Method fetch_cookie has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def fetch_cookie
    # Request a page and extract a F5 looking cookie
    cookie = {}
    res = send_request_raw('method' => 'GET', 'uri' => @uri)

• Read up
  Read up

Method ldap_get has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def ldap_get(filter, attributes: [])
    raw_obj = @ldap.search(base: @base_dn, filter: filter, attributes: attributes).first
    return nil unless raw_obj

    obj = {}

• Read up
  Read up

Method auth_v11 has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def auth_v11
    res = send_request_cgi(
      'uri' => normalize_uri(target_uri.path, 'fm/'),
      'method' => 'GET',
      'vars_get' =>

• Read up
  Read up

Method run has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def run
    print_status("Grabbing the SQL Server name and domain...")
    db_server_name = get_server_name
    if db_server_name.nil?
      print_error("Unable to grab the server name")

• Read up
  Read up

Avoid deeply nested control flow statements.

Open

                if (liste_dst_ips.include? pkt.arp_saddr_ip and liste_src_ips.include? pkt.arp_daddr_ip) or
                  (args[:BIDIRECTIONAL] and liste_dst_ips.include? pkt.arp_daddr_ip and liste_src_ips.include? pkt.arp_saddr_ip)
                  vprint_status("Listener : Request from #{pkt.arp_saddr_ip} for #{pkt.arp_daddr_ip}")
                  reply = buildreply(pkt.arp_daddr_ip, @smac, pkt.arp_saddr_ip, pkt.eth_saddr)
                  3.times{listener_capture.inject(reply.to_s)}

Method ldap_get has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def ldap_get(filter, attributes: [])
    raw_obj = @ldap.search(base: @base_dn, filter: filter, attributes: attributes).first
    return nil unless raw_obj

    obj = {}

• Read up
  Read up

Method authenticate has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def authenticate
    res = send_request_cgi({
      'uri' => normalize_uri(datastore['TARGETURI'], 'userSession.do'),
      'method' => 'POST',
      'vars_post' => {

• Read up
  Read up

Method read_file has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def read_file(the_cookie)
    print_status("#{rhost}:#{rport} - Accessing the file...")
    file = datastore['FILENAME']
    fileuri = "/goform/logRead?Readfile=../../../../../../..#{file}"
    final_url = (ssl ? 'https' : 'http').to_s + '://' + "#{rhost}:#{rport}" + fileuri.to_s

• Read up
  Read up

Method run has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def run
    print_status('Requesting list of entities from endpoint, this may take a minute...')
    users = send_request_raw({
      'method' => 'GET',
      'uri' => normalize_uri(datastore['TARGETURI'], "/ws/dal/#{datastore['ENDPOINT']}"),

• Read up
  Read up

Method check has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def check
    begin
      @xsrf_token_value = xsrf_token_value
      @auth_token = auth_token(@xsrf_token_value)
      @reset_password = reset_password(@xsrf_token_value, @auth_token)

• Read up
  Read up

Method run has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def run
    cookie = authenticate
    if cookie.nil?
      fail_with(Failure::Unknown, "#{peer} - Failed to log in with the provided credentials.")
    else

• Read up
  Read up

Method check has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def check
    res = send_request_cgi(
      'method' => 'GET',
      'uri' => normalize_uri(target_uri.path, '/login.action')
    )

• Read up
  Read up

Method cmd_exec_run has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def cmd_exec_run(the_cookie)
    # Verify backdoor 'root' shell url exists
    root_shell = (ssl ? 'https' : 'http').to_s + '://' + "#{rhost}:#{rport}" + '/adm/syscmd.asp'
    print_status("#{rhost}:#{rport} - Checking backdoor 'root' shell...")

• Read up
  Read up

Method run_host has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def run_host(_ip)
    @files_found = []

    begin
      print_status("Attempting to connect to #{rhost}:#{rport}")

• Read up
  Read up

Method blind_size has 6 arguments (exceeds 4 allowed). Consider refactoring.

Open

  def blind_size(field, table, condition, size, charset, patterns = {})

Method run has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def run
    datastore['SID_MAX'].times do |x|
      print_status("Trying session ID #{x}")

      res = send_request_raw({

• Read up
  Read up

Method blind has 6 arguments (exceeds 4 allowed). Consider refactoring.

Open

  def blind(field, table, condition, charset, digit_charset, patterns = {})

Method run has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def run
    if check_filename(datastore['filepath'])
      file = nil
      if datastore['TRAVERSAL_PATH'].nil?
        traversal_size = datastore['MAX_TRAVERSAL']

• Read up
  Read up

Avoid deeply nested control flow statements.

Open

            if ending[i] == base[pos]
              isthere = true
              partnum += pos.to_s
              if pos == 0
                if !startnum

Method run has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def run
    print_status("Trying to get 'admin' user password ...")
    res = send_request_cgi({
      'uri' => '/webctrl.cgi',
      'method' => 'POST',

• Read up
  Read up