Make rubocop more happy

Author: jvazquez-r7

modules/auxiliary/scanner/http/joomla_bruteforce_login.rb

@@ -6,7 +6,6 @@
 require 'msf/core'
 
 class Metasploit3 < Msf::Auxiliary
-
   include Msf::Exploit::Remote::HttpClient
   include Msf::Auxiliary::Report
   include Msf::Auxiliary::AuthBrute
@@ -26,17 +25,17 @@ def initialize
 
     register_options(
       [
-        OptPath.new('USERPASS_FILE',  [ false, "File containing users and passwords separated by space, one pair per line",
-          File.join(Msf::Config.data_directory, "wordlists", "http_default_userpass.txt") ]),
-        OptPath.new('USER_FILE',  [ false, "File containing users, one per line",
-          File.join(Msf::Config.data_directory, "wordlists", "http_default_users.txt") ]),
-        OptPath.new('PASS_FILE',  [ false, "File containing passwords, one per line",
-          File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt") ]),
-        OptString.new('AUTH_URI', [ true, "The URI to authenticate against", "/administrator/index.php" ]),
-        OptString.new('FORM_URI', [ true, "The FORM URI to authenticate against" , "/administrator"]),
-        OptString.new('USER_VARIABLE', [ true, "The name of the variable for the user field", "username"]),
-        OptString.new('PASS_VARIABLE', [ true, "The name of the variable for the password field" , "passwd"]),
-        OptString.new('WORD_ERROR', [ true, "The word of message for detect that login fail","mod-login-username"])
+        OptPath.new('USERPASS_FILE', [false, 'File containing users and passwords separated by space, one pair per line',
+          File.join(Msf::Config.data_directory, 'wordlists', 'http_default_userpass.txt')]),
+        OptPath.new('USER_FILE', [false, 'File containing users, one per line',
+          File.join(Msf::Config.data_directory, 'wordlists', "http_default_users.txt")]),
+        OptPath.new('PASS_FILE', [false, 'File containing passwords, one per line',
+          File.join(Msf::Config.data_directory, 'wordlists', 'http_default_pass.txt')]),
+        OptString.new('AUTH_URI', [true, 'The URI to authenticate against', '/administrator/index.php']),
+        OptString.new('FORM_URI', [true, 'The FORM URI to authenticate against' , '/administrator']),
+        OptString.new('USER_VARIABLE', [true, 'The name of the variable for the user field', 'username']),
+        OptString.new('PASS_VARIABLE', [true, 'The name of the variable for the password field' , 'passwd']),
+        OptString.new('WORD_ERROR', [true, 'The word of message for detect that login fail', 'mod-login-username'])
       ], self.class)
 
     register_autofilter_ports([80, 443])
@@ -46,18 +45,18 @@ def find_auth_uri
     if datastore['AUTH_URI'] && datastore['AUTH_URI'].length > 0
       paths = [datastore['AUTH_URI']]
     else
-      paths = %W{
+      paths = %w(
         /
         /administrator/
-      }
+      )
     end
 
     paths.each do |path|
       begin
-        res = send_request_cgi({
-          'uri'     => path,
-          'method'  => 'GET'
-        })
+        res = send_request_cgi(
+          'uri'    => path,
+          'method' => 'GET'
+        )
       rescue ::Rex::ConnectionError
         next
       end
@@ -68,10 +67,10 @@ def find_auth_uri
         path = res.headers['Location']
         vprint_status("#{rhost}:#{rport} - Following redirect: #{path}")
         begin
-          res = send_request_cgi({
+          res = send_request_cgi(
             'uri'     => path,
             'method'  => 'GET'
-          })
+          )
         rescue ::Rex::ConnectionError
           next
         end
@@ -81,38 +80,38 @@ def find_auth_uri
       return path
     end
 
-    return nil
+    nil
   end
 
   def target_url
-    proto = "http"
+    proto = 'http'
     if rport == 443 || ssl
-      proto = "https"
+      proto = 'https'
     end
-    "#{proto}://#{rhost}:#{rport}#{@uri.to_s}"
+    "#{proto}://#{rhost}:#{rport}#{@uri}"
   end
 
   def run_host(ip)
     vprint_status("#{rhost}:#{rport} - Searching Joomla authentication URI...")
     @uri = find_auth_uri
 
-    if !@uri
+    unless @uri
       vprint_error("#{rhost}:#{rport} - No URI found that asks for authentication")
       return
     end
 
-    @uri = "/#{@uri}" if @uri[0,1] != "/"
+    @uri = "/#{@uri}" if @uri[0, 1] != '/'
 
     vprint_status("#{target_url} - Attempting to login...")
 
-    each_user_pass { |user, pass|
+    each_user_pass do |user, pass|
       do_login(user, pass)
-    }
+    end
   end
 
   def do_login(user, pass)
     vprint_status("#{target_url} - Trying username:'#{user}' with password:'#{pass}'")
-    response  = do_web_login(user,pass)
+    response  = do_web_login(user, pass)
     result = determine_result(response)
 
     if result == :success
@@ -129,7 +128,7 @@ def do_login(user, pass)
         :duplicate_ok => true,
         :active       => true
       )
-      return :abort if (datastore['STOP_ON_SUCCESS'])
+      return :abort if datastore['STOP_ON_SUCCESS']
       return :next_user
     else
       vprint_error("#{target_url} - Failed to login as '#{user}'")
@@ -138,74 +137,72 @@ def do_login(user, pass)
   end
 
   def do_web_login(user, pass)
-    begin
-      user_var = datastore['USER_VARIABLE']
-      pass_var = datastore['PASS_VARIABLE']
+    user_var = datastore['USER_VARIABLE']
+    pass_var = datastore['PASS_VARIABLE']
 
