diff --git a/modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb b/modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb index 44f4d30da4032..c14cf76e249fb 100644 --- a/modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb +++ b/modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb @@ -70,19 +70,19 @@ def check res = send_request_raw('uri' => normalize_uri(target_uri.path, 'aa.php')) if !res vprint_error("Connection failed") - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') elsif res.code == 404 vprint_error("Could not find aa.php") - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') elsif res.code == 200 && res.body =~ /ActualAnalyzer Lite/ && res.body =~ /Admin area<\/title>/ vprint_error("ActualAnalyzer is not installed. Try installing first.") - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') end # check version res = send_request_raw('uri' => normalize_uri(target_uri.path, 'view.php')) if !res vprint_error("Connection failed") - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') elsif res.code == 200 && /title="ActualAnalyzer Lite \(free\) (?[\d\.]+)"/ =~ res.body vprint_status("Found version: #{version}") if Rex::Version.new(version) <= Rex::Version.new('2.81') @@ -92,13 +92,13 @@ def check info: "Module #{fullname} detected ActualAnalyzer #{version}", refs: references ) - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') elsif res.code == 200 && res.body =~ /ActualAnalyzer Lite/ - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') end - Exploit::CheckCode::Safe + Exploit::CheckCode::Safe('The target is not vulnerable') end # diff --git a/modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb b/modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb index 4fc33fd9d8949..a6466c99603f6 100644 --- a/modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb +++ b/modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb @@ -59,11 +59,11 @@ def check unless res vprint_error 'Connection failed' - return CheckCode::Unknown + return CheckCode::Unknown('Could not determine the target status') end unless res.body =~ /ajenti/i - return CheckCode::Safe + return CheckCode::Safe('The target is not vulnerable') end version = res.body.scan(/'ajentiVersion', '([\d\.]+)'/).flatten.first @@ -73,10 +73,10 @@ def check end if version == '2.1.31' - return CheckCode::Appears + return CheckCode::Appears("Version #{version} appears to be vulnerable") end - CheckCode::Detected + CheckCode::Detected("Detected version #{version}") end def exploit diff --git a/modules/exploits/unix/webapp/arkeia_upload_exec.rb b/modules/exploits/unix/webapp/arkeia_upload_exec.rb index 437cbca75e2b1..e129303458c79 100644 --- a/modules/exploits/unix/webapp/arkeia_upload_exec.rb +++ b/modules/exploits/unix/webapp/arkeia_upload_exec.rb @@ -71,13 +71,13 @@ def check if res and res.code == 200 and res.body =~ /v(\d+\.\d+\.\d+)/ version = $1 else - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end vprint_status("Version #{version} detected") if version > "10.0.10" - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe("Version #{version} is not vulnerable") end # Check for vulnerable component @@ -90,10 +90,10 @@ def check }) if res and res.code == 200 and res.body =~ /Les versions brutes des messages est affichee ci-dessous/ - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable") end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe("Version #{version} is not vulnerable") end def exploit diff --git a/modules/exploits/unix/webapp/awstats_configdir_exec.rb b/modules/exploits/unix/webapp/awstats_configdir_exec.rb index 2108a7a4ebb08..8153b5edcd027 100644 --- a/modules/exploits/unix/webapp/awstats_configdir_exec.rb +++ b/modules/exploits/unix/webapp/awstats_configdir_exec.rb @@ -66,10 +66,10 @@ def check }, 25) if (res and res.body.match(/localhost/)) - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/awstats_migrate_exec.rb b/modules/exploits/unix/webapp/awstats_migrate_exec.rb index 4a25883607f62..449c328bc5279 100644 --- a/modules/exploits/unix/webapp/awstats_migrate_exec.rb +++ b/modules/exploits/unix/webapp/awstats_migrate_exec.rb @@ -70,10 +70,10 @@ def check }, 25) if (res and res.body.match(/localhost/)) - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/awstatstotals_multisort.rb b/modules/exploits/unix/webapp/awstatstotals_multisort.rb index 930ec68d34089..573d9742017bc 100644 --- a/modules/exploits/unix/webapp/awstatstotals_multisort.rb +++ b/modules/exploits/unix/webapp/awstatstotals_multisort.rb @@ -64,10 +64,10 @@ def check }, 25) if (res and res.body.match(/localhost/)) - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/barracuda_img_exec.rb b/modules/exploits/unix/webapp/barracuda_img_exec.rb index 9d8d85956e0b3..1af151d214885 100644 --- a/modules/exploits/unix/webapp/barracuda_img_exec.rb +++ b/modules/exploits/unix/webapp/barracuda_img_exec.rb @@ -66,10 +66,10 @@ def check }, 25) if (res and res.body.match(/localhost/)) - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/basilic_diff_exec.rb b/modules/exploits/unix/webapp/basilic_diff_exec.rb index e0e4ef036d360..0679eb0ee6030 100644 --- a/modules/exploits/unix/webapp/basilic_diff_exec.rb +++ b/modules/exploits/unix/webapp/basilic_diff_exec.rb @@ -75,10 +75,10 @@ def check }) if res and res.code == 200 and res.body =~ /#{sig}/ - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/byob_unauth_rce.rb b/modules/exploits/unix/webapp/byob_unauth_rce.rb index 7747e81be121a..393022cb59f89 100644 --- a/modules/exploits/unix/webapp/byob_unauth_rce.rb +++ b/modules/exploits/unix/webapp/byob_unauth_rce.rb @@ -128,11 +128,11 @@ def check }) if res&.code == 500 - return CheckCode::Vulnerable + return CheckCode::Vulnerable('The target is vulnerable') else case res&.code when 200 - return CheckCode::Safe + return CheckCode::Safe('The target is not vulnerable') when nil return CheckCode::Unknown('The target did not respond.') else diff --git a/modules/exploits/unix/webapp/carberp_backdoor_exec.rb b/modules/exploits/unix/webapp/carberp_backdoor_exec.rb index a78dfff12c738..5db0049f2670e 100644 --- a/modules/exploits/unix/webapp/carberp_backdoor_exec.rb +++ b/modules/exploits/unix/webapp/carberp_backdoor_exec.rb @@ -59,10 +59,10 @@ def check confirm_string = rand_text_alpha(8) cmd = "echo '#{confirm_string}';" shell = http_send_command(cmd) - check_code = Exploit::CheckCode::Safe + check_code = Exploit::CheckCode::Safe('The target is not vulnerable') if shell and shell.body.include?(confirm_string) - check_code = Exploit::CheckCode::Vulnerable + check_code = Exploit::CheckCode::Vulnerable('The target is vulnerable') end check_code diff --git a/modules/exploits/unix/webapp/citrix_access_gateway_exec.rb b/modules/exploits/unix/webapp/citrix_access_gateway_exec.rb index 038cf2fc911a2..d733e0ebac981 100644 --- a/modules/exploits/unix/webapp/citrix_access_gateway_exec.rb +++ b/modules/exploits/unix/webapp/citrix_access_gateway_exec.rb @@ -95,10 +95,10 @@ def check post("ping -c 10 127.0.0.1", false) elapsed = Time.now - start if elapsed >= 3 - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/clipbucket_upload_exec.rb b/modules/exploits/unix/webapp/clipbucket_upload_exec.rb index 067bfd125aaa3..3b28547ca9170 100644 --- a/modules/exploits/unix/webapp/clipbucket_upload_exec.rb +++ b/modules/exploits/unix/webapp/clipbucket_upload_exec.rb @@ -70,18 +70,18 @@ def check if res and res.code == 200 and res.body =~ /ClipBucket version (\d+\.\d+)/ version = $1 else - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end vprint_status("Version #{version} detected") if version > "2.6" - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe("Version #{version} is not vulnerable") else - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable") end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe("Version #{version} is not vulnerable") end def exploit diff --git a/modules/exploits/unix/webapp/coppermine_piceditor.rb b/modules/exploits/unix/webapp/coppermine_piceditor.rb index 31bc1fd03d634..2b6f264e46df0 100644 --- a/modules/exploits/unix/webapp/coppermine_piceditor.rb +++ b/modules/exploits/unix/webapp/coppermine_piceditor.rb @@ -77,10 +77,10 @@ def check }, 25) if (res and res.body =~ /Coppermine Picture Editor/i) - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/datalife_preview_exec.rb b/modules/exploits/unix/webapp/datalife_preview_exec.rb index fa3608f41e65c..f0f74f3aa56d5 100644 --- a/modules/exploits/unix/webapp/datalife_preview_exec.rb +++ b/modules/exploits/unix/webapp/datalife_preview_exec.rb @@ -84,9 +84,9 @@ def check res = send_injection("#{rand_text_alpha(4 + rand(4))}')||printf(\"#{fingerprint}\");//") if res and res.code == 200 and res.body =~ /#{fingerprint}/ - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') else - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end end diff --git a/modules/exploits/unix/webapp/dogfood_spell_exec.rb b/modules/exploits/unix/webapp/dogfood_spell_exec.rb index 89aad6a78f201..b4003a30e6179 100644 --- a/modules/exploits/unix/webapp/dogfood_spell_exec.rb +++ b/modules/exploits/unix/webapp/dogfood_spell_exec.rb @@ -69,10 +69,10 @@ def check ) if (res and res.body =~ /Spell Check complete/) - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/drupal_coder_exec.rb b/modules/exploits/unix/webapp/drupal_coder_exec.rb index dabc1c003e3e5..69471dcc313e5 100644 --- a/modules/exploits/unix/webapp/drupal_coder_exec.rb +++ b/modules/exploits/unix/webapp/drupal_coder_exec.rb @@ -74,9 +74,9 @@ def check ) if res && res.body.include?