[FixRM rapid7#8319] - Properly disable BLANK_PASSWORDS for ektron_cms400net

In module ektron_cms400net.rb, datastore option "BLANK_PASSWORDS" is
set to false by default, because according to the original author, a
blank password will result in account lockouts. Since the user should
never set "BLANK_PASSWORDS" to true, this option should never be
presented as an option (when issuing the "show options").

While fixing rapid7#8319, I also noticed another bug at line 108, where
res.code is used when res could be nil due to a timeout, so I ended
up fixing it, too.

Author: wchen-r7

modules/auxiliary/scanner/http/ektron_cms400net.rb

@@ -29,8 +29,6 @@ def initialize(info={})
 
 		register_options(
 			[
-				#Set to false to prevent account lockouts - it will!
-				OptBool.new('BLANK_PASSWORDS', [false, "Try blank passwords for all users", false]),
 				OptString.new('URI', [true, "Path to the CMS400.NET login page", '/WorkArea/login.aspx']),
 				OptPath.new(
 					'USERPASS_FILE',
@@ -40,7 +38,9 @@ def initialize(info={})
 						File.join(Msf::Config.install_root, "data", "wordlists", "cms400net_default_userpass.txt")
 					])
 			], self.class)
-		end
+
+		deregister_options('BLANK_PASSWORDS')
+	end
 
 	def target_url
 		#Function to display correct protocol and host/vhost info
@@ -58,7 +58,16 @@ def target_url
 		end
 	end
 
+	def cleanup
+		datastore['BLANK_PASSWORDS'] = @blank_pass
+	end
+
 	def run_host(ip)
+		# "Set to false to prevent account lockouts - it will!"
+		# Therefore we shouldn't present BLANK_PASSWORDS as an option
+		@blank_pass = datastore['BLANK_PASSWORDS']
+		datastore['BLANK_PASSWORDS'] = false
+
 		begin
 			res = send_request_cgi(
 			{
@@ -96,7 +105,7 @@ def run_host(ip)
 			end
 
 		rescue
-			print_error ("Ektron CMS400.NET login page not found at #{target_url}  [HTTP #{res.code}]")
+			print_error ("Ektron CMS400.NET login page not found at #{target_url}  [HTTP #{res.code rescue '= No response'}]")
 			return
 		end
 	end