Showing 15,888 of 21,960 total issues
Method retrieve_original_settings
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def retrieve_original_settings
res = send_request_cgi(
{
'uri' => normalize_uri(target_uri.path, 'api', 'json', 'admin', 'getServerSettings'),
'method' => 'POST',
Method generate_shares
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def generate_shares(path)
share_name = @share_name
%Q|
<D:response xmlns:lp1="DAV:" xmlns:lp2="http://apache.org/dav/props/">
<D:href>#{path}#{share_name}/</D:href>
Method exploit
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
# Get the sessionID and siLockLongTermInstID
print_status('[01/11] Get the sessionID and siLockLongTermInstID')
populate_token_instid
# Allow Remote Access and Create new sysAd
Method build_properties_class
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def build_properties_class
# Create the object
object = Rex::Java::Serialization::Model::NewObject.new
object.class_desc = Rex::Java::Serialization::Model::ClassDesc.new
Method generate_shares
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def generate_shares(path)
share_name = datastore['SHARENAME']
%Q|
<D:response xmlns:lp1="DAV:" xmlns:lp2="http://apache.org/dav/props/">
<D:href>#{path}#{share_name}/</D:href>
Method process_get
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def process_get(cli, request)
myhost = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
webdav = "\\\\#{myhost}\\"
Method on_request_uri
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def on_request_uri(cli, request)
return if ((p = regenerate_payload(cli)) == nil)
print_status("Sending #{self.name}")
Method initialize
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(update_info(info,
'Name' => 'Symantec AppStream LaunchObj ActiveX Control Arbitrary File Download and Execute',
'Description' => %q{
This module exploits a vulnerability in Symantec AppStream Client 5.x. The vulnerability
Method process_get
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def process_get(cli, request)
myhost = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
webdav = "\\\\#{myhost}\\"
if blacklisted_path?(request.uri)
Method generate_shares
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def generate_shares(path)
share_name = @share_name
%Q|
<D:response xmlns:lp1="DAV:" xmlns:lp2="http://apache.org/dav/props/">
<D:href>#{path}#{share_name}/</D:href>
Method exploit
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
template = %Q|<?xml version="1.0" encoding="UTF-8"?>
<playlist version="1" xmlns="http://xspf.org/ns/0/" xmlns:vlc="http://www.videolan.org/vlc/playlist/ns/0/">
<title>Playlist</title>
Method exploit
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
peer = "#{rhost}:#{rport}"
# Setup the necessary files to do the wbemexec trick
Method on_file_read
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def on_file_read(fname, file)
f = open(file, 'rb')
buf = f.read
f.close
Method exploit
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
template = [
"[Content_Types].xml",
"_rels/.rels",
"docProps/thumbnail.jpeg",
Method make_ttf
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def make_ttf
ttf_data = ""
# load the static ttf file
Method generate_shares
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def generate_shares(path)
share_name = datastore['SHARENAME']
%Q|
<D:response xmlns:lp1="DAV:" xmlns:lp2="http://apache.org/dav/props/">
<D:href>#{path}#{share_name}/</D:href>
Method exploit
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
if !datastore['ForceExploit'] && is_root?
fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')
end
Method exploit
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
if !datastore['ForceExploit'] && is_root?
fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')
end
Method exploit
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
if !datastore['ForceExploit'] && is_root?
fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')
end
Method api_key
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def api_key
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(target_uri.path, 'api/'),
'vars_get' => {