Update checkcodes and bug fixes

adfoster-r7 · adfoster-r7 · commit 1f9124eeec35 · 2026-04-25T11:20:05.000+01:00
diff --git a/modules/exploits/linux/http/mutiny_frontend_upload.rb b/modules/exploits/linux/http/mutiny_frontend_upload.rb
@@ -147,7 +147,7 @@ def check
       return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable")
     end
 
-    return Exploit::CheckCode::Safe("Version #{version} is not vulnerable")
+    return Exploit::CheckCode::Safe(version ? "Version #{version} is not vulnerable" : 'The target is not vulnerable')
   end
 
   def exploit
diff --git a/modules/exploits/linux/http/nagios_xi_chained_rce.rb b/modules/exploits/linux/http/nagios_xi_chained_rce.rb
@@ -63,13 +63,16 @@ def check
     return unless res && (html = res.get_html_document)
 
     if (version = html.at('//input[@name = "version"]/@value'))
+      version = version.value
       vprint_status("Nagios XI version: #{version}")
       if Rex::Version.new(version) <= target[:version]
         return CheckCode::Appears("Version #{version} appears to be vulnerable")
       end
     end
 
-    CheckCode::Safe("Version #{version} is not vulnerable")
+    return CheckCode::Safe("Version #{version} is not vulnerable") if version
+
+    CheckCode::Unknown('Could not determine Nagios XI version')
   end
 
   def exploit
diff --git a/modules/exploits/linux/http/nagios_xi_chained_rce_2_electric_boogaloo.rb b/modules/exploits/linux/http/nagios_xi_chained_rce_2_electric_boogaloo.rb
@@ -87,10 +87,10 @@ def check
       if @version < target[:lower_version]
         vprint_bad('Try nagios_xi_chained for this version.')
       elsif (@version <= target[:upper_version] && @version >= target[:lower_version])
-        return CheckCode::Appears("Version #{version} appears to be vulnerable")
+        return CheckCode::Appears("Version #{@version} appears to be vulnerable")
       end
     end
-    CheckCode::Safe("Version #{version} is not vulnerable")
+    CheckCode::Safe("Version #{@version} is not vulnerable")
   end
 
   def set_db_user(usr, passwd)
diff --git a/modules/exploits/linux/http/nagios_xi_mibs_authenticated_rce.rb b/modules/exploits/linux/http/nagios_xi_mibs_authenticated_rce.rb
@@ -96,10 +96,10 @@ def check
     end
 
     if @version >= Rex::Version.new('5.6.0') && @version <= Rex::Version.new('5.7.3')
-      return CheckCode::Appears("Version #{version} appears to be vulnerable")
+      return CheckCode::Appears("Version #{@version} appears to be vulnerable")
     end
 
-    return CheckCode::Safe("Version #{version} is not vulnerable")
+    return CheckCode::Safe("Version #{@version} is not vulnerable")
   end
 
   def execute_command(cmd, _opts = {})
diff --git a/modules/exploits/linux/http/nagios_xi_plugins_check_plugin_authenticated_rce.rb b/modules/exploits/linux/http/nagios_xi_plugins_check_plugin_authenticated_rce.rb
@@ -130,10 +130,10 @@ def check
     end
 
     if @version < Rex::Version.new('5.6.6')
-      return CheckCode::Appears("Version #{version} appears to be vulnerable")
+      return CheckCode::Appears("Version #{@version} appears to be vulnerable")
     end
 
-    return CheckCode::Safe("Version #{version} is not vulnerable")
+    return CheckCode::Safe("Version #{@version} is not vulnerable")
   end
 
   def grab_plugins_nsp
diff --git a/modules/exploits/linux/http/nagios_xi_plugins_filename_authenticated_rce.rb b/modules/exploits/linux/http/nagios_xi_plugins_filename_authenticated_rce.rb
@@ -97,10 +97,10 @@ def check
     end
 
     if @version < Rex::Version.new('5.8.0')
-      return CheckCode::Appears("Version #{version} appears to be vulnerable")
+      return CheckCode::Appears("Version #{@version} appears to be vulnerable")
     end
 