('file parameter is not setNo path to parameter file') - Exploit::CheckCode::Appears + Exploit::CheckCode::Appears('The target appears to be vulnerable') else - Exploit::CheckCode::Safe + Exploit::CheckCode::Safe('The target is not vulnerable') end end diff --git a/modules/exploits/unix/webapp/drupal_drupalgeddon2.rb b/modules/exploits/unix/webapp/drupal_drupalgeddon2.rb index f1e4b3248c3a3..f4131c92c96fb 100644 --- a/modules/exploits/unix/webapp/drupal_drupalgeddon2.rb +++ b/modules/exploits/unix/webapp/drupal_drupalgeddon2.rb @@ -180,7 +180,7 @@ def initialize(info = {}) end def check - checkcode = CheckCode::Unknown + checkcode = CheckCode::Unknown('Could not determine the target status') @version = target['Version'] || drupal_version @@ -190,7 +190,7 @@ def check end vprint_status("Drupal #{@version} targeted at #{full_uri}") - checkcode = CheckCode::Detected + checkcode = CheckCode::Detected("Detected version #{@version}") changelog = drupal_changelog(@version) @@ -204,10 +204,10 @@ def check vprint_warning('CHANGELOG.txt no longer contains patch level') when true vprint_warning('Drupal appears patched in CHANGELOG.txt') - checkcode = CheckCode::Safe + checkcode = CheckCode::Safe("Version #{@version} is not vulnerable") when false vprint_good('Drupal appears unpatched in CHANGELOG.txt') - checkcode = CheckCode::Appears + checkcode = CheckCode::Appears("Version #{@version} appears to be vulnerable") end # NOTE: Exploiting the vuln will move us from "Safe" to Vulnerable @@ -218,7 +218,7 @@ def check if res.body.start_with?(token) vprint_good('Drupal is vulnerable to code execution') - checkcode = CheckCode::Vulnerable + checkcode = CheckCode::Vulnerable("Detected vulnerable version #{@version}") end checkcode diff --git a/modules/exploits/unix/webapp/drupal_restws_exec.rb b/modules/exploits/unix/webapp/drupal_restws_exec.rb index c337884c8b19b..c8f2b52e27936 100644 --- a/modules/exploits/unix/webapp/drupal_restws_exec.rb +++ b/modules/exploits/unix/webapp/drupal_restws_exec.rb @@ -71,9 +71,9 @@ def check ) if res && res.body.include?(r) - Exploit::CheckCode::Vulnerable + Exploit::CheckCode::Vulnerable('The target is vulnerable') else - Exploit::CheckCode::Safe + Exploit::CheckCode::Safe('The target is not vulnerable') end end diff --git a/modules/exploits/unix/webapp/drupal_restws_unserialize.rb b/modules/exploits/unix/webapp/drupal_restws_unserialize.rb index ae63744c101ec..8dc6ac8ef0c55 100644 --- a/modules/exploits/unix/webapp/drupal_restws_unserialize.rb +++ b/modules/exploits/unix/webapp/drupal_restws_unserialize.rb @@ -93,7 +93,7 @@ def initialize(info = {}) end def check - checkcode = CheckCode::Unknown + checkcode = CheckCode::Unknown('Could not determine the target status') version = drupal_version @@ -104,11 +104,11 @@ def check if version.to_s !~ /^8\b/ vprint_error("Drupal #{version} is not supported") - return CheckCode::Safe + return CheckCode::Safe("Version #{version} is not vulnerable") end vprint_status("Drupal #{version} targeted at #{full_uri}") - checkcode = CheckCode::Detected + checkcode = CheckCode::Detected("Detected version #{version}") changelog = drupal_changelog(version) @@ -122,10 +122,10 @@ def check vprint_warning('CHANGELOG.txt no longer contains patch level') when true vprint_warning('Drupal appears patched in CHANGELOG.txt') - checkcode = CheckCode::Safe + checkcode = CheckCode::Safe("Version #{version} is not vulnerable") when false vprint_good('Drupal appears unpatched in CHANGELOG.txt') - checkcode = CheckCode::Appears + checkcode = CheckCode::Appears("Version #{version} appears to be vulnerable") end # Any further with GET and we risk caching the targeted node @@ -139,7 +139,7 @@ def check if res.body.include?(token) vprint_good('Drupal is vulnerable to code execution') - checkcode = CheckCode::Vulnerable + checkcode = CheckCode::Vulnerable("Detected vulnerable version #{version}") end checkcode diff --git a/modules/exploits/unix/webapp/egallery_upload_exec.rb b/modules/exploits/unix/webapp/egallery_upload_exec.rb index c6f1138953d7a..1a46b0467502e 100644 --- a/modules/exploits/unix/webapp/egallery_upload_exec.rb +++ b/modules/exploits/unix/webapp/egallery_upload_exec.rb @@ -68,9 +68,9 @@ def check }) if res and res.code == 200 and res.body.empty? - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') else - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end end diff --git a/modules/exploits/unix/webapp/elfinder_php_connector_exiftran_cmd_injection.rb b/modules/exploits/unix/webapp/elfinder_php_connector_exiftran_cmd_injection.rb index ee8f01ad110d9..b61b61108d4a9 100644 --- a/modules/exploits/unix/webapp/elfinder_php_connector_exiftran_cmd_injection.rb +++ b/modules/exploits/unix/webapp/elfinder_php_connector_exiftran_cmd_injection.rb @@ -75,20 +75,20 @@ def check unless res vprint_error 'Connection failed' - return CheckCode::Unknown + return CheckCode::Unknown('Could not determine the target status') end unless res.code == 200 vprint_status "#{uri} does not exist" - return CheckCode::Safe + return CheckCode::Safe('The target is not vulnerable') end if res.body.include? 'FlashChat v([\d\.]+)/).flatten[0] || '' if version.empty? - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end vprint_status("Version found: #{version}") if version =~ /6\.0\.(2|4|5|6|7|8)/ - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable") elsif version <= "6.0.8" - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected("Detected version #{version}") else - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe("Version #{version} is not vulnerable") end end diff --git a/modules/exploits/unix/webapp/foswiki_maketext.rb b/modules/exploits/unix/webapp/foswiki_maketext.rb index 30d21270a4df6..037b192e8acda 100644 --- a/modules/exploits/unix/webapp/foswiki_maketext.rb +++ b/modules/exploits/unix/webapp/foswiki_maketext.rb @@ -163,20 +163,20 @@ def check }) if not res or res.code != 200 - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end if res.body =~ /This site is running Foswiki version.*Foswiki-(\d\.\d\.\d)/ version = $1 print_status("Version found: #{version}") if version <= "1.1.6" - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable") else - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected("Detected version #{version}") end end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/freepbx_config_exec.rb b/modules/exploits/unix/webapp/freepbx_config_exec.rb index 814d3d345d7a5..e0164fbeec239 100644 --- a/modules/exploits/unix/webapp/freepbx_config_exec.rb +++ b/modules/exploits/unix/webapp/freepbx_config_exec.rb @@ -70,15 +70,15 @@ def check if res and res.code == 200 and res.body =~ /^(.*)$/ version = $1 else - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end vprint_status("Version #{version} detected") if version =~ /2\.(9|10|11)\.0/ - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable") else - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe("Version #{version} is not vulnerable") end end diff --git a/modules/exploits/unix/webapp/fusionpbx_exec_cmd_exec.rb b/modules/exploits/unix/webapp/fusionpbx_exec_cmd_exec.rb index 0f18763ae80ad..5db75c2408872 100644 --- a/modules/exploits/unix/webapp/fusionpbx_exec_cmd_exec.rb +++ b/modules/exploits/unix/webapp/fusionpbx_exec_cmd_exec.rb @@ -122,14 +122,14 @@ def check unless res vprint_error 'Connection failed' - return CheckCode::Unknown + return CheckCode::Unknown('Could not determine the target status') end if res.body.include?('FusionPBX') - return CheckCode::Detected + return CheckCode::Detected('The target service was detected') end - CheckCode::Safe + CheckCode::Safe('The target is not vulnerable') end def execute_command(cmd, opts = {}) diff --git a/modules/exploits/unix/webapp/fusionpbx_operator_panel_exec_cmd_exec.rb b/modules/exploits/unix/webapp/fusionpbx_operator_panel_exec_cmd_exec.rb index 87ae4f6527bd6..e20eb87cf3a98 100644 --- a/modules/exploits/unix/webapp/fusionpbx_operator_panel_exec_cmd_exec.rb +++ b/modules/exploits/unix/webapp/fusionpbx_operator_panel_exec_cmd_exec.rb @@ -122,14 +122,14 @@ def check unless res vprint_error 'Connection failed' - return CheckCode::Unknown + return CheckCode::Unknown('Could not determine the target status') end if res.body.include?('FusionPBX') - return CheckCode::Detected + return CheckCode::Detected('The target service was detected') end - CheckCode::Safe + CheckCode::Safe('The target is not vulnerable') end def execute_command(cmd, _opts = {}) diff --git a/modules/exploits/unix/webapp/get_simple_cms_upload_exec.rb b/modules/exploits/unix/webapp/get_simple_cms_upload_exec.rb index 1a6e8ff0d02f7..9b74483bb3355 100644 --- a/modules/exploits/unix/webapp/get_simple_cms_upload_exec.rb +++ b/modules/exploits/unix/webapp/get_simple_cms_upload_exec.rb @@ -93,16 +93,16 @@ def check if res && res.code == 200 && res.body && res.body.to_s =~ /GetSimple CMS.*Version\s*([0-9\.]+)/ version = $1 else - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end print_status("Version #{version} found") if Rex::Version.new(version) <= Rex::Version.new('3.1.2') - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable") end - Exploit::CheckCode::Safe + Exploit::CheckCode::Safe("Version #{version} is not vulnerable") end def exploit diff --git a/modules/exploits/unix/webapp/google_proxystylesheet_exec.rb b/modules/exploits/unix/webapp/google_proxystylesheet_exec.rb index bf4d09402901e..c84b441f43881 100644 --- a/modules/exploits/unix/webapp/google_proxystylesheet_exec.rb +++ b/modules/exploits/unix/webapp/google_proxystylesheet_exec.rb @@ -80,14 +80,14 @@ def check if (res and res.body =~ /cannot be resolved to an ip address/) vprint_status("This system appears to be vulnerable") - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') end if (res and res.body =~ /ERROR: Unable to fetch the stylesheet/) vprint_status("This system appears to be patched") end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/graphite_pickle_exec.rb b/modules/exploits/unix/webapp/graphite_pickle_exec.rb index 569111af96893..13e5939c45760 100644 --- a/modules/exploits/unix/webapp/graphite_pickle_exec.rb +++ b/modules/exploits/unix/webapp/graphite_pickle_exec.rb @@ -70,10 +70,10 @@ def check }) if (res1 and %w(0.9.5 0.9.10).include?