with Rex
-        # attempt_login is handling all the possible exceptions Rex might raise
+        #
+        # @param opts [Hash] The HTTP request options. See #request_raw in client.rb
+        # @return [Rex::Proto::Http::Response] The HTTP response
        #
        def send_request(opts)
          cli = Rex::Proto::Http::Client.new(host, port, {}, ssl, ssl_version)
@ -45,6 +54,9 @@ module Metasploit
        # to login remotely. However, the authentication will still run and hint whether the
        # password is correct or not.
        #
+        # @param res [Rex::Proto::Http::Response] The HTTP auth response
+        # @return [boolean] True if disabled, otherwise false
+        #
        def is_secure_admin_disabled?(res)
          return (res.body =~ /Secure Admin must be enabled/i) ? true : false
        end
@ -53,6 +65,9 @@ module Metasploit
        #
        # Sends a login request
        #
+        # @param credential [Metasploit::Framework::Credential] The credential object
+        # @return [Rex::Proto::Http::Response] The HTTP auth response
+        #
        def try_login(credential)
          data  = "j_username=#{Rex::Text.uri_encode(credential.public)}&"
          data << "j_password=#{Rex::Text.uri_encode(credential.private)}&"
@ -75,6 +90,9 @@ module Metasploit
        #
        # Tries to login to Glassfish version 2
        #
+        # @param credential [Metasploit::Framework::Credential] The credential object
+        # @return [Hash] A hash with :status being a Metasploit::Model::Login::Status, and :proof that contains the HTTP response body
+        #
        def try_glassfish_2(credential)
          res = try_login(credential)
          if res and res.code == 302
@ -99,6 +117,9 @@ module Metasploit
        #
        # Tries to login to Glassfish version 3 or 4 (as of now it's the latest)
        #
+        # @param credential [Metasploit::Framework::Credential] The credential object
+        # @return [Hash] A hash with :status being a Metasploit::Model::Login::Status, and :proof that contains the HTTP response body
+        #
        def try_glassfish_3(credential)
          res = try_login(credential)
          if res and res.code == 302
@ -128,6 +149,9 @@ module Metasploit
        #
        # Decides which login routine and returns the results
        #
+        # @param credential [Metasploit::Framework::Credential] The credential object
+        # @return [Result]
+        #
        def attempt_login(credential)
          result_opts = { credential: credential }