-    return CheckCode::Safe("Version #{version} is not vulnerable")
+    return CheckCode::Safe("Version #{@version} is not vulnerable")
   end
 
   def execute_command(cmd, _opts = {})
diff --git a/modules/exploits/linux/http/netgear_dnslookup_cmd_exec.rb b/modules/exploits/linux/http/netgear_dnslookup_cmd_exec.rb
@@ -73,17 +73,19 @@ def check
       marker_one = "Basic realm=\"NETGEAR "
       marker_two = "\""
       model = data[/#{marker_one}(.*?)#{marker_two}/m, 1]
+      return CheckCode::Unknown('Could not determine NETGEAR model') if model.nil?
+
       vprint_status("Router is a NETGEAR router (#{model})")
       model_numbers = ['DGN2200v1', 'DGN2200v2', 'DGN2200v3', 'DGN2200v4']
       if model_numbers.include?(model)
         print_good("Router may be vulnerable (NETGEAR #{model})")
-        return CheckCode::Detected("Target detected: version #{model}")
+        return CheckCode::Detected("Target detected: model #{model}")
       else
-        return CheckCode::Safe("Version #{model} is not vulnerable")
+        return CheckCode::Safe("Model #{model} is not vulnerable")
       end
     else
       print_error('Router is not a NETGEAR router')
-      return CheckCode::Safe("Version #{model} is not vulnerable")
+      return CheckCode::Safe('NETGEAR router not detected')
     end
   end
 
diff --git a/modules/exploits/linux/http/netgear_r7000_cgibin_exec.rb b/modules/exploits/linux/http/netgear_r7000_cgibin_exec.rb
@@ -71,16 +71,18 @@ def check
       marker_one = "Basic realm=\"NETGEAR "
       marker_two = "\""
       model = scrape(data, marker_one, marker_two)
+      return CheckCode::Unknown('Could not determine NETGEAR model') if model.nil?
+
       vprint_status("Router is a NETGEAR router (#{model})")
       if model == 'R7000' || model == 'R6400'
         print_good("Router may be vulnerable (NETGEAR #{model})")
-        return CheckCode::Detected("Target detected: version #{model}")
+        return CheckCode::Detected("Target detected: model #{model}")
       else
-        return CheckCode::Safe("Version #{model} is not vulnerable")
+        return CheckCode::Safe("Model #{model} is not vulnerable")
       end
     else
       print_error('Router is not a NETGEAR router')
-      return CheckCode::Safe("Version #{model} is not vulnerable")
+      return CheckCode::Safe('NETGEAR router not detected')
     end
   end
 
diff --git a/modules/exploits/linux/http/netis_unauth_rce_cve_2024_22729.rb b/modules/exploits/linux/http/netis_unauth_rce_cve_2024_22729.rb
@@ -121,7 +121,7 @@ def check
 
       return CheckCode::Safe(version[2].chop.to_s)
     end
-    CheckCode::Safe("Version #{version} is not vulnerable")
+    CheckCode::Unknown('Unable to parse target version from response')
   end
 
   def exploit
diff --git a/modules/exploits/linux/http/netis_unauth_rce_cve_2024_48456_and_48457.rb b/modules/exploits/linux/http/netis_unauth_rce_cve_2024_48456_and_48457.rb
@@ -212,7 +212,7 @@ def check
         return CheckCode::Safe(version[1].to_s)
       end
     end
-    CheckCode::Safe("Version #{version} is not vulnerable")
+    CheckCode::Unknown('Unable to parse target version from response')
   end
 
   def exploit
diff --git a/modules/exploits/linux/http/oracle_ebs_rce_cve_2022_21587.rb b/modules/exploits/linux/http/oracle_ebs_rce_cve_2022_21587.rb
@@ -87,7 +87,7 @@ def check
       return CheckCode::Safe("Oracle EBS version #{version} detected.")
     end
 
-    CheckCode::Safe("Version #{version} is not vulnerable")
+    CheckCode::Unknown('Oracle EBS detected, but the version could not be determined')
   end
 
   def exploit
diff --git a/modules/exploits/linux/http/pandora_fms_sqli.rb b/modules/exploits/linux/http/pandora_fms_sqli.rb
@@ -87,15 +87,15 @@ def check
       if res.body =~ /<div id="ver_num">v(.*?)<\/div>/
         version = $1
       else
-        return Exploit::CheckCode::Detected("Target detected: version #{version}")
+        return Exploit::CheckCode::Detected('Target detected but version could not be determined')
       end
     end
 
-    unless version.nil?
-      vprint_status("Pandora FMS #{version} found")
-      if Rex::Version.new(version) <= Rex::Version.new('5.0SP2')
-        return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable")
-      end
+    return Exploit::CheckCode::Unknown('Could not determine the target version') if version.nil?
+
+    vprint_status("Pandora FMS #{version} found")
+    if Rex::Version.new(version) <= Rex::Version.new('5.0SP2')
+      return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable")
     end
 