(res1.body.strip)) and (res2 and res2.code == 500) - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/hastymail_exec.rb b/modules/exploits/unix/webapp/hastymail_exec.rb index 1de70d4914deb..e7c361cea94c3 100644 --- a/modules/exploits/unix/webapp/hastymail_exec.rb +++ b/modules/exploits/unix/webapp/hastymail_exec.rb @@ -72,7 +72,7 @@ def check if not @session_id or @session_id.empty? vprint_error "Authentication failed" - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end test = rand_text_alpha(rand(4) + 4) @@ -87,9 +87,9 @@ def check }) if res and res.code == 200 and res.body =~ /#{test}/ - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') else - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end end diff --git a/modules/exploits/unix/webapp/havalite_upload_exec.rb b/modules/exploits/unix/webapp/havalite_upload_exec.rb index b55d3937614d4..f0cbdcc4a8112 100644 --- a/modules/exploits/unix/webapp/havalite_upload_exec.rb +++ b/modules/exploits/unix/webapp/havalite_upload_exec.rb @@ -66,7 +66,7 @@ def check if !res vprint_error('Connection timed out') - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end js_src = res.body.scan(%r{}im).flatten[0] || '' @@ -74,10 +74,10 @@ def check if !version.empty? and version =~ /1\.1\.7/ vprint_status("Version found: #{version}") - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable") end - Exploit::CheckCode::Safe + Exploit::CheckCode::Safe("Version #{version} is not vulnerable") end # diff --git a/modules/exploits/unix/webapp/horde_unserialize_exec.rb b/modules/exploits/unix/webapp/horde_unserialize_exec.rb index e1c6778506590..8a7d60848c798 100644 --- a/modules/exploits/unix/webapp/horde_unserialize_exec.rb +++ b/modules/exploits/unix/webapp/horde_unserialize_exec.rb @@ -59,10 +59,10 @@ def check flag = rand_text_alpha(rand(10) + 20) res = send_request_exploit("print #{flag};die;") if res and res.body and res.body.to_s =~ /#{flag}/ - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/hybridauth_install_php_exec.rb b/modules/exploits/unix/webapp/hybridauth_install_php_exec.rb index 047f0ebc72e0b..cfa0339db355f 100644 --- a/modules/exploits/unix/webapp/hybridauth_install_php_exec.rb +++ b/modules/exploits/unix/webapp/hybridauth_install_php_exec.rb @@ -67,7 +67,7 @@ def check res = send_request_cgi 'uri' => normalize_uri(target_uri.path, 'install.php') if !res vprint_error "Connection failed" - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') elsif res.code == 404 vprint_error "Could not find install.php" elsif res.body =~ />([^<]+)<\/span> must be WRITABLEHybridAuth (2\.[012]\.[\d\.]+(-dev)?) Installer normalize_uri(target_uri.path, "index.php") }) if not res vprint_error("Request timed out") - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') elsif res.body =~ /Kimai/ and res.body =~ /(0\.9\.[\d\.]+)<\/strong>/ version = "#{$1}" print_good("Found version: #{version}") if version >= "0.9.2" and version <= "0.9.2.1306" - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable") end end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe(version ? "Version #{version} is not vulnerable" : 'The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/libretto_upload_exec.rb b/modules/exploits/unix/webapp/libretto_upload_exec.rb index 2f341935327bd..5efe46e05844b 100644 --- a/modules/exploits/unix/webapp/libretto_upload_exec.rb +++ b/modules/exploits/unix/webapp/libretto_upload_exec.rb @@ -59,14 +59,14 @@ def check res = send_request_raw({ 'uri' => normalize_uri(target_uri.path) }) if !res vprint_error('Connection timed out') - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end if res.body =~ /Powered by Libretto CMS/ - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') end - Exploit::CheckCode::Safe + Exploit::CheckCode::Safe('The target is not vulnerable') end def upload(base) diff --git a/modules/exploits/unix/webapp/maarch_letterbox_file_upload.rb b/modules/exploits/unix/webapp/maarch_letterbox_file_upload.rb index dbdb301fa0d03..99c4c42bad803 100644 --- a/modules/exploits/unix/webapp/maarch_letterbox_file_upload.rb +++ b/modules/exploits/unix/webapp/maarch_letterbox_file_upload.rb @@ -60,12 +60,12 @@ def letterbox_upload_url def check res = send_request_cgi('method' => 'GET', 'uri' => letterbox_login_url) if res.nil? || res.code != 200 - return Msf::Exploit::CheckCode::Unknown + return Msf::Exploit::CheckCode::Unknown('Could not determine the target status') elsif res.body.include?('alt="Maarch Maerys Archive v2.1 logo"') - return Msf::Exploit::CheckCode::Appears + return Msf::Exploit::CheckCode::Appears('The target appears to be vulnerable') end - Msf::Exploit::CheckCode::Safe + Msf::Exploit::CheckCode::Safe('The target is not vulnerable') end def generate_mime_message(payload, name) diff --git a/modules/exploits/unix/webapp/moinmoin_twikidraw.rb b/modules/exploits/unix/webapp/moinmoin_twikidraw.rb index 94dedfa7ab5a5..c6a4f33f28e24 100644 --- a/modules/exploits/unix/webapp/moinmoin_twikidraw.rb +++ b/modules/exploits/unix/webapp/moinmoin_twikidraw.rb @@ -203,12 +203,12 @@ def check }) if res and res.code == 200 and res.body =~ /moinmoin/i and res.headers['Server'] =~ /Apache/ - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') elsif res - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def writable_page?(session) diff --git a/modules/exploits/unix/webapp/mybb_backdoor.rb b/modules/exploits/unix/webapp/mybb_backdoor.rb index 31f690561914c..e1a873293f241 100644 --- a/modules/exploits/unix/webapp/mybb_backdoor.rb +++ b/modules/exploits/unix/webapp/mybb_backdoor.rb @@ -66,9 +66,9 @@ def check }, 10) if (not res) or (not res.code.between?(200, 299)) - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') else - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') end end diff --git a/modules/exploits/unix/webapp/nagios3_history_cgi.rb b/modules/exploits/unix/webapp/nagios3_history_cgi.rb index 7e882423f1525..11be4f71a5926 100644 --- a/modules/exploits/unix/webapp/nagios3_history_cgi.rb +++ b/modules/exploits/unix/webapp/nagios3_history_cgi.rb @@ -169,15 +169,15 @@ def check if mytarget.nil? vprint_error('No matching target') - return CheckCode::Unknown + return CheckCode::Unknown('Could not determine the target status') end if alert.nil? vprint_error('At least one ALERT is needed in order to exploit') - return CheckCode::Detected + return CheckCode::Detected('The target service was detected') end - return CheckCode::Appears + return CheckCode::Appears('The target appears to be vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/nagios_graph_explorer.rb b/modules/exploits/unix/webapp/nagios_graph_explorer.rb index 99a105928149a..fa72813221046 100644 --- a/modules/exploits/unix/webapp/nagios_graph_explorer.rb +++ b/modules/exploits/unix/webapp/nagios_graph_explorer.rb @@ -72,10 +72,10 @@ def check if res and res.code == 404 vprint_error("Remote host does not have Graph Explorer installed.") elsif res and res.body =~ /Your session has timed out/ - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def get_login_data diff --git a/modules/exploits/unix/webapp/narcissus_backend_exec.rb b/modules/exploits/unix/webapp/narcissus_backend_exec.rb index 4943fa30d675c..c7ed890f7f672 100644 --- a/modules/exploits/unix/webapp/narcissus_backend_exec.rb +++ b/modules/exploits/unix/webapp/narcissus_backend_exec.rb @@ -93,10 +93,10 @@ def check if res and res.body =~ /#{sig}/ vprint_status("Signature '#{sig}' found.") - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') else vprint_status("Signature not found") - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end end diff --git a/modules/exploits/unix/webapp/nextcloud_workflows_rce.rb b/modules/exploits/unix/webapp/nextcloud_workflows_rce.rb index 3a54e71daf45a..8e84467d0b169 100644 --- a/modules/exploits/unix/webapp/nextcloud_workflows_rce.rb +++ b/modules/exploits/unix/webapp/nextcloud_workflows_rce.rb @@ -179,10 +179,10 @@ def check request_token flow_id = create_workflow('sleep 1') - Exploit::CheckCode::Safe('Target is not vulnerable') if flow_id.nil? + return Exploit::CheckCode::Safe('Target is not vulnerable') if flow_id.nil? delete_workflow(flow_id) - Exploit::CheckCode::Vulnerable + Exploit::CheckCode::Vulnerable('The target is vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/open_flash_chart_upload_exec.rb b/modules/exploits/unix/webapp/open_flash_chart_upload_exec.rb index 1876806f2f35e..f4c9c3d302b5b 100644 --- a/modules/exploits/unix/webapp/open_flash_chart_upload_exec.rb +++ b/modules/exploits/unix/webapp/open_flash_chart_upload_exec.rb @@ -88,14 +88,14 @@ def check }) if not res vprint_error("Connection timed out") - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') elsif res.code.to_i == 404 vprint_error("No ofc_upload_image.php found") elsif res and res.code == 200 and res.body =~ /Saving your image to/ vprint_status("Found ofc_upload_image.php") - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb b/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb index c147333f724f0..f17b38670bdf5 100644 --- a/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb +++ b/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb @@ -72,15 +72,15 @@ def check if res and res.code == 200 and res.body =~ /v(\d+.\d+.\d+)/ version = $1 else - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end vprint_status("Version #{version} detected") if version < "4.1.2" - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable") else - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe("Version #{version} is not vulnerable") end end diff --git a/modules/exploits/unix/webapp/openemr_upload_exec.rb b/modules/exploits/unix/webapp/openemr_upload_exec.rb index c265bb9728baf..1f9aacef5700e 100644 --- a/modules/exploits/unix/webapp/openemr_upload_exec.rb +++ b/modules/exploits/unix/webapp/openemr_upload_exec.rb @@ -72,13 +72,13 @@ def check if res and res.code == 200 and res.body =~ /v(\d\.\d\.