File zyxel_lfi_unauth_ssh_rce.rb
has 397 lines of code (exceeds 250 allowed). Consider refactoring. Open
require 'socket'
require 'digest/md5'
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
Method serial_num_method3
has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring. Open
def serial_num_method3(serial_number)
# SerialNumMethod3 password derivation function
# constant definitions
keystr1_byte_array = 'IO'.bytes.to_a
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method exploit
has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring. Open
def exploit
# run if AutoCheck is false (@config = nil), otherwise use the information in @config gathered during the check method
unless @config
res = get_configuration
fail_with(Failure::NotVulnerable, 'Target is not vulnerable.') if res.nil? || res.code != 200
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method initialize
has 96 lines of code (exceeds 25 allowed). Consider refactoring. Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Zyxel chained RCE using LFI and weak password derivation algorithm',
Method process_configuration
has a Cognitive Complexity of 18 (exceeds 5 allowed). Consider refactoring. Open
def process_configuration(res)
# Initiate the instance variable config to store the configuration
@config = {}
# Parse the device configuration json file
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method exploit
has 51 lines of code (exceeds 25 allowed). Consider refactoring. Open
def exploit
# run if AutoCheck is false (@config = nil), otherwise use the information in @config gathered during the check method
unless @config
res = get_configuration
fail_with(Failure::NotVulnerable, 'Target is not vulnerable.') if res.nil? || res.code != 200
Method serial_num_method3
has 48 lines of code (exceeds 25 allowed). Consider refactoring. Open
def serial_num_method3(serial_number)
# SerialNumMethod3 password derivation function
# constant definitions
keystr1_byte_array = 'IO'.bytes.to_a
Method process_configuration
has 34 lines of code (exceeds 25 allowed). Consider refactoring. Open
def process_configuration(res)
# Initiate the instance variable config to store the configuration
@config = {}
# Parse the device configuration json file
Method double_hash
has 31 lines of code (exceeds 25 allowed). Consider refactoring. Open
def double_hash(input, size = 8)
# ROUND 1
# take the MD5 hash from the serial number SXXXXXXXXXXXX
# this returns a hash of 32 char bytes.
# read md5 hash per two char bytes, check if first char byte = '0', then make first byte char == second byte char
Method double_hash
has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring. Open
def double_hash(input, size = 8)
# ROUND 1
# take the MD5 hash from the serial number SXXXXXXXXXXXX
# this returns a hash of 32 char bytes.
# read md5 hash per two char bytes, check if first char byte = '0', then make first byte char == second byte char
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method mod3_key_generator
has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring. Open
def mod3_key_generator(seed)
# key generator function used in the SerialNumMethod3 pasword derivation function
round4_array = Array.new(16, 0)
found0s = 0
found1s = 0
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Avoid deeply nested control flow statements. Open
next unless (round3_byte_array[i] == keystr2_byte_array[j])
Avoid deeply nested control flow statements. Open
next unless (round3_byte_array[i] == keystr3_byte_array[j])