@@ -41,7 +41,7 @@ def run_host(ip)
4141 'uri' => "/" + Rex ::Text . rand_text_alpha ( 12 ) ,
4242 'method' => 'GET' ,
4343 'ctype' => 'text/plain'
44- } , 20 )
44+ } )
4545
4646 if res
4747
@@ -87,7 +87,7 @@ def check_app(app)
8787 'uri' => app ,
8888 'method' => 'GET' ,
8989 'ctype' => 'text/plain'
90- } , 20 )
90+ } )
9191
9292 if res
9393 case
@@ -118,22 +118,22 @@ def jboss_as_default_creds
118118 return false if session . nil?
119119
120120 # Default AS creds
121- username = " admin"
122- password = " admin"
121+ username = ' admin'
122+ password = ' admin'
123123
124124 res = send_request_raw ( {
125- " uri" => " /admin-console/login.seam" ,
126- " method" => " POST" ,
127- " version" => " 1.1" ,
128- " vhost" => "#{ rhost } ,
129- " headers" => { " Content-Type" => " application/x-www-form-urlencoded" ,
130- " Cookie" => "JSESSIONID=#{ session [ 'jsessionid' ] }
125+ ' uri' => ' /admin-console/login.seam' ,
126+ ' method' => ' POST' ,
127+ ' version' => ' 1.1' ,
128+ ' vhost' => "#{ rhost } ,
129+ ' headers' => { ' Content-Type' => ' application/x-www-form-urlencoded' ,
130+ ' Cookie' => "JSESSIONID=#{ session [ 'jsessionid' ] }
131131 } ,
132- " data" => "login_form=login_form&login_form%3Aname=#{ username } #{ password } #{ session [ "viewstate" ] }
133- } , 20 )
132+ ' data' => "login_form=login_form&login_form%3Aname=#{ username } #{ password } #{ session [ "viewstate" ] }
133+ } )
134134
135135 # Valid creds if 302 redirected to summary.seam and not error.seam
136- if res && res . code == 302 && /error.seam/m !~ res . headers . to_s && /summary.seam/m =~ res . headers . to_s
136+ if res && res . code == 302 && res . headers . to_s !~ /error.seam/m && res . headers . to_s =~ /summary.seam/m
137137 print_good ( "#{ rhost } #{ rport } #{ username } #{ password } )
138138 add_creds ( username , password )
139139 else
@@ -145,8 +145,8 @@ def add_creds(username, password)
145145 service_data = {
146146 address : rhost ,
147147 port : rport ,
148- service_name : " jboss" ,
149- protocol : " tcp" ,
148+ service_name : ' jboss' ,
149+ protocol : ' tcp' ,
150150 workspace_id : framework . db . workspace . id
151151 }
152152
@@ -165,22 +165,25 @@ def add_creds(username, password)
165165
166166 def jboss_as_session_setup ( rhost , rport )
167167 res = send_request_raw ( {
168- 'uri' => " /admin-console/login.seam" ,
169- 'method' => " GET" ,
170- 'version' => " 1.1" ,
168+ 'uri' => ' /admin-console/login.seam' ,
169+ 'method' => ' GET' ,
170+ 'version' => ' 1.1' ,
171171 'vhost' => "#{ rhost }
172- } , 20 )
172+ } )
173173
174- if res
175- begin
176- viewstate = /javax.faces.ViewState" value="(.*)" auto/ . match ( res . body ) . captures [ 0 ]
177- jsessionid = /JSESSIONID=(.*);/ . match ( res . headers . to_s ) . captures [ 0 ]
178- rescue
179- print_status ( "#{ rhost } #{ rport } )
180- return nil
181- end
182- return { "jsessionid" => jsessionid , "viewstate" => viewstate }
174+ unless res
175+ return nil
176+ end
177+
178+ begin
179+ viewstate = /javax.faces.ViewState" value="(.*)" auto/ . match ( res . body ) . captures [ 0 ]
180+ jsessionid = /JSESSIONID=(.*);/ . match ( res . headers . to_s ) . captures [ 0 ]
181+ rescue ::NoMethodError
182+ print_status ( "#{ rhost } #{ rport } )
183+ return nil
183184 end
185+
186+ { 'jsessionid' => jsessionid , 'viewstate' => viewstate }
184187 end
185188
186189 def bypass_auth ( app )
@@ -190,7 +193,7 @@ def bypass_auth(app)
190193 'uri' => app ,
191194 'method' => datastore [ 'VERB' ] ,
192195 'version' => '1.0' # 1.1 makes the head request wait on timeout for some reason
193- } , 20 )
196+ } )
194197
195198 if res && res . code == 200
196199 print_good ( "#{ rhost } #{ rport } )
@@ -205,7 +208,7 @@ def basic_auth_default_creds(app)
205208 'method' => 'GET' ,
206209 'ctype' => 'text/plain' ,
207210 'authorization' => basic_auth ( 'admin' , 'admin' )
208- } , 20 )
211+ } )
209212
210213 if res && res . code == 200
211214 print_good ( "#{ rhost } #{ rport } #{ app } )
0 commit comments