\d)/ version = $1 else - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end vprint_status("Version #{version} detected") if version > "4.1.1" - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe("Version #{version} is not vulnerable") end # Check for vulnerable component @@ -90,10 +90,10 @@ def check }) if res and res.code == 200 and res.body =~ /Saving your image to/ - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable") end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe("Version #{version} is not vulnerable") end def exploit diff --git a/modules/exploits/unix/webapp/openmediavault_rpc_rce.rb b/modules/exploits/unix/webapp/openmediavault_rpc_rce.rb index 8cbe37b504d7d..a4db33236d351 100644 --- a/modules/exploits/unix/webapp/openmediavault_rpc_rce.rb +++ b/modules/exploits/unix/webapp/openmediavault_rpc_rce.rb @@ -171,7 +171,7 @@ def check if version.nil? # We don't print out an error message here as returning this will # automatically cause Metasploit to print out an appropriate error message. - return CheckCode::Safe + return CheckCode::Safe('The target is not vulnerable') end delay = rand(7...15) @@ -182,18 +182,18 @@ def check t2 = Time.now.to_i unless res print_error("#{peer} - Connection failed whilst trying to perform the code injection.") - return CheckCode::Detected + return CheckCode::Detected("Detected version #{version}") end diff = t2 - t1 if diff >= 3 print_good("#{peer} - Response received after #{diff} seconds.") - return CheckCode::Vulnerable + return CheckCode::Vulnerable("Detected vulnerable version #{version}") end print_error("#{peer} - Response wasn't received within the expected period of time.") - return CheckCode::Safe + return CheckCode::Safe("Version #{version} is not vulnerable") rescue ::Rex::ConnectionError print_error("#{peer} - Rex::ConnectionError caught in check(), could not connect to the target.") - return CheckCode::Unknown + return CheckCode::Unknown('Could not determine the target status') end def exploit diff --git a/modules/exploits/unix/webapp/opennetadmin_ping_cmd_injection.rb b/modules/exploits/unix/webapp/opennetadmin_ping_cmd_injection.rb index 7c827b4a70d7c..9861aaf54a584 100644 --- a/modules/exploits/unix/webapp/opennetadmin_ping_cmd_injection.rb +++ b/modules/exploits/unix/webapp/opennetadmin_ping_cmd_injection.rb @@ -67,11 +67,11 @@ def check }) unless res - return CheckCode::Unknown 'Connection failed' + return CheckCode::Unknown('Connection failed') end unless res.body =~ /OpenNetAdmin/i - return CheckCode::Safe + return CheckCode::Safe('The target is not vulnerable') end opennetadmin_version = res.body.scan(/OpenNetAdmin - v([\d\.]+)/).flatten.first @@ -82,10 +82,10 @@ def check end if version.between?(Rex::Version.new('8.5.14'), Rex::Version.new('18.1.1')) - return CheckCode::Appears + return CheckCode::Appears("Version #{version} appears to be vulnerable") end - CheckCode::Detected + CheckCode::Detected("Detected version #{version}") end def exploit diff --git a/modules/exploits/unix/webapp/opensis_chain_exec.rb b/modules/exploits/unix/webapp/opensis_chain_exec.rb index 1151b35fe9f73..0b43edbb68be2 100644 --- a/modules/exploits/unix/webapp/opensis_chain_exec.rb +++ b/modules/exploits/unix/webapp/opensis_chain_exec.rb @@ -126,10 +126,10 @@ def check res = exec_php("print '#{flag}';") if res && res.code == 200 && res.body =~ /#{flag}/ - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end - Exploit::CheckCode::Safe + Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/opensis_modname_exec.rb b/modules/exploits/unix/webapp/opensis_modname_exec.rb index 97d511d7582d7..8ce4a11baeba9 100644 --- a/modules/exploits/unix/webapp/opensis_modname_exec.rb +++ b/modules/exploits/unix/webapp/opensis_modname_exec.rb @@ -114,18 +114,18 @@ def execute_command(cmd, opts = { :php_function => 'system' }) # Check credentials are valid and confirm command execution # def check - return Exploit::CheckCode::Unknown unless login(datastore['USERNAME'], datastore['PASSWORD']) + return Exploit::CheckCode::Unknown('Could not determine the target status') unless login(datastore['USERNAME'], datastore['PASSWORD']) fingerprint = Rex::Text.rand_text_alphanumeric(rand(10) + 10) vprint_status("Sending check") res = execute_command("echo #{fingerprint}") if res and res.body =~ /align=center>#{fingerprint}/ - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') elsif res - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end def exploit diff --git a/modules/exploits/unix/webapp/openx_banner_edit.rb b/modules/exploits/unix/webapp/openx_banner_edit.rb index 0db3ffd3c3757..efb71415a6cb5 100644 --- a/modules/exploits/unix/webapp/openx_banner_edit.rb +++ b/modules/exploits/unix/webapp/openx_banner_edit.rb @@ -81,14 +81,14 @@ def check if (res and res.body =~ /v.?([0-9]\.[0-9]\.[0-9])/) ver = $1 vers = ver.split('.').map { |v| v.to_i } - return Exploit::CheckCode::Safe if (vers[0] > 2) - return Exploit::CheckCode::Safe if (vers[1] > 8) - return Exploit::CheckCode::Safe if (vers[0] == 2 && vers[1] == 8 && vers[2] >= 2) + return Exploit::CheckCode::Safe("Version #{ver} is not vulnerable") if (vers[0] > 2) + return Exploit::CheckCode::Safe("Version #{ver} is not vulnerable") if (vers[1] > 8) + return Exploit::CheckCode::Safe("Version #{ver} is not vulnerable") if (vers[0] == 2 && vers[1] == 8 && vers[2] >= 2) - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears("Version #{ver} appears to be vulnerable") end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb b/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb index afde86a91308a..e8a579e20db1a 100644 --- a/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb +++ b/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb @@ -141,10 +141,10 @@ def check go('sleep 3') elapsed = Time.now - start if elapsed >= 3 and elapsed <= 4 - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/php_charts_exec.rb b/modules/exploits/unix/webapp/php_charts_exec.rb index e7cf4e9bb3e2e..a877ab258e02b 100644 --- a/modules/exploits/unix/webapp/php_charts_exec.rb +++ b/modules/exploits/unix/webapp/php_charts_exec.rb @@ -81,13 +81,13 @@ def check }) if res and res.body =~ /#{fingerprint}/ - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout vprint_error("Connection failed") - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/php_eval.rb b/modules/exploits/unix/webapp/php_eval.rb index 0b2c9088519d4..c7c09838130a1 100644 --- a/modules/exploits/unix/webapp/php_eval.rb +++ b/modules/exploits/unix/webapp/php_eval.rb @@ -86,12 +86,12 @@ def check end response = send_request_raw(response) - return Exploit::CheckCode::Unknown unless response - return Exploit::CheckCode::Vulnerable if response.body.match(payload1 + payload2) - return Exploit::CheckCode::Detected if response.code == 200 + return Exploit::CheckCode::Unknown('Could not determine the target status') unless response + return Exploit::CheckCode::Vulnerable('The target is vulnerable') if response.body.match(payload1 + payload2) + return Exploit::CheckCode::Detected('The target service was detected') if response.code == 200 vprint_warning("Server responded with: HTTP #{response.code}") - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end def datastore_headers diff --git a/modules/exploits/unix/webapp/php_include.rb b/modules/exploits/unix/webapp/php_include.rb index fcb789f96daa0..24ba34313bace 100644 --- a/modules/exploits/unix/webapp/php_include.rb +++ b/modules/exploits/unix/webapp/php_include.rb @@ -93,11 +93,11 @@ def check response['data'] = data end response = send_request_raw(response) - return Exploit::CheckCode::Unknown unless response - return Exploit::CheckCode::Detected if response.code == 200 + return Exploit::CheckCode::Unknown('Could not determine the target status') unless response + return Exploit::CheckCode::Detected('The target service was detected') if response.code == 200 vprint_warning("Server responded with: HTTP #{response.code}") - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end def datastore_headers diff --git a/modules/exploits/unix/webapp/php_vbulletin_template.rb b/modules/exploits/unix/webapp/php_vbulletin_template.rb index a549e0922d32f..e97b524db73c6 100644 --- a/modules/exploits/unix/webapp/php_vbulletin_template.rb +++ b/modules/exploits/unix/webapp/php_vbulletin_template.rb @@ -95,10 +95,10 @@ def go(command) def check response = go("echo ownable") if (!response.nil? and response =~ /ownable/sm) - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/php_xmlrpc_eval.rb b/modules/exploits/unix/webapp/php_xmlrpc_eval.rb index 080d9c4a37939..ea8a446195f39 100644 --- a/modules/exploits/unix/webapp/php_xmlrpc_eval.rb +++ b/modules/exploits/unix/webapp/php_xmlrpc_eval.rb @@ -100,10 +100,10 @@ def go(command) def check response = go("echo ownable") if (!response.nil? and response =~ /ownable/sm) - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/phpcollab_upload_exec.rb b/modules/exploits/unix/webapp/phpcollab_upload_exec.rb index fdae11922f901..466c7c7ac202c 100644 --- a/modules/exploits/unix/webapp/phpcollab_upload_exec.rb +++ b/modules/exploits/unix/webapp/phpcollab_upload_exec.rb @@ -65,14 +65,14 @@ def check unless version vprint_status('Unable to get the PhpCollab version.') - return CheckCode::Unknown + return CheckCode::Unknown('Could not determine the target status') end if Rex::Version.new(version) >= Rex::Version.new('0') - return CheckCode::Appears + return CheckCode::Appears("Version #{version} appears to be vulnerable") end - CheckCode::Safe + CheckCode::Safe("Version #{version} is not vulnerable") end def exploit diff --git a/modules/exploits/unix/webapp/phpmyadmin_config.rb b/modules/exploits/unix/webapp/phpmyadmin_config.rb index 263a59646c384..561baea8ae27e 100644 --- a/modules/exploits/unix/webapp/phpmyadmin_config.rb +++ b/modules/exploits/unix/webapp/phpmyadmin_config.rb @@ -149,7 +149,7 @@ def find_setup_path(mode: :exploit) def check response, version = find_setup_path(mode: :check) - return Exploit::CheckCode::Safe unless response&.code == 200 + return Exploit::CheckCode::Safe(version ? "Version #{version} is not vulnerable" : 'Could not find phpMyAdmin setup page') unless response&.code == 200 if (response.body !