     Exploit::CheckCode::Safe("Version #{version} is not vulnerable")
diff --git a/modules/exploits/linux/http/php_imap_open_rce.rb b/modules/exploits/linux/http/php_imap_open_rce.rb
@@ -97,7 +97,7 @@ def check
         return
       end
 
-      if res.code = 200
+      if res.code == 200
         return CheckCode::Detected('The target service was detected')
       end
     elsif target.name =~ /Horde IMP H3/
@@ -246,7 +246,7 @@ def exploit
         return
       end
 
-      if res.code = 200
+      if res.code == 200
         cookie = res.get_cookies
       else
         print_error("HTTP code #{res.code} found, check options.")
diff --git a/modules/exploits/linux/http/pineapple_preconfig_cmdinject.rb b/modules/exploits/linux/http/pineapple_preconfig_cmdinject.rb
@@ -241,13 +241,13 @@ def check
         'method' => 'GET',
         'uri' => brute_uri
       )
-      return Exploit::CheckCode::Safe('The target is not vulnerable') if !brutecheck || !brutecheck.code == 200 || brutecheck.body !~ /own this pineapple/
+      return Exploit::CheckCode::Safe('The target is not vulnerable') if !brutecheck || brutecheck.code != 200 || brutecheck.body !~ /own this pineapple/
 
       return Exploit::CheckCode::Vulnerable('The target is vulnerable')
     end
 
     cmd_success = cmd_inject("echo")
-    return Exploit::CheckCode::Vulnerable('The target is vulnerable') if cmd_success && cmdSuccess.code == 200 && cmd_success.body =~ /Executing/
+    return Exploit::CheckCode::Vulnerable('The target is vulnerable') if cmd_success && cmd_success.code == 200 && cmd_success.body =~ /Executing/
 
     Exploit::CheckCode::Safe('The target is not vulnerable')
   end
diff --git a/modules/exploits/linux/http/pretalx_rce_cve_2023_28458.rb b/modules/exploits/linux/http/pretalx_rce_cve_2023_28458.rb
@@ -57,7 +57,7 @@ def initialize(info = {})
   end
 
   def check
-    return Exploit::CheckCode::Unknown('Could not determine the target status'), 'Login failed, please check credentials' unless login(datastore['EMAIL'], datastore['PASSWORD'])
+    return Exploit::CheckCode::Unknown('Login failed, please check credentials') unless login(datastore['EMAIL'], datastore['PASSWORD'])
 
     @logged_in = true
 
@@ -77,7 +77,7 @@ def check
   rescue SessionCookieError
     return Exploit::CheckCode::Detected('Pretalx detected, failed to get session cookie - check your credentials')
   rescue DebugError
-    return Exploit::Checkcode::Detected('Failed to check if debug mode is enabled')
+    return Exploit::CheckCode::Detected('Failed to check if debug mode is enabled')
   end
 
   def exploit
diff --git a/modules/exploits/linux/http/qnap_qcenter_change_passwd_exec.rb b/modules/exploits/linux/http/qnap_qcenter_change_passwd_exec.rb
@@ -83,7 +83,7 @@ def check
     version = res.body.scan(/\.js\?_v=([\d\.]+)/).flatten.first
     if version.to_s.eql? ''
       vprint_error "Could not determine QNAP Q'Center appliance version"
-      return CheckCode::Detected("Target detected: version #{version}")
+      return CheckCode::Detected('Target detected but version could not be determined')
     end
 
     version = Rex::Version.new version
diff --git a/modules/exploits/linux/http/qnap_qts_rce_cve_2023_47218.rb b/modules/exploits/linux/http/qnap_qts_rce_cve_2023_47218.rb
@@ -85,7 +85,7 @@ def check
     # </Errmsg>
     # </Storage>
 
-    return Exploit::CheckCode::Detected("Target detected: version #{version}") if res.body.include? '<Result>failure</Result>'
+    return Exploit::CheckCode::Detected('QNAP QTS target detected') if res.body.include? '<Result>failure</Result>'
 
