Shells & Payloads | The Live Engagement

In the exploiting of host-02 (blog)
I realized that in the metasploit script 50064.rb there is an error (it can’t get the csfr-token)
I made it work like this:

     raw_body = res.body.to_s
     token_pos = raw_body =~ /"[abcdef0-9] {10}"}/
     token_raw = raw_body[token_pos + 1, token_pos + 10] #this doesn't work as I expect, the next line is a workaround
     token = token_raw[0..9]

to be put in place of the two lines

     token = res.body.split ('":"') [1] .split ('"') [0]
     # token = res.to_s.scan (/ "[abcdef0-9]{10}"} /) [0] ('"}', '')

in the login function.
I apologize to Ruby’s purists but I don’t know this language so I’m sure there is a more elegant way to do what I did :smiley:

Hey all, I’ve recently been stuck on box 2 of the assesment. I’m trying to use the exploit mentioned in the blog, but keep encountering this error:

Has anyone encountered this before?