File dnn_cookie_deserialization_rce.rb has 547 lines of code (exceeds 250 allowed). Consider refactoring.

Open

require 'openssl'
require 'set'

class MetasploitModule < Msf::Exploit::Remote
  include Msf::Exploit::Remote::HttpClient

Method find_key has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.

Open

  def find_key(cipher_text)
    print_status('Finding Key...')

    # Counter
    total_keys = @key_charset.length**8

• Read up
  Read up

Method exploit has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.

Open

  def exploit
    return unless check == Exploit::CheckCode::Appears

    @encrypted = datastore['ENCRYPTED']
    verification_code = datastore['VERIFICATION_CODE']

• Read up
  Read up

Method exploit has 81 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def exploit
    return unless check == Exploit::CheckCode::Appears

    @encrypted = datastore['ENCRYPTED']
    verification_code = datastore['VERIFICATION_CODE']

Method initialize has 70 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'DotNetNuke Cookie Deserialization Remote Code Excecution',

Class MetasploitModule has 22 methods (exceeds 20 allowed). Consider refactoring.

Open

class MetasploitModule < Msf::Exploit::Remote
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::Powershell
  include Msf::Exploit::Remote::HttpServer

Method find_key has 53 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def find_key(cipher_text)
    print_status('Finding Key...')

    # Counter
    total_keys = @key_charset.length**8

Method select_target has a Cognitive Complexity of 15 (exceeds 5 allowed). Consider refactoring.

Open

  def select_target
    print_status('Trying to determine DNN Version...')
    # Check for copyright version in /Documentation/license.txt
    uri = %r{^(.*[\\/])}.match(target_uri.path)[0]
    vprint_status("Checking version at #{normalize_uri("#{uri}Documentation", 'License.txt')} ...")

• Read up
  Read up

Method select_target has 45 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def select_target
    print_status('Trying to determine DNN Version...')
    # Check for copyright version in /Documentation/license.txt
    uri = %r{^(.*[\\/])}.match(target_uri.path)[0]
    vprint_status("Checking version at #{normalize_uri("#{uri}Documentation", 'License.txt')} ...")

Method generate_base_keys has a Cognitive Complexity of 14 (exceeds 5 allowed). Consider refactoring.

Open

  def generate_base_keys(pos, from_key, new_key)
    if !@unchanged.include? from_key[pos]
      if from_key[pos].even?
        new_key[pos] = (from_key[pos] + 1).chr
      else

• Read up
  Read up

Method brute_force_ivs has 5 arguments (exceeds 4 allowed). Consider refactoring.

Open

  def brute_force_ivs(pt_prefix, num_chars_needed, cipher_text, key, found_pt)

Method brute_force_ivs has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.

Open

  def brute_force_ivs(pt_prefix, num_chars_needed, cipher_text, key, found_pt)
    charset = '0123456789abcdef'
    if num_chars_needed == 0
      @decryptor.key = key
      @decryptor.iv = pt_prefix

• Read up
  Read up

Method test_passphrases has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.

Open

  def test_passphrases
    for i in 0..@passphrases.size - 1
      # Stop sending if we've found the passphrase
      if !@passphrase.empty?
        break

• Read up
  Read up

Avoid too many return statements within this method.

Open

    return false

Avoid too many return statements within this method.

Open

      return false

Method decrypt_data_and_iv has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.

Open

  def decrypt_data_and_iv(cipher, cipher_text, key)
    cipher.key = key
    begin
      plaintext = cipher.update(cipher_text) + cipher.final
      if @target_idx == 4

• Read up
  Read up