Merge pull request #21304 from adfoster-r7/improve-auxiliary-check-code-messages

Improve auxiliary check code messages

Author: adfoster-r7

modules/auxiliary/admin/dcerpc/cve_2020_1472_zerologon.rb

@@ -101,9 +101,9 @@ def check
       fail_with(Failure::UnexpectedReply, windows_error)
     end
 
-    return Exploit::CheckCode::Detected unless status == 0
+    return Exploit::CheckCode::Detected('Target responded but Zerologon exploit did not succeed') unless status == 0
 
-    Exploit::CheckCode::Vulnerable
+    Exploit::CheckCode::Vulnerable('Zerologon authentication bypass succeeded')
   end
 
   def run

modules/auxiliary/admin/hp/hp_ilo_create_admin_account.rb

@@ -56,14 +56,14 @@ def check
         }
       })
     rescue StandardError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Failed to connect to the target')
     end
 
     if (res.code == 200) && res.body.include?('"Description":"iLO User Accounts"')
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('Authentication bypass returned iLO User Accounts')
     end
 
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Authentication bypass did not return account data')
   end
 
   def run

modules/auxiliary/admin/http/cisco_ssm_onprem_account.rb

@@ -143,7 +143,7 @@ def check
       return Exploit::CheckCode::Appears('Password reset was successful, target is vulnerable')
     end
 
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Password reset status could not be determined')
   end
 
   def decode_url(encoded_string)

modules/auxiliary/admin/http/fortinet_fortiweb_create_admin.rb

@@ -77,7 +77,7 @@ def check
     j = JSON.parse(res.body)
 
     # Tested against vulnerable FortiWeb versions 8.0.1, 7.4.8, 6.4.3, and 6.3.9
-    return Exploit::CheckCode::Appears if j.dig('results', 'errcode') == -56
+    return Exploit::CheckCode::Appears('Authentication bypass succeeded on FortiWeb') if j.dig('results', 'errcode') == -56
 
     Exploit::CheckCode::Unknown('Unexpected JSON results')
   rescue JSON::ParserError

modules/auxiliary/admin/http/hikvision_unauth_pwd_reset_cve_2017_7921.rb

@@ -118,9 +118,9 @@ def check
       user_array.each do |user|
         print_status("USERNAME:#{user&.at_css('userName')&.content} | ID:#{user&.at_css('id')&.content} | ROLE:#{user&.at_css('userLevel')&.content}")
       end
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('Unauthenticated access to user credentials succeeded')
     else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("Target returned HTTP #{res.code}")
     end
   end
 

modules/auxiliary/admin/http/ibm_drm_download.rb

@@ -75,10 +75,10 @@ def check
       }
     })
     if res && (res.code == 302)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('IBM DRM web interface detected')
     end
 
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine if target is IBM DRM')
   end
 
   def create_session_id

modules/auxiliary/admin/http/idsecure_auth_bypass.rb

@@ -47,19 +47,19 @@ def check
         'uri' => normalize_uri(target_uri.path, 'api/util/configUI')
       })
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection failed')
     end
 
-    return Exploit::CheckCode::Unknown unless res&.code == 401
+    return Exploit::CheckCode::Unknown('Target did not return HTTP 401') unless res&.code == 401
 
     data = res.get_json_document
     version = data['Version']
-    return Exploit::CheckCode::Unknown if version.nil?
+    return Exploit::CheckCode::Unknown('Could not determine IDSecure version') if version.nil?
 
     print_status('Got version: ' + version)
-    return Exploit::CheckCode::Safe unless Rex::Version.new(version) <= Rex::Version.new('4.7.43.0')
+    return Exploit::CheckCode::Safe("IDSecure version #{version} is not vulnerable") unless Rex::Version.new(version) <= Rex::Version.new('4.7.43.0')
 
-    return Exploit::CheckCode::Appears
+    return Exploit::CheckCode::Appears("IDSecure version #{version} is vulnerable")
   end
 
   def run

modules/auxiliary/admin/http/intersil_pass_reset.rb

@@ -58,16 +58,16 @@ def check
 
     if res && (m = res.headers['Server'].match(%r{Boa/(.*)}))
       vprint_status("Boa Version Detected: #{m[1]}")
-      return Exploit::CheckCode::Safe if (m[1][0].ord - 48 > 0) # boa server wrong version
-      return Exploit::CheckCode::Safe if (m[1][3].ord - 48 > 4)
+      return Exploit::CheckCode::Safe("Boa version #{m[1]} is not vulnerable") if (m[1][0].ord - 48 > 0) # boa server wrong version
+      return Exploit::CheckCode::Safe("Boa version #{m[1]} is not vulnerable") if (m[1][3].ord - 48 > 4)
 
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable("Boa version #{m[1]} is vulnerable")
     end
 
     return Exploit::CheckCode::Safe('Not a Boa Server!')
   rescue Rex::ConnectionRefused
     print_error('Connection refused by server.')
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Connection refused by server')
   end
 
   def run

modules/auxiliary/admin/http/ivanti_vtm_admin.rb

@@ -61,10 +61,10 @@ def check
       version = match[1]
       return Exploit::CheckCode::Appears("Version: #{version}") if Rex::Version.new(version) <= Rex::Version.new('22.7R1')
     else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Could not detect Ivanti vTM version')
     end
 
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Ivanti vTM version is not vulnerable')
   end
 
   def run

modules/auxiliary/admin/http/joomla_registration_privesc.rb

@@ -52,28 +52,28 @@ def check
 
     unless res
       vprint_error('Unable to connect to target')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Unable to connect to target')
     end
 
     unless joomla_and_online?
       vprint_error('Unable to detect Joomla')
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Target does not appear to be Joomla')
     end
 
     version = Rex::Version.new(joomla_version)
 
     unless version
       vprint_error('Unable to detect Joomla version')
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('Joomla detected but version could not be determined')
     end
 
     vprint_status("Detected Joomla version #{version}")
 
     if version.between?(Rex::Version.new('3.4.4'), Rex::Version.new('3.6.3'))
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Joomla #{version} is in the vulnerable range 3.4.4-3.6.3")
     end
 
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe("Joomla #{version} is not in the vulnerable range")
   end
 
   def get_csrf(hidden_fields)