~ /"token"\s*value="([^"]+)"/) return Exploit::CheckCode::Safe("Couldn't find token and can't continue without it. Is URI set correctly?") @@ -171,9 +171,8 @@ def check end else print_error 'Could not determine version' + return Exploit::CheckCode::Unknown("Could not determine version") end - - return Exploit::CheckCode::Safe end def php_serialize(obj) diff --git a/modules/exploits/unix/webapp/projectpier_upload_exec.rb b/modules/exploits/unix/webapp/projectpier_upload_exec.rb index ba9bc0318e525..0c257c7b8c33a 100644 --- a/modules/exploits/unix/webapp/projectpier_upload_exec.rb +++ b/modules/exploits/unix/webapp/projectpier_upload_exec.rb @@ -74,9 +74,9 @@ def check ) if res and res.body =~ /Welcome to ProjectPier 0\.8\.[0-8]/ and res.headers['Server'] =~ /^Apache/ - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') else - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end end diff --git a/modules/exploits/unix/webapp/projectsend_upload_exec.rb b/modules/exploits/unix/webapp/projectsend_upload_exec.rb index e3ae742f26425..7918cb03918a1 100644 --- a/modules/exploits/unix/webapp/projectsend_upload_exec.rb +++ b/modules/exploits/unix/webapp/projectsend_upload_exec.rb @@ -65,34 +65,34 @@ def check ) if !res vprint_error("Connection timed out") - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') elsif res.code.to_i == 404 vprint_error("No process-upload.php found") - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') elsif res.code.to_i == 500 vprint_error("Unable to write file") - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') elsif res.code.to_i == 200 && res.body && res.body =~ /<\?php/ vprint_error("File process-upload.php is not executable") - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') elsif res.code.to_i == 200 && res.body && res.body =~ /sys\.config\.php/ vprint_error("Software is misconfigured") - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') elsif res.code.to_i == 200 && res.body && res.body =~ /jsonrpc/ # response on revision 118 onwards includes the file name if res.body && res.body =~ /NewFileName/ - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') # response on revisions 100 to 117 does not include the file name elsif res.body && res.body =~ /{"jsonrpc" : "2.0", "result" : null, "id" : "id"}/ - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') elsif res.body && res.body =~ /Failed to open output stream/ vprint_error("Upload folder is not writable") - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') else - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') end else - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end end diff --git a/modules/exploits/unix/webapp/rconfig_install_cmd_exec.rb b/modules/exploits/unix/webapp/rconfig_install_cmd_exec.rb index 3ae7fe39da3f5..6422f64381a40 100644 --- a/modules/exploits/unix/webapp/rconfig_install_cmd_exec.rb +++ b/modules/exploits/unix/webapp/rconfig_install_cmd_exec.rb @@ -79,27 +79,27 @@ def check unless res vprint_error 'Connection failed' - return CheckCode::Unknown + return CheckCode::Unknown('Could not determine the target status') end if res.code == 404 vprint_error 'Could not find install directory' - return CheckCode::Safe + return CheckCode::Safe('The target is not vulnerable') end cmd_res = res.body.scan(%r{The root details provided have not passed: (.+?)<\\/}).flatten.first unless cmd_res - return CheckCode::Safe + return CheckCode::Safe('The target is not vulnerable') end vprint_status "Response: #{cmd_res}" unless cmd_res.include?('uid=') - return CheckCode::Detected + return CheckCode::Detected('The target service was detected') end - CheckCode::Vulnerable + CheckCode::Vulnerable('The target is vulnerable') end def execute_command(cmd, _opts = {}) diff --git a/modules/exploits/unix/webapp/seportal_sqli_exec.rb b/modules/exploits/unix/webapp/seportal_sqli_exec.rb index dbb03d79ec2b0..405554a797106 100644 --- a/modules/exploits/unix/webapp/seportal_sqli_exec.rb +++ b/modules/exploits/unix/webapp/seportal_sqli_exec.rb @@ -73,15 +73,15 @@ def check if res and res.code == 200 and res.body =~ /Powered by \SePortal\<\/b\> (.*)/ version = $1 else - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end vprint_status("Version #{version} detected") if version.to_f <= 2.5 - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable") else - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe("Version #{version} is not vulnerable") end end diff --git a/modules/exploits/unix/webapp/simple_e_document_upload_exec.rb b/modules/exploits/unix/webapp/simple_e_document_upload_exec.rb index 6df53a3dbae1a..42d9fa9c7b8c6 100644 --- a/modules/exploits/unix/webapp/simple_e_document_upload_exec.rb +++ b/modules/exploits/unix/webapp/simple_e_document_upload_exec.rb @@ -75,19 +75,19 @@ def check unless res vprint_error("Connection timed out") - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end if res.body and res.body.to_s =~ /File Uploading Has Been Disabled/ vprint_error("File uploads are disabled") - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end if res.body and res.body.to_s =~ /Upload File/ - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end # diff --git a/modules/exploits/unix/webapp/sixapart_movabletype_storable_exec.rb b/modules/exploits/unix/webapp/sixapart_movabletype_storable_exec.rb index db72bece37e15..78a98d608247d 100644 --- a/modules/exploits/unix/webapp/sixapart_movabletype_storable_exec.rb +++ b/modules/exploits/unix/webapp/sixapart_movabletype_storable_exec.rb @@ -106,9 +106,9 @@ def check unless res && res.code == 200 && res.body.include?("Can't locate XXXCHECKXXX.pm") vprint_error("Failed XXXCHECKXXX.pm load test"); - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end - Exploit::CheckCode::Vulnerable + Exploit::CheckCode::Vulnerable('The target is vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/skybluecanvas_exec.rb b/modules/exploits/unix/webapp/skybluecanvas_exec.rb index 78ce14276d9a1..4fc475139ac9b 100644 --- a/modules/exploits/unix/webapp/skybluecanvas_exec.rb +++ b/modules/exploits/unix/webapp/skybluecanvas_exec.rb @@ -71,10 +71,10 @@ def check if res && res.body.include?('SkyBlueCanvas [1.1 r248]') vprint_good("SkyBlueCanvas CMS 1.1 r248-xx found") - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') end - Exploit::CheckCode::Safe + Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/sphpblog_file_upload.rb b/modules/exploits/unix/webapp/sphpblog_file_upload.rb index 4d3d286dc769f..cdaff904130a4 100644 --- a/modules/exploits/unix/webapp/sphpblog_file_upload.rb +++ b/modules/exploits/unix/webapp/sphpblog_file_upload.rb @@ -71,14 +71,14 @@ def check if (ver[0] == 0 and ver[1] < 5) if (ver[1] == 4 and ver[2] > 0) - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe("Version #{ver.join('.')} is not vulnerable") end - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears("Version #{ver.join('.')} appears to be vulnerable") end end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe(ver ? "Version #{ver.join('.')} is not vulnerable" : 'The target is not vulnerable') end def retrieve_password_hash(file) diff --git a/modules/exploits/unix/webapp/squash_yaml_exec.rb b/modules/exploits/unix/webapp/squash_yaml_exec.rb index 22dc4eaef57b2..a2fea5cf06868 100644 --- a/modules/exploits/unix/webapp/squash_yaml_exec.rb +++ b/modules/exploits/unix/webapp/squash_yaml_exec.rb @@ -58,9 +58,9 @@ def check if response.code == 422 vprint_status("Got HTTP 422 result, target may be vulnerable") - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb b/modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb index 7d3aea91bd7ba..2d3ec577a5af9 100644 --- a/modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb +++ b/modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb @@ -78,8 +78,8 @@ def check ver = $1 # print_status("Detected TikiWiki version #{ver}") ver = ver.split('.') - return Exploit::CheckCode::Safe if (ver[0] != '1') - return Exploit::CheckCode::Safe if (ver[1] != '9') + return Exploit::CheckCode::Safe("Version #{ver.join('.')} is not vulnerable") if (ver[0] != '1') + return Exploit::CheckCode::Safe("Version #{ver.join('.')} is not vulnerable") if (ver[1] != '9') if (ver.length > 2) ver2 = ver[2].to_i @@ -88,12 +88,12 @@ def check else ver3 = 0 end - return Exploit::CheckCode::Safe if (ver2 > 8) - return Exploit::CheckCode::Safe if (ver2 == 8 and ver3 > 0) + return Exploit::CheckCode::Safe("Version #{ver.join('.')} is not vulnerable") if (ver2 > 8) + return Exploit::CheckCode::Safe("Version #{ver.join('.')} is not vulnerable") if (ver2 == 8 and ver3 > 0) end - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears("Version #{ver.join('.')