Showing 7,361 of 22,177 total issues
Method initialize
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Exim 4.87 - 4.91 Local Privilege Escalation',
Method initialize
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Micro Focus (HPE) Data Protector SUID Privilege Escalation',
Method initialize
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'SonicWall SMA 100 Series Authenticated Command Injection',
Method initialize
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Sourcegraph gitserver sshCommand RCE',
Method initialize
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(update_info(info,
'Name' => 'Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution',
'Description' => %q{
This module takes advantage of two vulnerabilities in order to gain remote code execution as root
Method initialize
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(update_info(info,
'Name' => 'D-Link DIR615h OS Command Injection',
'Description' => %q{
Some D-Link Routers are vulnerable to an authenticated OS command injection on
Method register_user
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def register_user(username, password)
# First thing first, we need to get csrf token from registration form.
print_status('Registering a new user')
res = send_request_cgi(
Method initialize
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Rconfig 3.x Chained Remote Code Execution',
Method exploit
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
# Command injection has a 0x14 byte length limit so keep the file name as small as possible.
# The length limit is also why we leverage the arbitrary file write -> write our payload to the .qrs file then execute it with the command injection.
filename = rand_text_alpha(1)
payload_filepath = "#{datastore['WRITABLE_DIR']}/#{filename}.qsr"
Method initialize
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Netis router MW5360 unauthenticated RCE.',
Method initialize
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'PowerShellEmpire Arbitrary File Upload (Skywalker)',
Method opennms_login
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def opennms_login(mode, perform_invalid_login: false)
if perform_invalid_login
user = Rex::Text.rand_text_alpha(8..12)
pass = Rex::Text.rand_text_alpha(8..12)
keep_cookies = false
Method initialize
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(update_info(info,
'Name' => 'Netgear DGN2200B pppoe.cgi Remote Command Execution',
'Description' => %q{
Some Netgear Routers are vulnerable to an authenticated OS command injection
Method enum_tmos_configs
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def enum_tmos_configs(prompt)
host = session.session_host
port = session.session_port
exec_commands = [
{
Method run
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def run
backup_locations = []
sprop_locations = []
vprint_status('OS Detected: %s' % session.platform)
Method transmit_payload
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def transmit_payload(exe, platform)
#
# Generate the stager command array
#
linemax = 1700
Method decrypt_wug_db
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def decrypt_wug_db(csv_dataset)
current_row = 0
decrypted_rows = 0
plaintext_rows = 0
blank_rows = 0
Method run
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def run
print_status('Checking Default Locations...')
check_systemroot
grab_user_profiles.each do |user|
Method process_files
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def process_files(username)
secrets = ''
masterkey = nil
decrypt_table = Rex::Text::Table.new(
'Header' => 'Decrypted data',
Method app_list
has 57 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def app_list
tbl = Rex::Text::Table.new(
'Header' => 'Keys',
'Indent' => 1,
'Columns' =>