pushing for help

Author: h00die

lib/metasploit/framework/varnish/client.rb

@@ -7,28 +7,26 @@ module Framework
     module Varnish
       module Client
 
+        auth_required_regex = /107 \d+\s\s\s\s\s\s\n(\w+)\n\nAuthentication required./ # 107 auth
+        auth_success_regex = /200 \d+/ # 200 ok
 
         def login(pass)
+          # based on https://www.varnish-cache.org/trac/wiki/CLI
           begin
-            if require_auth?
-              sock.put("auth #{Rex::Text.rand_text_alphanumeric(3)}\n") # Cause a login fail to get the challenge
-              res = sock.get_once(-1,3) # grab challenge
-              if res && res =~ /107 \d+\s\s\s\s\s\s\n(\w+)\n\nAuthentication required./ # 107 auth
-                challenge = $1
-                response = challenge + "\n"
-                response << pass + "\n"
-                response << challenge + "\n"
-                response = Digest::SHA256.hexdigest(response)
-                sock.put("auth #{response}\n")
-                res = sock.get_once(-1,3)
-                if res && res =~ /200 \d+/ # 200 ok
-                  return true
-                else
-                  return false
-                end
+            auth = require_auth?.to_s
+            if not auth == 'false'
+              #raise RuntimeError, $1 + "\n" + pass.strip + "\n" + $1 + "\n" + "auth " + Digest::SHA256.hexdigest("#{$1}\n#{pass.strip}\n#{$1}\n")
+              response = Digest::SHA256.hexdigest("#{$1}\n#{pass.strip}\n#{$1}\n")
+              sock.put("auth #{response}\n")
+              res = sock.get_once(-1,3)
+              raise RuntimeError, res
+              if res && res =~ @auth_success_regex
+                return true
               else
-                raise RuntimeError, "Varnish Login timeout"
+                return false
               end
+            else
+              raise RuntimeError, "No Auth Required"
             end
           rescue Timeout::Error
             raise RuntimeError, "Varnish Login timeout"
@@ -40,13 +38,14 @@ def close_session
         end
 
         def require_auth?
+          # function returns false if no auth is required, else
           sock.put("auth #{Rex::Text.rand_text_alphanumeric(3)}\n") # Cause a login fail to get the challenge
           res = sock.get_once(-1,3) # grab challenge
-            if res && res =~ /107 \d+\s\s\s\s\s\s\n(\w+)\n\nAuthentication required./ # 107 auth
-              return true
-            else
-              return false
-            end
+          if res && res =~ @auth_required_regex
+            return $1
+          else
+            return false
+          end
         end
 
       end