Removed "ssl_restore = true"

Author: heyder

modules/exploits/linux/http/dlink_diagnostic_exec_noauth.rb

@@ -122,11 +122,6 @@ def exploit
     if (datastore['DOWNHOST'])
       service_url = 'http://' + datastore['DOWNHOST'] + ':' + datastore['SRVPORT'].to_s + resource_uri
     else
-      #do not use SSL
-      if datastore['SSL']
-        ssl_restore = true
-        datastore['SSL'] = false
-      end
 
       #we use SRVHOST as download IP for the coming wget command.
       #SRVHOST needs a real IP address of our download host
@@ -144,9 +139,10 @@ def exploit
           on_request_uri(cli, req)
         },
         'Path' => resource_uri
-      }})
+      },
+      'ssl' => false # do not use SSL
+    })
 
-      datastore['SSL'] = true if ssl_restore
     end
 
     #

modules/exploits/linux/http/dlink_dir615_up_exec.rb

@@ -155,11 +155,6 @@ def exploit
     if (datastore['DOWNHOST'])
       service_url = 'http://' + datastore['DOWNHOST'] + ':' + datastore['SRVPORT'].to_s + resource_uri
     else
-      #do not use SSL
-      if datastore['SSL']
-        ssl_restore = true
-        datastore['SSL'] = false
-      end
 
       if (datastore['SRVHOST'] == "0.0.0.0" or datastore['SRVHOST'] == "::")
         srv_host = Rex::Socket.source_address(rhost)
@@ -174,9 +169,10 @@ def exploit
           on_request_uri(cli, req)
         },
         'Path' => resource_uri
-      }})
+      },
+      'ssl' => false # do not use SSL
+      })
 
-      datastore['SSL'] = true if ssl_restore
     end
 
     #

modules/exploits/linux/http/dlink_hnap_login_bof.rb

@@ -253,12 +253,6 @@ def exploit
       @elf_sent = false
       resource_uri = '/' + downfile
 
-      #do not use SSL
-      if datastore['SSL']
-        ssl_restore = true
-        datastore['SSL'] = false
-      end
-
       if (datastore['SRVHOST'] == "0.0.0.0" or datastore['SRVHOST'] == "::")
         srv_host = Rex::Socket.source_address(rhost)
       else
@@ -272,7 +266,9 @@ def exploit
           on_request_uri(cli, req)
         },
         'Path' => resource_uri
-      }})
+      },
+      'ssl' => false # do not use SSL
+      })
 
       datastore['SSL'] = true if ssl_restore
       print_status("#{peer} - Asking the device to download and execute #{service_url}")

modules/exploits/linux/http/linksys_e1500_apply_exec.rb

@@ -151,11 +151,6 @@ def exploit
     if (datastore['DOWNHOST'])
       service_url = 'http://' + datastore['DOWNHOST'] + ':' + datastore['SRVPORT'].to_s + resource_uri
     else
-      #do not use SSL
-      if datastore['SSL']
-        ssl_restore = true
-        datastore['SSL'] = false
-      end
 
       #we use SRVHOST as download IP for the coming wget command.
       #SRVHOST needs a real IP address of our download host
@@ -172,9 +167,10 @@ def exploit
           on_request_uri(cli, req)
         },
         'Path' => resource_uri
-      }})
+      },
+      'ssl' => false # do not use SSL
+    })
 
-      datastore['SSL'] = true if ssl_restore
     end
 
     #

modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb

@@ -304,11 +304,6 @@ def exploit
     if (datastore['DOWNHOST'])
       service_url = 'http://' + datastore['DOWNHOST'] + ':' + datastore['SRVPORT'].to_s + resource_uri
     else
-      #do not use SSL
-      if datastore['SSL']
-        ssl_restore = true
-        datastore['SSL'] = false
-      end
 
       #we use SRVHOST as download IP for the coming wget command.
       #SRVHOST needs a real IP address of our download host
@@ -325,9 +320,10 @@ def exploit
           on_request_uri(cli, req)
         },
         'Path' => resource_uri
-      }})
+      },
+      'ssl' => false # do not use SSL
+    })
 
