Fix msftidy warnings wrt Set-Cookie

jhart-r7 · jhart-r7 · commit 7b386ea2c8a4 · 2017-12-19T06:58:23.000-08:00
diff --git a/modules/exploits/linux/http/epmp1000_get_chart_cmd_shell.rb b/modules/exploits/linux/http/epmp1000_get_chart_cmd_shell.rb
@@ -127,15 +127,15 @@ def login(user, pass)
       }
     )
 
+    cookies = res.get_cookies
     good_response = (
       res &&
       res.code == 200 &&
-      res.headers.include?('Set-Cookie') &&
-      res.headers['Set-Cookie'].include?('sysauth')
+      cookies.include?('sysauth')
     )
 
     if good_response
-      sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
+      sysauth_value = cookies.match(/((.*)[$ ])/)
       cookie1 = "#{sysauth_value}"
       prevsessid = res.body.match(/((?:[a-z][a-z]*[0-9]+[a-z0-9]*))/)
 
@@ -158,10 +158,11 @@ def login(user, pass)
         }
       )
 
+      cookies = res.get_cookies
       good_response = (
         res &&
         res.code == 200 &&
-        res.headers.include?('Set-Cookie') &&
+        !cookies.blank? &&
         !res.body.include?('auth_failed') &&
         !res.body.include?('Maximum number of users reached.')
       )
@@ -170,7 +171,7 @@ def login(user, pass)
         print_good("SUCCESSFUL LOGIN - #{rhost}:#{rport} - #{user.inspect}:#{pass.inspect}")
 
         # get the cookie now
-        sysauth_value_2 = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
+        sysauth_value_2 = cookies.match(/((.*)[$ ])/)
         stok_value_2_dirty = res.body.match(/"stok": "(.*?)"/)
         stok_value_2 = "#{stok_value_2_dirty}".split('"')[3]
         final_cookie = "#{sysauth_value_2}" + 'usernameType_80=admin; stok_80=' + "#{stok_value_2}"
diff --git a/modules/exploits/linux/http/epmp1000_ping_cmd_shell.rb b/modules/exploits/linux/http/epmp1000_ping_cmd_shell.rb
@@ -127,15 +127,15 @@ def login(user, pass)
       }
     )
 
+    cookies = res.get_cookies
     good_response = (
       res &&
       res.code == 200 &&
-      res.headers.include?('Set-Cookie') &&
-      res.headers['Set-Cookie'].include?('sysauth')
+      cookies.include?('sysauth')
     )
 
     if good_response
-      sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
+      sysauth_value = cookies.match(/((.*)[$ ])/)
 
       cookie1 = "#{sysauth_value}; " + "globalParams=%7B%22dashboard%22%3A%7B%22refresh_rate%22%3A%225%22%7D%2C%22#{user}%22%3A%7B%22refresh_rate%22%3A%225%22%7D%7D"
 
@@ -157,21 +157,21 @@ def login(user, pass)
         }
       )
 
+      cookies = res.get_cookies
       good_response = (
         res &&
         res.code == 200 &&
-        res.headers.include?('Set-Cookie') &&
-        res.headers['Set-Cookie'].include?('stok=') &&
+        cookies.include?('stok=') &&
         !res.body.include?('Maximum number of users reached.')
       )
 
       if good_response
         print_good("SUCCESSFUL LOGIN - #{rhost}:#{rport} - #{user.inspect}:#{pass.inspect}")
 
         # get the cookie now
-        get_stok = res.headers['Set-Cookie'].match(/stok=(.*)/)
+        get_stok = cookies.match(/stok=(.*)/)
         stok_value = get_stok[1]
-        sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
+        sysauth_value = cookies.match(/((.*)[$ ])/)
         final_cookie = "#{sysauth_value}; " + "globalParams=%7B%22dashboard%22%3A%7B%22refresh_rate%22%3A%225%22%7D%2C%22#{user}%22%3A%7B%22refresh_rate%22%3A%225%22%7D%7D; userType=Installer; usernameType=installer; stok=" + "#{stok_value}"
 
         # create config_uri

Original file line number	Diff line number	Diff line change
`@@ -127,15 +127,15 @@ def login(user, pass)`
`127`	`127`	`}`
`128`	`128`	`)`
`129`	`129`
	`130`	`+ cookies = res.get_cookies`
`130`	`131`	`good_response = (`
`131`	`132`	`res &&`
`132`	`133`	`res.code == 200 &&`
`133`		`- res.headers.include?('Set-Cookie') &&`
`134`		`- res.headers['Set-Cookie'].include?('sysauth')`
	`134`	`+ cookies.include?('sysauth')`
`135`	`135`	`)`
`136`	`136`
`137`	`137`	`if good_response`
`138`		`- sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)`
	`138`	`+ sysauth_value = cookies.match(/((.*)[$ ])/)`
`139`	`139`	`cookie1 = "#{sysauth_value}"`
`140`	`140`	`prevsessid = res.body.match(/((?:[a-z][a-z][0-9]+[a-z0-9]))/)`
`141`	`141`
`@@ -158,10 +158,11 @@ def login(user, pass)`
`158`	`158`	`}`
`159`	`159`	`)`
`160`	`160`
	`161`	`+ cookies = res.get_cookies`
`161`	`162`	`good_response = (`
`162`	`163`	`res &&`
`163`	`164`	`res.code == 200 &&`
`164`		`- res.headers.include?('Set-Cookie') &&`
	`165`	`+ !cookies.blank? &&`
`165`	`166`	`!res.body.include?('auth_failed') &&`
`166`	`167`	`!res.body.include?('Maximum number of users reached.')`
`167`	`168`	`)`
`@@ -170,7 +171,7 @@ def login(user, pass)`
`170`	`171`	`print_good("SUCCESSFUL LOGIN - #{rhost}:#{rport} - #{user.inspect}:#{pass.inspect}")`
`171`	`172`
`172`	`173`	`# get the cookie now`
`173`		`- sysauth_value_2 = res.headers['Set-Cookie'].match(/((.*)[$ ])/)`
	`174`	`+ sysauth_value_2 = cookies.match(/((.*)[$ ])/)`
`174`	`175`	`stok_value_2_dirty = res.body.match(/"stok": "(.*?)"/)`
`175`	`176`	`stok_value_2 = "#{stok_value_2_dirty}".split('"')[3]`
`176`	`177`	`final_cookie = "#{sysauth_value_2}" + 'usernameType_80=admin; stok_80=' + "#{stok_value_2}"`