     CheckCode::Unknown('Could not determine the target status')
   end
diff --git a/modules/exploits/linux/http/rconfig_ajaxarchivefiles_rce.rb b/modules/exploits/linux/http/rconfig_ajaxarchivefiles_rce.rb
@@ -5,6 +5,7 @@
 
 class MetasploitModule < Msf::Exploit::Remote
   Rank = GoodRanking
+  prepend Msf::Exploit::Remote::AutoCheck
   include Msf::Exploit::Remote::HttpClient
 
   def initialize(info = {})
@@ -75,15 +76,20 @@ def check
       'uri' => '/login.php'
     )
     if !res || !res.get_html_document
-      fail_with(Failure::Unknown, 'Could not check rConfig version')
+      return Exploit::CheckCode::Unknown('Could not retrieve the rConfig login page')
     end
-    if res.get_html_document.at('div[@id="footer-copyright"]').text.include? 'rConfig Version 3.9'
+
+    footer = res.get_html_document.at('div[@id="footer-copyright"]')
+    return Exploit::CheckCode::Unknown('Could not find version information on the login page') unless footer
+
+    if footer.text.include? 'rConfig Version 3.9'
       print_good('rConfig version 3.9 detected')
-      return Exploit::CheckCode::Appears('The target appears to be vulnerable')
-    elsif res.get_html_document.at('div[@id="footer-copyright"]').text.include? 'rConfig'
+      return Exploit::CheckCode::Appears('rConfig version 3.9 was detected')
+    elsif footer.text.include? 'rConfig'
       print_status('rConfig detected, but not version 3.9')
-      return Exploit::CheckCode::Detected('The target service was detected')
+      return Exploit::CheckCode::Detected('rConfig was detected but not version 3.9')
     end
+    Exploit::CheckCode::Safe('rConfig was not detected')
   end
 
   # CREATE AN ADMIN USER IN RCONFIG
@@ -193,7 +199,6 @@ def cleanup
   end
 
   def exploit
-    check
     @username = rand_text_alphanumeric(8..12)
     @password = 'admin'
     _cres_res = create_rconfig_user @username, @password
diff --git a/modules/exploits/linux/http/samsung_srv_1670d_upload_exec.rb b/modules/exploits/linux/http/samsung_srv_1670d_upload_exec.rb
@@ -77,13 +77,17 @@ def check
       if resp.body =~ /File Version (\d+\.\d+\.\d+\.\d+)/
         version = $1
         if version == '1.0.0.193'
-          vprint_good "Found vesrion: #{version}"
+          vprint_good "Found version: #{version}"
           return CheckCode::Appears("Version #{version} appears to be vulnerable")
         end
+
+        return CheckCode::Safe("Version #{version} is not vulnerable")
       end
+
+      return CheckCode::Unknown('Could not determine the target version')
     end
 
-    CheckCode::Safe("Version #{version} is not vulnerable")
+    CheckCode::Safe('Samsung NVR not detected')
   end
 
   def exploit
diff --git a/modules/exploits/linux/http/supervisor_xmlrpc_exec.rb b/modules/exploits/linux/http/supervisor_xmlrpc_exec.rb
@@ -105,7 +105,7 @@ def check
         end
       elsif res.code == 401
         print_bad("Authentication failed: #{res.code} response")
-        return Exploit::CheckCode::Safe("Version #{version} is not vulnerable")
+        return Exploit::CheckCode::Detected('Authentication required (HTTP 401)')
       else
         print_bad("Unexpected HTTP code: #{res.code} response")
         return Exploit::CheckCode::Unknown('Could not determine the target status')
diff --git a/modules/exploits/linux/http/vmware_vrops_mgr_ssrf_rce.rb b/modules/exploits/linux/http/vmware_vrops_mgr_ssrf_rce.rb
@@ -92,7 +92,7 @@ def setup
   end
 
   def check
-    leak_admin_creds ? CheckCode::Vulnerable('The target is vulnerable') : CheckCode::Safe('The target is not vulnerable')
+    leak_admin_creds ? CheckCode::Vulnerable('Successfully leaked admin credentials via SSRF') : CheckCode::Safe('Could not leak admin credentials via SSRF')
   end
 
   def exploit
diff --git a/modules/exploits/linux/http/webmin_packageup_rce.rb b/modules/exploits/linux/http/webmin_packageup_rce.rb
@@ -100,7 +100,7 @@ def check
 
     if res && res.code == 302 && res.body
       version = res.body.split("- Webmin 1.")[1]
-      return CheckCode::Detected("Target detected: version #{version}") if version.nil?
+      return CheckCode::Detected('Webmin detected but version could not be determined') if version.nil?
 
       version = version.split(" ")[0]
       if version <= "910"
@@ -118,7 +118,7 @@ def check
     end
     print_error("#{datastore['USERNAME']} doesn't have the right to >>Package Update<<")
     print_status("Please try with another user account!")
-    CheckCode::Safe('The target is not vulnerable')
+    CheckCode::Detected("Version #{version} may be vulnerable, but user '#{datastore['USERNAME']}' lacks Package Updates permissions")
   end
 
   def exploit
diff --git a/modules/exploits/linux/http/zabbix_sqli.rb b/modules/exploits/linux/http/zabbix_sqli.rb
@@ -83,7 +83,7 @@ def check
       return Exploit::CheckCode::Unknown('Could not determine the target status')
     end
 