-      referer_var = "http://#{rhost}/administrator/index.php"
+    referer_var = "http://#{rhost}/administrator/index.php"
 
-      vprint_status("#{target_url} - Searching Joomla Login Response...")
-      res = get_login_response
+    vprint_status("#{target_url} - Searching Joomla Login Response...")
+    res = login_response
 
-      unless res && res.code = 200 && !res.get_cookies.blank?
-        vprint_error("#{target_url} - Failed to find Joomla Login Response")
-        return nil
-      end
+    unless res && res.code = 200 && !res.get_cookies.blank?
+      vprint_error("#{target_url} - Failed to find Joomla Login Response")
+      return nil
+    end
 
-      vprint_status("#{target_url} - Searching Joomla Login Form...")
-      hidden_value = get_login_hidden(res)
-      if hidden_value.nil?
-        vprint_error("#{target_url} - Failed to find Joomla Login Form")
-        return nil
-      end
+    vprint_status("#{target_url} - Searching Joomla Login Form...")
+    hidden_value = get_login_hidden(res)
+    if hidden_value.nil?
+      vprint_error("#{target_url} - Failed to find Joomla Login Form")
+      return nil
+    end
 
-      vprint_status("#{target_url} - Searching Joomla Login Cookies...")
-      cookie = get_login_cookie(res)
-      if cookie.blank?
-        vprint_error("#{target_url} - Failed to find Joomla Login Cookies")
-        return nil
-      end
+    vprint_status("#{target_url} - Searching Joomla Login Cookies...")
+    cookie = get_login_cookie(res)
+    if cookie.blank?
+      vprint_error("#{target_url} - Failed to find Joomla Login Cookies")
+      return nil
+    end
 
-      vprint_status("#{target_url} - Login with cookie ( #{cookie} ) and Hidden ( #{hidden_value}=1 )")
-      res = send_request_login({
-        'user_var'     => user_var,
-        'pass_var'     => pass_var,
-        'cookie'       => cookie,
-        'referer_var'  => referer_var,
-        'user'         => user,
-        'pass'         => pass,
-        'hidden_value' => hidden_value
-      })
-
-      if res
-        vprint_status("#{target_url} - Login Response #{res.code}")
-        if res.redirect? && res.headers['Location']
-          path = res.headers['Location']
-          vprint_status("#{target_url} - Following redirect to #{path}...")
-
-          res = send_request_raw({
-            'uri'     => path,
-            'method'  => 'GET',
-            'cookie' => "#{cookie}"
-          })
-        end
+    vprint_status("#{target_url} - Login with cookie ( #{cookie} ) and Hidden ( #{hidden_value}=1 )")
+    res = send_request_login(
+      'user_var'     => user_var,
+      'pass_var'     => pass_var,
+      'cookie'       => cookie,
+      'referer_var'  => referer_var,
+      'user'         => user,
+      'pass'         => pass,
+      'hidden_value' => hidden_value
+    )
+
+    if res
+      vprint_status("#{target_url} - Login Response #{res.code}")
+      if res.redirect? && res.headers['Location']
+        path = res.headers['Location']
+        vprint_status("#{target_url} - Following redirect to #{path}...")
+
+        res = send_request_raw(
+          'uri'     => path,
+          'method'  => 'GET',
+          'cookie' => "#{cookie}"
+        )
       end
+    end
 
-      return res
+    return res
     rescue ::Rex::ConnectionError
       vprint_error("#{target_url} - Failed to connect to the web server")
       return nil
-    end
   end
 
   def send_request_login(opts = {})
-    res = send_request_cgi({
+    res = send_request_cgi(
       'uri'     => @uri,
       'method'  => 'POST',
       'cookie'  => "#{opts['cookie']}",
       'headers' =>
         {
-        'Referer'       => opts['referer_var']
+          'Referer' => opts['referer_var']
         },
       'vars_post' => {
         opts['user_var']     => opts['user'],
@@ -216,7 +213,7 @@ def send_request_login(opts = {})
         'return'             => 'aW5kZXgucGhw',
         opts['hidden_value'] => 1
       }
-    })
+    )
 
     res
   end
@@ -233,12 +230,12 @@ def determine_result(response)
       end
     end
 
-    return :fail
+    :fail
   end
 
-  def get_login_response
+  def login_response
     uri = normalize_uri(datastore['FORM_URI'])
-    res = send_request_cgi!({'uri' => uri, 'method' => 'GET'})
+    res = send_request_cgi!('uri' => uri, 'method' => 'GET')
 
     res
   end
@@ -257,12 +254,12 @@ def get_login_hidden(res)
     vprint_status("#{target_url} - Testing Joomla 2.5 Form...")
     form = res.body.split(/<form action=([^\>]+) method="post" id="form-login"\>(.*)<\/form>/mi)
 
-    if form.length == 1  #is not Joomla 2.5
+    if form.length == 1  # is not Joomla 2.5
       vprint_status("#{target_url} - Testing Form Joomla 3.0 Form...")
       form = res.body.split(/<form action=([^\>]+) method="post" id="form-login" class="form-inline"\>(.*)<\/form>/mi)
     end
 
-    if form.length == 1
+    if form.length == 1 # is not Joomla 3
       vprint_error("#{target_url} - Last chance to find a login form...")
       form = res.body.split(/<form id="login-form" action=([^\>]+)\>(.*)<\/form>/mi)
     end
@@ -276,7 +273,7 @@ def get_login_hidden(res)
 
     valor_input_id = input_id[1]
 
-    return valor_input_id
+    valor_input_id
   end
 
 end