} appears to be vulnerable") end - Exploit::CheckCode::Safe + Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb b/modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb index 794e116e803ec..6c365cb1ba85e 100644 --- a/modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb +++ b/modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb @@ -71,10 +71,10 @@ def check http_fingerprint({ :response => res }) # check method if (res and res.code == 200 and res.body.match(/TikiWiki 1\.9\.4/)) - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') end - Exploit::CheckCode::Safe + Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/tikiwiki_upload_exec.rb b/modules/exploits/unix/webapp/tikiwiki_upload_exec.rb index 6347a84fd0109..0299d2f918570 100644 --- a/modules/exploits/unix/webapp/tikiwiki_upload_exec.rb +++ b/modules/exploits/unix/webapp/tikiwiki_upload_exec.rb @@ -68,10 +68,10 @@ def check ) if res && res.code == 200 - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/trixbox_ce_endpoint_devicemap_rce.rb b/modules/exploits/unix/webapp/trixbox_ce_endpoint_devicemap_rce.rb index 34ba31e6d6b48..5322f6571c27f 100644 --- a/modules/exploits/unix/webapp/trixbox_ce_endpoint_devicemap_rce.rb +++ b/modules/exploits/unix/webapp/trixbox_ce_endpoint_devicemap_rce.rb @@ -144,14 +144,14 @@ def check res = login(user, pass) unless res print_error("No response was received from #{peer} whilst in check(), check it is online and the target port is open!") - return CheckCode::Detected + return CheckCode::Detected('The target service was detected') end if res.code == 200 version = get_target(res) if version.nil? # We don't print out an error message here as returning this will # automatically cause Metasploit to print out an appropriate error message. - return CheckCode::Safe + return CheckCode::Safe('The target is not vulnerable') end delay = rand(7...10) @@ -162,20 +162,20 @@ def check t2 = Time.now.to_i unless res print_error("#{peer} - Connection failed whilst trying to perform the command injection.") - return CheckCode::Detected + return CheckCode::Detected("Detected version #{version}") end diff = t2 - t1 if diff >= delay print_good("#{peer} - Response received after #{diff} seconds.") - return CheckCode::Vulnerable + return CheckCode::Vulnerable("Detected vulnerable version #{version}") else print_error("#{peer} - Response wasn't received within the expected period of time.") - return CheckCode::Safe + return CheckCode::Safe("Version #{version} is not vulnerable") end end rescue ::Rex::ConnectionError print_error("#{peer} - Rex::ConnectionError caught in check(), could not connect to the target.") - return CheckCode::Unknown + return CheckCode::Unknown('Could not determine the target status') end def exploit diff --git a/modules/exploits/unix/webapp/trixbox_langchoice.rb b/modules/exploits/unix/webapp/trixbox_langchoice.rb index e9cdba160d054..a8e8ed098fc1e 100644 --- a/modules/exploits/unix/webapp/trixbox_langchoice.rb +++ b/modules/exploits/unix/webapp/trixbox_langchoice.rb @@ -73,14 +73,14 @@ def check unless defined? response vprint_error 'Server did not respond to HTTP POST request' - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end code = response.code unless code == target_code vprint_error "Expected HTTP code #{target_code}, but got #{code}." - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end vprint_status "We received the expected HTTP code #{target_code}" @@ -93,13 +93,13 @@ def check vprint_good "We were successfully sent a PHPSESSID of '#{$1}'" else vprint_error 'The server did not send us the cookie we were looking for' - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end # Okay, at this point we're just being silly and hackish. unless response.body =~ /langChoice/ vprint_error 'The page does not appear to contain a langChoice field' - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end # XXX: Looking for a good way of determine if it is NOT trixbox @@ -116,16 +116,16 @@ def check # if response.body =~ /(v2\.(?:[0-5]\.\d|6\.[0-1]))\s{2}©200[0-8] Fonality/ if response.body =~ /(v2\.6\.1)\s{2}©2008 Fonality/ vprint_status "Trixbox #{$1} detected!" - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') end vprint_status 'The target may be skinned making detection too difficult' if response.body =~ /trixbox - User Mode/ - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/tuleap_rest_unserialize_exec.rb b/modules/exploits/unix/webapp/tuleap_rest_unserialize_exec.rb index 6d012d012710c..1bed8dfe00365 100644 --- a/modules/exploits/unix/webapp/tuleap_rest_unserialize_exec.rb +++ b/modules/exploits/unix/webapp/tuleap_rest_unserialize_exec.rb @@ -177,12 +177,12 @@ def check res = exec_php("print '#{flag}';") if res && res.code == 200 && res.body =~ /#{flag}/ - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') elsif res && res.body =~ /Exiting with Error/ - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end - Exploit::CheckCode::Safe + Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/tuleap_unserialize_exec.rb b/modules/exploits/unix/webapp/tuleap_unserialize_exec.rb index 53c83b0aafcbe..3228f45594030 100644 --- a/modules/exploits/unix/webapp/tuleap_unserialize_exec.rb +++ b/modules/exploits/unix/webapp/tuleap_unserialize_exec.rb @@ -58,10 +58,10 @@ def check res = exec_php("print #{flag};") if res and res.body and res.body.to_s =~ /#{flag}/ - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end - Exploit::CheckCode::Safe + Exploit::CheckCode::Safe('The target is not vulnerable') end def do_login() diff --git a/modules/exploits/unix/webapp/twiki_history.rb b/modules/exploits/unix/webapp/twiki_history.rb index f6fca20812dbd..bd84ed5c2d38b 100644 --- a/modules/exploits/unix/webapp/twiki_history.rb +++ b/modules/exploits/unix/webapp/twiki_history.rb @@ -111,8 +111,8 @@ def check # first see if it already exists (it really shouldn't) res = send_request(test_url) if (not res) or (res.code != 404) - vprint_warning("The test file exists already! (HTTP #{res.code})") - return Exploit::CheckCode::Unknown # Need to try again with a different file + vprint_warning("The test file exists already! (HTTP #{res&.code})") + return Exploit::CheckCode::Unknown('Could not determine the target status') # Need to try again with a different file end # try to create it @@ -120,8 +120,8 @@ def check rev = "`touch${IFS}" + test_file + "`" res = send_request(rev_url + Rex::Text.uri_encode(rev)) if (not res) or (res.code != 200) - vprint_warning("Error with exploit request (HTTP #{res.code}, should be 200)") unless res.code == 200 - return Exploit::CheckCode::Safe + vprint_warning("Error with exploit request (HTTP #{res&.code}, should be 200)") unless res&.code == 200 + return Exploit::CheckCode::Safe('The target is not vulnerable') end # try to run it @@ -129,8 +129,8 @@ def check vprint_status("Checking if created: #{test_url}") res = send_request(test_url) if (not res) or (res.code != 500) - vprint_warning("Error with exploit request (HTTP #{res.code}, should be 500)") unless res.code == 500 - return Exploit::CheckCode::Safe + vprint_warning("Error with exploit request (HTTP #{res&.code}, should be 500)") unless res&.code == 500 + return Exploit::CheckCode::Safe('The target is not vulnerable') end # delete the tmp file @@ -138,12 +138,12 @@ def check rev = "`rm${IFS}-f${IFS}" + test_file + "`" res = send_request(rev_url + Rex::Text.uri_encode(rev)) if (not res) or (res.code != 200) - vprint_warning("Error with exploit request (HTTP #{res.code}, should be 200)") unless res.code == 200 + vprint_warning("Error with exploit request (HTTP #{res&.code}, should be 200)") unless res&.code == 200 print_warning("Unable to remove test file (#{test_file})") end report_twiki_service - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/twiki_maketext.rb b/modules/exploits/unix/webapp/twiki_maketext.rb index 7732de84ef5df..2ea74b569f01c 100644 --- a/modules/exploits/unix/webapp/twiki_maketext.rb +++ b/modules/exploits/unix/webapp/twiki_maketext.rb @@ -164,20 +164,20 @@ def check }) if not res or res.code != 200 - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end if res.body =~ /This site is running TWiki version.*TWiki-(\d\.\d\.\d)/ version = $1 vprint_status("Version found: #{version}") if version < "5.1.3" - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable") else - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected("Detected version #{version}") end end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/twiki_search.rb b/modules/exploits/unix/webapp/twiki_search.rb index 78c449fae5d26..f189a80384aea 100644 --- a/modules/exploits/unix/webapp/twiki_search.rb +++ b/modules/exploits/unix/webapp/twiki_search.rb @@ -107,7 +107,7 @@ def check res = send_request(test_url) if (not res) or (res.body.match(content)) vprint_warning("The test file exists already!") - return Exploit::CheckCode::Unknown # Need to try again with a different file + return Exploit::CheckCode::Unknown('Could not determine the target status') # Need to try again with a different file end # try to create it @@ -116,17 +116,17 @@ def check search << "';echo${IFS}" + content + "${IFS}|tee${IFS}" + test_file + ".txt;#'" res = send_request(search_url + Rex::Text.uri_encode(search)) if (not res) or (res.code != 200) - vprint_warning("Error with exploit request (HTTP #{res.code}, should be 200)") unless res.code == 200 - return Exploit::CheckCode::Safe + vprint_warning("Error with exploit request (HTTP #{res&.code}, should be 200)") unless res&.code == 200 + return Exploit::CheckCode::Safe('The target is not vulnerable') end # try to call it vprint_status("Checking if created: #{test_url}") res = send_request(test_url) if (not res) or (not res.body.match(content)) - vprint_warning("Error with exploit request (HTTP #{res.code}, should be 500)") unless res.code == 500 - vprint_warning("Error with exploit request (Content doesn't match)") unless res.body.match(content) - return Exploit::CheckCode::Safe + vprint_warning("Error with exploit request (HTTP #{res&.code}, should be 500)") unless res&.code == 500 + vprint_warning("Error with exploit request (Content doesn't match)") unless res&.body&.match(content) + return Exploit::CheckCode::Safe('The target is not vulnerable') end # delete the tmp file @@ -135,12 +135,12 @@ def check search << "';rm${IFS}-f${IFS}" + test_file + ".txt;#'" res = send_request(search_url + Rex::Text.uri_encode(search)) if (not res) or (res.code != 200) - vprint_warning("Error with exploit request (HTTP #{res.code}, should be 200)") unless res.code == 200 + vprint_warning("Error with exploit request (HTTP #{res&.code}, should be 200)") unless res&.code == 200 print_warning("Unable to remove test file (#{test_file})") end report_twiki_service - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb b/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb index a6e3a4de5d1aa..24f36e6e2e8fb 100644 --- a/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb +++ b/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb @@ -342,7 +342,7 @@ def check node_id = get_node unless node_id.nil? - return Msf::Exploit::CheckCode::Appears + return Msf::Exploit::CheckCode::Appears('The target appears to be vulnerable') end res = send_request_cgi({ @@ -350,10 +350,10 @@ def check }) if res and res.code == 200 and res.body.to_s =~ /"simpleversion": "v=5/ - return Msf::Exploit::CheckCode::Appears + return Msf::Exploit::CheckCode::Appears('The target appears to be vulnerable') end - return Msf::Exploit::CheckCode::Safe + return Msf::Exploit::CheckCode::Safe('The target is not vulnerable') end def on_new_session(session) diff --git a/modules/exploits/unix/webapp/vicidial_agent_authenticated_rce.rb b/modules/exploits/unix/webapp/vicidial_agent_authenticated_rce.rb index 2016227301c77..ea86a4b5e3d95 100644 --- a/modules/exploits/unix/webapp/vicidial_agent_authenticated_rce.rb +++ b/modules/exploits/unix/webapp/vicidial_agent_authenticated_rce.rb @@ -66,25 +66,25 @@ def check 'method' => 'GET' }) - return CheckCode::Unknown unless res&.code == 200 + return CheckCode::Unknown('Could not determine the target status') unless res&.code == 200 html_doc = res.get_html_document version_info = html_doc.at_xpath("//td[contains(text(), 'VERSION:')]")&.text || res.body.split("\n").find { |line| line.include?