Avoid deeply nested control flow statements.

Open

            break if session_created?

Method leak_info has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def leak_info
    file_contents = read_file(datastore['FILE'])
    return unless file_contents

    a = file_contents.split("\n")

• Read up
  Read up

Method bypass_dll_path has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def bypass_dll_path
    path = ::File.join(Msf::Config.data_directory, 'post')

    sysarch = sysinfo['Architecture']
    if sysarch == ARCH_X86

• Read up
  Read up

Method exploit has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def exploit
    # Make sure we meet the requirements before running the script
    unless have_powershell?
      fail_with(Failure::BadConfig, 'PowerShell not found')
    end

• Read up
  Read up

Method exploit has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def exploit
    print_status("Searching for valid command execution point...")
    x = false
    until (x)
      x, y, z = find_exec

• Read up
  Read up

Method write_reg_keys has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def write_reg_keys(image_file, payload_pathname)
    reg_keys = []
    reg_keys.push(key_name: "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\#{image_file}",
                  value_name: "GlobalFlag",
                  type: "REG_DWORD",

• Read up
  Read up

Method check_permissions! has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def check_permissions!
    unless check == Exploit::CheckCode::Appears
      fail_with(Failure::NotVulnerable, 'Target is not vulnerable.')
    end
    fail_with(Failure::None, 'Already in elevated state') if is_admin? || is_system?

• Read up
  Read up

Method reload_config has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def reload_config(token)
    print_status('Reloading Application . . .')

    send_request_cgi({
      'method' => 'GET',

• Read up
  Read up

Method exploit has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def exploit
   unless have_powershell?
      print_error("This module requires powershell to run")
      return
   end

• Read up
  Read up

Method exploit has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def exploit
    unless is_system? || is_admin?
      print_error("Insufficient privileges to create service")
      return
    end

• Read up
  Read up

Method check_permissions! has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def check_permissions!
    unless check == Exploit::CheckCode::Appears
      fail_with(Failure::NotVulnerable, 'Target is not vulnerable.')
    end
    fail_with(Failure::None, 'Already in elevated state') if is_admin? || is_system?

• Read up
  Read up

Method get_dotnet_path has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def get_dotnet_path(windir)
    base_path = "#{windir}\\Microsoft.NET\\Framework#{payload.arch.first == ARCH_X86 ? '' : '64'}"
    paths = dir(base_path).select { |p| p[0] == 'v' }
    dotnet_path = nil

• Read up
  Read up

Method cve_2020_1048_privileged_filecopy has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def cve_2020_1048_privileged_filecopy(destination_file, source_file, exploit_path, target_arch, force_exploit: false)
    # Upload Exploit
    if target_arch == ARCH_X86
      vprint_status('Using x86 binary')
      exploit_bin = exploit_data('CVE-2020-1048', 'cve-2020-1048-exe.Win32.exe')

• Read up
  Read up

Method reload_config has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def reload_config(token)
    print_status('Reloading Application . . .')

    send_request_cgi({
      'method' => 'GET',

• Read up
  Read up

Method check has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def check
    res = send_request_cgi(
      'method' => 'GET',
      'uri'    => '/'
    )

• Read up
  Read up

Method authenticate has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def authenticate
    if datastore['USERNAME'].blank? && datastore['PASSWORD'].blank?
      fail_with(Failure::BadConfig, 'Please set the USERNAME and PASSWORD options')
    end

• Read up
  Read up

Method check has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def check
    res = send_request_cgi({
      'method' => 'GET',
      'uri' => normalize_uri(target_uri.path)
    })

• Read up
  Read up

Method auth has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def auth(my_target)
    # Version XG performs MD5 validation on wf_CSRF_token parameter. We can't simply use PHPSESSID directly because it contains a-zA-Z0-9.
    # Beside that, version 11 use PHPSESSID value as a csrf token. Thus, we are manually crafting the cookie.
    if my_target.name == 'OfficeScan XG'
      csrf_token = build_csrftoken(my_target)

• Read up
  Read up

Method exploit has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def exploit
    print_status("Trying target #{target.name}...")

    install_path = get_install_path
    install_path << "help\\English_United States.1252"

• Read up
  Read up

Method exploit has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def exploit

    mytarget = target

    if (target.name =~ /Automatic/)

• Read up
  Read up