Method check has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def check
    begin
      # authorization header required, see https://github.com/rapid7/metasploit-framework/pull/6433#r56764179
      # after a chat with @bcoles in IRC.
      res = send_request_cgi(

• Read up
  Read up

Method leak_api_key has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def leak_api_key(*path_parts)
    path = normalize_uri(path_parts)

    print_status("Leaking API key from #{path}")

• Read up
  Read up

Avoid deeply nested control flow statements.

Open

          next unless (round3_byte_array[i] == keystr2_byte_array[j])

Method telnet_prompt_wait has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def telnet_prompt_wait(error_regex = nil)
    begin
      result = read_until(@telnet_sock, @telnet_timeout, @telnet_prompt)
      if error_regex
        error_regex = [error_regex] unless error_regex.is_a? Array

• Read up
  Read up

Avoid deeply nested control flow statements.

Open

        if Rex::Version.new(phpversion) < Rex::Version.new('5.6.39')
          vprint_good("PHP Version #{phpversion} is vulnerable")
          return CheckCode::Appears
        else
          vprint_bad("PHP Version #{phpversion} is NOT vulnerable, patched in 5.6.39.")

Avoid deeply nested control flow statements.

Open

      unless res
        print_error('Error loading site.  Check options.')
        return
      end

Avoid deeply nested control flow statements.

Open

      if res.code == 302
        cookie = res.get_cookies
        print_good('Login Success')
      else
        print_error('Failed Login, check options.')

Method brute_force has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def brute_force
    print_status('Beginning brute forcing...')
    # Attempt to get a new session cookie with an LED puzzle tied to it.
    res = send_request_cgi(
      'method' => 'GET',

• Read up
  Read up

Avoid deeply nested control flow statements.

Open

      if /name='e-token' value='(?<etoken>\w{32})'/ =~ res.body && /_system::procEmailBounce.+?cron_execute\[(?<cron_id>\d)\]/m =~ res.body
        print_good("Triggering manual run of mail bounch check cron to execute payload with cron id #{cron_id} and etoken #{etoken}")
        # The post request has several duplicate columns, however all were not required.  Left them commented for documentation purposes
        send_request_cgi(
          'method' => 'POST',

Avoid deeply nested control flow statements.

Open

    elsif target.name =~ /custom/
      print_status('Listener started for 300 seconds')
      print_good("POST request connection string: x #{command}}")
      # URI.encode leaves + as + since that's a space encoded.  So we manually change it.
      print_good("GET request connection string: #{URI::DEFAULT_PARSER.escape("x " + command + "}").sub! '+', '%2B'}")

Avoid deeply nested control flow statements.

Open

      if res.body.include? 'Status: <b>Disabled</b>'
        print_error('Cron disabled, unexploitable.')
        return
      end

Avoid deeply nested control flow statements.

Open

      unless res
        print_error('Error loading site.  Check options.')
        return
      end

Avoid deeply nested control flow statements.

Open

      unless res
        print_error('Error loading site.  Check options.')
        return
      end

Method select_metric has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def select_metric
    # check if any metrics have been configured. if not, exploitation cannot work
    res = send_request_cgi({
      'method' => 'GET',
      'uri' => normalize_uri(target_uri.path, 'suggest'),

• Read up
  Read up

Method select_aggregator has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def select_aggregator
    # check the configured aggregators and select one at random
    res = send_request_cgi({
      'method' => 'GET',
      'uri' => normalize_uri(target_uri.path, 'aggregators')

• Read up
  Read up

Method login has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def login
    login_uri = normalize_uri(target_uri.path, 'login')
    res = send_request_cgi('method' =>  'GET', 'uri'  =>  login_uri)
    fail_with(Failure::NotFound, 'Failed to access the login page') unless res && res.code == 200

• Read up
  Read up

Method check has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def check
    print_status("Checking if #{peer} can be exploited!")
    res = send_request_cgi(
      'uri' => normalize_uri(datastore['TARGETURI'], 'favicon.ico'),
      'method' => 'GET'

• Read up
  Read up

Method check has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def check
    res = create_user(role: 'Guest')
    return CheckCode::Unknown('No response received from target.') unless res
    return CheckCode::Safe('Failed to create the user.') unless res.code == 200

• Read up
  Read up

Method deal_with_failure_by_mode has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def deal_with_failure_by_mode(mode, message, status)
    return [false, "#{message}. Manual cleanup is required."] if mode == 'cleanup'

    case status
    when 'disconnected'

• Read up
  Read up

Avoid deeply nested control flow statements.

Open

          @my_target = targets[1] if target['auto']