('VERSION:') } - return CheckCode::Unknown unless version_info + return CheckCode::Unknown('Could not determine the target status') unless version_info extracted_version = version_info.scan(/VERSION:\s*(\d+\.\d+)-(\d+)/).flatten.join('-') - return CheckCode::Unknown if extracted_version.empty? + return CheckCode::Unknown('Could not determine the target status') if extracted_version.empty? print_status("VICIdial version: #{extracted_version}") vulnerable_version = Rex::Version.new('2.14-917a') current_version = Rex::Version.new(extracted_version) - return current_version <= vulnerable_version ? CheckCode::Vulnerable : CheckCode::Safe + return current_version <= vulnerable_version ? CheckCode::Vulnerable("Detected vulnerable version #{current_version}") : CheckCode::Safe("Version #{current_version} is not vulnerable") end def exploit diff --git a/modules/exploits/unix/webapp/vicidial_manager_send_cmd_exec.rb b/modules/exploits/unix/webapp/vicidial_manager_send_cmd_exec.rb index 3175d58f71436..81e51386fcb65 100644 --- a/modules/exploits/unix/webapp/vicidial_manager_send_cmd_exec.rb +++ b/modules/exploits/unix/webapp/vicidial_manager_send_cmd_exec.rb @@ -158,16 +158,16 @@ def check if res and res.code == 200 if res.body =~ %r{Invalid Username/Password} vprint_error('Invalid Username or Password.') - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') elsif res.body =~ /Invalid session_name/ vprint_error('Web client session not found') - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') elsif res.body =~ /\.\n\.\.\n/m - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/vicidial_user_authorization_unauth_cmd_exec.rb b/modules/exploits/unix/webapp/vicidial_user_authorization_unauth_cmd_exec.rb index 1c2a0886ec1fe..f0bd651af5a2f 100644 --- a/modules/exploits/unix/webapp/vicidial_user_authorization_unauth_cmd_exec.rb +++ b/modules/exploits/unix/webapp/vicidial_user_authorization_unauth_cmd_exec.rb @@ -71,30 +71,30 @@ def check unless res vprint_status 'Connection failed' - return CheckCode::Unknown + return CheckCode::Unknown('Could not determine the target status') end if res.code != 401 vprint_status "#{peer} Unexpected reply. Expected authentication failure." - return CheckCode::Safe + return CheckCode::Safe('The target is not vulnerable') end # Check for input filtering of '#' and '&' characters in password # Response for invalid credentials is in the form of: |||BAD| if res.body !~ /\|#{user}\|#{pass}\|BAD\|/ vprint_status "#{peer} Target is patched." - return CheckCode::Safe + return CheckCode::Safe('The target is not vulnerable') end # Check for ../agc/bp.pl password encryption script res = send_request_cgi 'uri' => normalize_uri(target_uri.path, '..', 'agc', 'bp.pl') if res && res.code == 200 && res.body =~ /Bcrypt password hashing script/ vprint_status "#{peer} Password encryption is supported, but may not be enabled." - return CheckCode::Appears + return CheckCode::Appears('The target appears to be vulnerable') end vprint_status "#{peer} Could not verify whether password encryption is supported." - CheckCode::Detected + CheckCode::Detected('The target service was detected') end def execute_command(cmd, opts = {}) diff --git a/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb b/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb index 28379cbcb99b1..9289f3365be56 100644 --- a/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb +++ b/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb @@ -86,7 +86,7 @@ def check session = res.get_cookies.split("sid=")[1].split(";")[0] else vprint_error "Service found, but authentication failed" - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') end vprint_status("Attempting to execute...") @@ -101,9 +101,9 @@ def check ) if res and res.code == 200 and res.message =~ /Document follows/ - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') else - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end end diff --git a/modules/exploits/unix/webapp/webmin_upload_exec.rb b/modules/exploits/unix/webapp/webmin_upload_exec.rb index b688ee56ff7f0..78ef18fa2d94c 100644 --- a/modules/exploits/unix/webapp/webmin_upload_exec.rb +++ b/modules/exploits/unix/webapp/webmin_upload_exec.rb @@ -98,8 +98,8 @@ def login ## def check cookie = login - return CheckCode::Detected if cookie == '' - return CheckCode::Unknown if cookie.nil? + return CheckCode::Detected('The target service was detected') if cookie == '' + return CheckCode::Unknown('Could not determine the target status') if cookie.nil? vprint_status('Attempting to execute...') command = "echo #{rand_text_alphanumeric(0..9)}" @@ -110,10 +110,10 @@ def check }) if res && res.code == 200 && res.message =~ /Document follows/ - return CheckCode::Vulnerable + return CheckCode::Vulnerable('The target is vulnerable') end - CheckCode::Safe + CheckCode::Safe('The target is not vulnerable') end ## diff --git a/modules/exploits/unix/webapp/webtester_exec.rb b/modules/exploits/unix/webapp/webtester_exec.rb index d2c4323b7f379..31414c6df2bb6 100644 --- a/modules/exploits/unix/webapp/webtester_exec.rb +++ b/modules/exploits/unix/webapp/webtester_exec.rb @@ -65,21 +65,21 @@ def check if not res vprint_error("Connection timed out") - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end if res.body =~ /Eppler Software/ if res.body =~ / - v5\.1\.20101016/ vprint_status("Found version: 5.1.20101016") - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') elsif res.body =~ / - v(5\.[\d\.]+)/ vprint_status("Found version: #{$1}") - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') else - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') end else - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end end diff --git a/modules/exploits/unix/webapp/wp_admin_shell_upload.rb b/modules/exploits/unix/webapp/wp_admin_shell_upload.rb index ced5771b18fa9..74452be433037 100644 --- a/modules/exploits/unix/webapp/wp_admin_shell_upload.rb +++ b/modules/exploits/unix/webapp/wp_admin_shell_upload.rb @@ -49,11 +49,11 @@ def initialize(info = {}) def check cookie = wordpress_login(username, password) if cookie.nil? - return CheckCode::Safe + return CheckCode::Safe('The target is not vulnerable') end store_valid_credential(user: username, private: password, proof: cookie) - CheckCode::Appears + CheckCode::Appears('The target appears to be vulnerable') end def username diff --git a/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb b/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb index 596f5d9bae6bb..a50f06374583a 100644 --- a/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb +++ b/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb @@ -72,9 +72,9 @@ def check }) if res and res.code == 200 - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') else - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end end diff --git a/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb b/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb index 7dbaeec7268b4..8943ff92af3e4 100644 --- a/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb +++ b/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb @@ -54,9 +54,9 @@ def check 'uri' => uri ) - return Exploit::CheckCode::Unknown if res.nil? || res.code != 200 + return Exploit::CheckCode::Unknown('Could not determine the target status') if res.nil? || res.code != 200 - Exploit::CheckCode::Detected + Exploit::CheckCode::Detected('The target service was detected') end def exploit diff --git a/modules/exploits/unix/webapp/wp_foxypress_upload.rb b/modules/exploits/unix/webapp/wp_foxypress_upload.rb index ff463adacff1b..69ecc85206d51 100644 --- a/modules/exploits/unix/webapp/wp_foxypress_upload.rb +++ b/modules/exploits/unix/webapp/wp_foxypress_upload.rb @@ -53,9 +53,9 @@ def check 'uri' => normalize_uri(wordpress_url_plugins, 'foxypress', 'uploadify', 'uploadify.php') ) - return Exploit::CheckCode::Detected if res && res.code == 200 + return Exploit::CheckCode::Detected('The target service was detected') if res && res.code == 200 - Exploit::CheckCode::Safe + Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/wp_google_document_embedder_exec.rb b/modules/exploits/unix/webapp/wp_google_document_embedder_exec.rb index ee7abc0627432..d73739ff5b24e 100644 --- a/modules/exploits/unix/webapp/wp_google_document_embedder_exec.rb +++ b/modules/exploits/unix/webapp/wp_google_document_embedder_exec.rb @@ -79,9 +79,9 @@ def check }) if res and res.code == 200 - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') else - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end end diff --git a/modules/exploits/unix/webapp/wp_infusionsoft_upload.rb b/modules/exploits/unix/webapp/wp_infusionsoft_upload.rb index b1dec766a32e4..178853a962812 