-    if version and version <= "2.0.8"
+    if version and Rex::Version.new(version) <= Rex::Version.new("2.0.8")
       return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable")
     else
       return Exploit::CheckCode::Safe("Version #{version} is not vulnerable")
diff --git a/modules/exploits/linux/http/zen_load_balancer_exec.rb b/modules/exploits/linux/http/zen_load_balancer_exec.rb
@@ -77,15 +77,15 @@ def check
       })
 
       if res and res.code == 200 and res.body =~ /#version ZEN\s+\$version=\"(2|3\.0\-rc1)/
-        return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable")
+        return Exploit::CheckCode::Appears("Version #{$1} appears to be vulnerable")
       elsif res and res.code == 200 and res.body =~ /zenloadbalancer/
-        return Exploit::CheckCode::Detected("Target detected: version #{version}")
+        return Exploit::CheckCode::Detected('Zen Load Balancer detected')
       end
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
       vprint_error("Connection failed")
       return Exploit::CheckCode::Unknown('Could not determine the target status')
     end
-    return Exploit::CheckCode::Safe("Version #{version} is not vulnerable")
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
   end
 
   def exploit
diff --git a/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb b/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb
@@ -71,15 +71,15 @@ def check
         'method' => "GET",
         'uri' => "/zport/acl_users/cookieAuthHelper/login_form"
       })
+      return Exploit::CheckCode::Unknown('No response received from the target') unless res
       return Exploit::CheckCode::Appears('The target appears to be vulnerable') if res.body =~ /<p>Copyright &copy; 2005-20[\d]{2} Zenoss, Inc\. \| Version\s+<span>3\./
       return Exploit::CheckCode::Detected('The target service was detected') if res.body =~ /<link rel="shortcut icon" type="image\/x\-icon" href="\/zport\/dmd\/favicon\.ico" \/>/
 
       return Exploit::CheckCode::Safe('The target is not vulnerable')
-    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeoutp
+    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
       vprint_error("Connection failed")
       return Exploit::CheckCode::Unknown('Could not determine the target status')
     end
-    return Exploit::CheckCode::Save('Target status check completed')
   end
 
   def exploit
diff --git a/modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb b/modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb
@@ -415,7 +415,8 @@ def check
     # @config = { 'hardware' => nil, 'software' => nil, 'serial' => nil, 'ssh_user' => nil, 'ssh_port' => nil, 'ssh_wan_access' => nil, 'ssh_service_enabled' => nil }
 
     res = get_configuration
-    return CheckCode::Safe('The target is not vulnerable') if res.nil? || res.code != 200
+    return CheckCode::Unknown('No response received from the target') if res.nil?
+    return CheckCode::Safe('The target is not vulnerable') if res.code != 200
 
     begin
       process_configuration(res)
diff --git a/modules/exploits/linux/ids/alienvault_centerd_soap_exec.rb b/modules/exploits/linux/ids/alienvault_centerd_soap_exec.rb
diff --git a/modules/exploits/linux/misc/hid_discoveryd_command_blink_on_unauth_rce.rb b/modules/exploits/linux/misc/hid_discoveryd_command_blink_on_unauth_rce.rb
diff --git a/modules/exploits/linux/misc/qnap_transcode_server.rb b/modules/exploits/linux/misc/qnap_transcode_server.rb
diff --git a/modules/exploits/linux/misc/ueb9_bpserverd.rb b/modules/exploits/linux/misc/ueb9_bpserverd.rb
diff --git a/modules/exploits/linux/misc/zabbix_server_exec.rb b/modules/exploits/linux/misc/zabbix_server_exec.rb
diff --git a/modules/exploits/linux/samba/lsa_transnames_heap.rb b/modules/exploits/linux/samba/lsa_transnames_heap.rb
diff --git a/modules/exploits/linux/snmp/awind_snmp_exec.rb b/modules/exploits/linux/snmp/awind_snmp_exec.rb
diff --git a/modules/exploits/linux/ssh/vyos_restricted_shell_privesc.rb b/modules/exploits/linux/ssh/vyos_restricted_shell_privesc.rb
diff --git a/modules/exploits/linux/upnp/miniupnpd_soap_bof.rb b/modules/exploits/linux/upnp/miniupnpd_soap_bof.rb
