Ensure http_login scanner module saves passwds.
Fixes #6983. When the auxiliary/scanner/http/http_login module discovers a successful basic auth user+password combination, make sure we properly store the password by specifically telling the credentials gem that the private data we're storing is a :password.
This commit is contained in:
parent
6e1b6e96a9
commit
159446ce92
|
@ -181,6 +181,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
case result.status
|
||||
when Metasploit::Model::Login::Status::SUCCESSFUL
|
||||
print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"
|
||||
credential_data[:private_type] = :password
|
||||
credential_core = create_credential(credential_data)
|
||||
credential_data[:core] = credential_core
|
||||
create_credential_login(credential_data)
|
||||
|
|
Loading…
Reference in New Issue