100644 --- a/modules/exploits/unix/webapp/wp_infusionsoft_upload.rb +++ b/modules/exploits/unix/webapp/wp_infusionsoft_upload.rb @@ -50,10 +50,10 @@ def check ) if res && res.code == 200 && res.body =~ /Code Generator/ && res.body =~ /Infusionsoft/ - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') end - Exploit::CheckCode::Safe + Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/wp_optimizepress_upload.rb b/modules/exploits/unix/webapp/wp_optimizepress_upload.rb index 8fa6f34e9e1d9..e70427f965f08 100644 --- a/modules/exploits/unix/webapp/wp_optimizepress_upload.rb +++ b/modules/exploits/unix/webapp/wp_optimizepress_upload.rb @@ -62,10 +62,10 @@ def check }) if res and res.code == 200 and res.body.to_s =~ /Upload New Image/ - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb b/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb index 3d3e001393be7..64e4a686098c0 100644 --- a/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb +++ b/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb @@ -74,15 +74,15 @@ def check if (version = wordpress_version) version = Rex::Version.new(version) else - return CheckCode::Safe + return CheckCode::Unknown('Could not determine WordPress version') end vprint_status("WordPress #{version} installed at #{full_uri}") if version <= Rex::Version.new('4.6') - CheckCode::Appears + CheckCode::Appears("Version #{version} appears to be vulnerable") else - CheckCode::Detected + CheckCode::Detected("Detected version #{version}") end end diff --git a/modules/exploits/unix/webapp/wp_pixabay_images_upload.rb b/modules/exploits/unix/webapp/wp_pixabay_images_upload.rb index 349e3e7c35f49..cb58724693bdc 100644 --- a/modules/exploits/unix/webapp/wp_pixabay_images_upload.rb +++ b/modules/exploits/unix/webapp/wp_pixabay_images_upload.rb @@ -133,7 +133,7 @@ def check res = wordpress_and_online? unless res vprint_error("It doesn't look like a WordPress site") - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end # Send a request with a illegal URL to verify that the target is vulnerable @@ -151,9 +151,9 @@ def check }) if res && res.body && res.body.to_s =~ /Error: A valid URL was not provided/ - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end - Exploit::CheckCode::Safe + Exploit::CheckCode::Safe('The target is not vulnerable') end end diff --git a/modules/exploits/unix/webapp/wp_plainview_activity_monitor_rce.rb b/modules/exploits/unix/webapp/wp_plainview_activity_monitor_rce.rb index 34f92b1a44202..60907a94cb579 100644 --- a/modules/exploits/unix/webapp/wp_plainview_activity_monitor_rce.rb +++ b/modules/exploits/unix/webapp/wp_plainview_activity_monitor_rce.rb @@ -61,7 +61,7 @@ def initialize(info = {}) def check unless wordpress_and_online? vprint_error("#{target_uri} does not seeem to be Wordpress site") - return CheckCode::Unknown + return CheckCode::Unknown('Could not determine the target status') end check_plugin_version_from_readme('plainview-activity-monitor', '20180826') end diff --git a/modules/exploits/unix/webapp/wp_property_upload_exec.rb b/modules/exploits/unix/webapp/wp_property_upload_exec.rb index b054afeddbda7..7598034ffcacf 100644 --- a/modules/exploits/unix/webapp/wp_property_upload_exec.rb +++ b/modules/exploits/unix/webapp/wp_property_upload_exec.rb @@ -54,9 +54,9 @@ def check 'uri' => uri ) - return Exploit::CheckCode::Unknown if res.nil? || res.code != 200 + return Exploit::CheckCode::Unknown('Could not determine the target status') if res.nil? || res.code != 200 - Exploit::CheckCode::Detected + Exploit::CheckCode::Detected('The target service was detected') end def exploit diff --git a/modules/exploits/unix/webapp/wp_total_cache_exec.rb b/modules/exploits/unix/webapp/wp_total_cache_exec.rb index 3d651cfeba721..6fd8812a8fe57 100644 --- a/modules/exploits/unix/webapp/wp_total_cache_exec.rb +++ b/modules/exploits/unix/webapp/wp_total_cache_exec.rb @@ -195,22 +195,22 @@ def check res = wordpress_and_online? unless res vprint_error("#{peer} does not seeem to be Wordpress site") - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end if res.headers['X-Powered-By'] and res.headers['X-Powered-By'] =~ /W3 Total Cache\/([0-9\.]*)/ version = $1 if version <= "0.9.2.8" - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable") else - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe("Version #{version} is not vulnerable") end end if res.body and (res.body =~ /Performance optimized by W3 Total Cache/ or res.body =~ /Cached page generated by WP-Super-Cache/) - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected(version ? "Detected version #{version}" : 'W3 Total Cache detected') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe(version ? "Version #{version} is not vulnerable" : 'The target is not vulnerable') end end diff --git a/modules/exploits/unix/webapp/xoda_file_upload.rb b/modules/exploits/unix/webapp/xoda_file_upload.rb index 781bfb4541e34..e5f61cbf644a7 100644 --- a/modules/exploits/unix/webapp/xoda_file_upload.rb +++ b/modules/exploits/unix/webapp/xoda_file_upload.rb @@ -78,9 +78,9 @@ def check }) if res and res.code == 200 and res.body =~ /Upload a file/ - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') else - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end end diff --git a/modules/exploits/unix/webapp/xymon_useradm_cmd_exec.rb b/modules/exploits/unix/webapp/xymon_useradm_cmd_exec.rb index b98c451fdcb4b..422577333f3cf 100644 --- a/modules/exploits/unix/webapp/xymon_useradm_cmd_exec.rb +++ b/modules/exploits/unix/webapp/xymon_useradm_cmd_exec.rb @@ -116,38 +116,38 @@ def check unless res vprint_status "#{peer} - Connection failed" - return CheckCode::Unknown + return CheckCode::Unknown('Could not determine the target status') end if res.code == 401 vprint_status "#{peer} - Authentication failed" - return CheckCode::Unknown + return CheckCode::Unknown('Could not determine the target status') end if res.code == 404 vprint_status "#{peer} - useradm.sh not found" - return CheckCode::Safe + return CheckCode::Safe('The target is not vulnerable') end unless res.body.include?('Xymon') vprint_status "#{peer} - Target is not a Xymon server." - return CheckCode::Safe + return CheckCode::Safe('The target is not vulnerable') end version = res.body.scan(/>Xymon ([\d\.]+)= Rex::Version.new('4.3.25') - return CheckCode::Safe + return CheckCode::Safe("Version #{version} is not vulnerable") end - CheckCode::Appears + CheckCode::Appears("Version #{version} appears to be vulnerable") end def execute_command(cmd, opts = {}) diff --git a/modules/exploits/unix/webapp/zeroshell_exec.rb b/modules/exploits/unix/webapp/zeroshell_exec.rb index 3873472bcd7b5..3af75b8e94bac 100644 --- a/modules/exploits/unix/webapp/zeroshell_exec.rb +++ b/modules/exploits/unix/webapp/zeroshell_exec.rb @@ -74,10 +74,10 @@ def check end unless password.nil? - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end # Retrieve admin password using unauthenticated LFI diff --git a/modules/exploits/unix/webapp/zimbra_lfi.rb b/modules/exploits/unix/webapp/zimbra_lfi.rb index d11bb657d7f48..9c3ec69ae8dd7 100644 --- a/modules/exploits/unix/webapp/zimbra_lfi.rb +++ b/modules/exploits/unix/webapp/zimbra_lfi.rb @@ -75,7 +75,7 @@ def check res = send_traversal_query(traversal_path('conf/localconfig.xml')) unless res and res.code == 200 - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end # this response is ~100% gzipped @@ -86,9 +86,9 @@ def check end if text =~ %r{name=\\"zimbra_user\\">";\sa\["(.*)} - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') else - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end end diff --git a/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb b/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb index 4353fd4dccab0..2b21a02d05f94 100644 --- a/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb +++ b/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb @@ -83,18 +83,18 @@ def check if res and res.code == 200 if res.body =~ /ZM - Login<\/title>/ vprint_error("Service found, but authentication failed") - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') elsif res.body =~ /v1.2(4\.\d+|5\.0)/ - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Appears('The target appears to be vulnerable') elsif res.body =~ /<title>ZM/ - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') end end - rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeoutp + rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout vprint_error("Connection failed") - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def exploit diff --git a/modules/exploits/unix/webapp/zoneminder_snapshots.rb b/modules/exploits/unix/webapp/zoneminder_snapshots.rb index 05f199234d0fe..b1d8bfbb66d7a 100644 --- a/modules/exploits/unix/webapp/zoneminder_snapshots.rb +++ b/modules/exploits/unix/webapp/zoneminder_snapshots.rb @@ -100,7 +100,7 @@ def check print_status("Elapsed time: #{elapsed_time} seconds.") if sleep_time < elapsed_time - return Exploit::CheckCode::Vulnerable + return Exploit::CheckCode::Vulnerable('The target is vulnerable') end Exploit::CheckCode::Safe('Target is not vulnerable') diff --git a/modules/exploits/unix/webapp/zpanel_username_exec.rb b/modules/exploits/unix/webapp/zpanel_username_exec.rb index 8617d0b473c6f..5184d945f2d96 100644 --- a/modules/exploits/unix/webapp/zpanel_username_exec.rb +++ b/modules/exploits/unix/webapp/zpanel_username_exec.rb @@ -64,14 +64,14 @@ def check res = send_request_raw({ 'uri' => normalize_uri(target_uri.path) }) if not res vprint_error("Connection timed out") - return Exploit::CheckCode::Unknown + return Exploit::CheckCode::Unknown('Could not determine the target status') end if res.body =~ /This server is running: ZPanel/ - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Detected('The target service was detected') end - return Exploit::CheckCode::Safe + return Exploit::CheckCode::Safe('The target is not vulnerable') end def login(base, token, cookie)