the check routing shoudl return Safe the first time we try to leverage teh vulnerability, if that doesnt work. But still return Unknown if the vulnerability fails the second time we leverage it.

sfewer-r7 · sfewer-r7 · commit eda46f1a1074 · 2024-11-22T10:26:06.000Z
diff --git a/modules/exploits/linux/http/panos_management_unauth_rce.rb b/modules/exploits/linux/http/panos_management_unauth_rce.rb
@@ -82,7 +82,8 @@ def check
 
     # NOTE: We set dontfail to true, as a check routine cannot fail_with().
 
-    return CheckCode::Unknown unless execute_cmd(
+    # return Safe if we fail to trigger the vulnerability and execute a command.
+    return CheckCode::Safe unless execute_cmd(
       "echo #{check_file_name} > /var/appweb/htdocs/unauth/#{check_file_name}",
       dontfail: true
     )
@@ -96,6 +97,7 @@ def check
 
     if res.code == 200 && res.body.include?(check_file_name)
 
+      # return Unknown if we fail to trigger the vulnerability  second time.
       return CheckCode::Unknown unless execute_cmd(
         "rm -f /var/appweb/htdocs/unauth/#{check_file_name}",
         dontfail: true