-      datastore['SSL'] = true if ssl_restore
     end
 
     #

modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb

@@ -155,11 +155,6 @@ def exploit
     if (datastore['DOWNHOST'])
       service_url = 'http://' + datastore['DOWNHOST'] + ':' + datastore['SRVPORT'].to_s + resource_uri
     else
-      #do not use SSL
-      if datastore['SSL']
-        ssl_restore = true
-        datastore['SSL'] = false
-      end
 
       #we use SRVHOST as download IP for the coming wget command.
       #SRVHOST needs a real IP address of our download host
@@ -176,9 +171,10 @@ def exploit
           on_request_uri(cli, req)
         },
         'Path' => resource_uri
-      }})
+      },
+      'ssl' => false # do not use SSL
+    })
 
-      datastore['SSL'] = true if ssl_restore
     end
 
     #

modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb

@@ -270,11 +270,6 @@ def exploit
     if (datastore['DOWNHOST'])
       service_url = 'http://' + datastore['DOWNHOST'] + ':' + datastore['SRVPORT'].to_s + resource_uri
     else
-      #do not use SSL
-      if datastore['SSL']
-        ssl_restore = true
-        datastore['SSL'] = false
-      end
 
       #we use SRVHOST as download IP for the coming wget command.
       #SRVHOST needs a real IP address of our download host
@@ -291,9 +286,10 @@ def exploit
           on_request_uri(cli, req)
         },
         'Path' => resource_uri
-      }})
+      },
+      'ssl' => false # do not use SSL
+    })
 
-      datastore['SSL'] = true if ssl_restore
     end
 
     #

modules/exploits/linux/http/vestacp_exec.rb

@@ -252,28 +252,21 @@ def on_request_uri(cli, _request)
   end
 
   def start_http_server
-    #
-    # HttpClient and HttpServer use same SSL variable :(
-    # We don't need SSL for payload delivery so we
-    # will disable it temporarily.
-    #
-    if datastore['SSL']
-      ssl_restore = true
-      datastore['SSL'] = false
-    end
+    
     start_service({
       'Uri' => {
         'Proc' => proc do |cli, req|
           on_request_uri(cli, req)
         end,
         'Path' => resource_uri
-      }
+      },
+      'ssl' => false # do not use SSL
     })
     print_status("Second payload download URI is #{get_uri}")
     # We need to use instance variables since get_uri keeps using
     # the SSL setting from the datastore.
     # Once the URI is retrieved, we will restore the SSL settings within the datastore.
     @second_stage_url = get_uri
-    datastore['SSL'] = true if ssl_restore
+
   end
 end

modules/exploits/linux/smtp/exim4_dovecot_exec.rb

@@ -112,12 +112,6 @@ def exploit
         fail_with(Failure::Unknown, 'The Web Server needs to live on SRVPORT=80')
       end
 
-      #do not use SSL
-      if datastore['SSL']
-        ssl_restore = true
-        datastore['SSL'] = false
-      end
-
       #we use SRVHOST as download IP for the coming wget command.
       #SRVHOST needs a real IP address of our download host
       if (datastore['SRVHOST'] == "0.0.0.0" or datastore['SRVHOST'] == "::")
@@ -134,9 +128,10 @@ def exploit
           on_request_uri(cli, req)
         },
         'Path' => resource_uri
-      }})
+      },
+      'ssl' => false # do not use SSL
+    })
 
-      datastore['SSL'] = true if ssl_restore
     end
 
 

modules/exploits/multi/http/bassmaster_js_injection.rb

@@ -141,12 +141,6 @@ def start_http_server
       srv_host = datastore['SRVHOST']
     end
 
-    # do not use SSL for the attacking web server
-    if datastore['SSL']
-      ssl_restore = true
-      datastore['SSL'] = false
-    end
-
     @service_url = "http:\\x2f\\x2f#{srv_host}:#{datastore['SRVPORT']}#{resource_uri}"
     service_url_payload = srv_host + resource_uri
     print_status("#{rhost}:#{rport} - Starting up our web service on #{@service_url} ...")
@@ -155,8 +149,10 @@ def start_http_server
         on_request_uri(cli, req)
       },
       'Path' => resource_uri
-    }})
-    datastore['SSL'] = true if ssl_restore
+    },
+    'ssl' => false # do not use SSL
+    })
+
     connect
   end