Fixes to MyBook Live Module

nstarke · nstarke · commit 82b74d5f3c49 · 2014-10-21T00:50:40.000Z
This commit contains three fixes as requested on PR rapid7#4003. Those include: + Removing extraneous puts statement + Checking for valid response + SSL support.
diff --git a/lib/metasploit/framework/login_scanner/mybook_live.rb b/lib/metasploit/framework/login_scanner/mybook_live.rb
@@ -42,11 +42,12 @@ def attempt_login(credential)
               'data' => body
             })
             res = cli.send_recv(req)
-            print res
             if res && res.code == 302 && res.headers['location'] && res.headers['location'].include?('UI')
               result_opts.merge!(status: Metasploit::Model::Login::Status::SUCCESSFUL, proof: res.headers)
+            elsif res.nil?
+              result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT)
             else
-              result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: res)
+              result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: res.headers)
             end
           rescue ::EOFError, Errno::ETIMEDOUT, Rex::ConnectionError, ::Timeout::Error
             result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT)
diff --git a/modules/auxiliary/scanner/http/mybook_live_login.rb b/modules/auxiliary/scanner/http/mybook_live_login.rb
@@ -54,6 +54,11 @@ def run_host(ip)
       vhost: datastore['VHOST']
     )
 
+    if ssl
+      scanner.ssl = datastore['SSL']
+      scanner.ssl_version = datastore['SSLVERSION']
+    end
+
     scanner.scan! do |result|
       credential_data = result.to_h
       credential_data.merge!(
