Fixing up OWA bruteforce module to conform with the usual print_status

messages.
2011-11-28 13:31:54 -06:00 · 2011-11-28 13:31:54 -06:00 · 44a47f9913
parent a578db7f56
commit 44a47f9913
2 changed files with 18 additions and 12 deletions
--- a/lib/msf/core/auxiliary/auth_brute.rb
+++ b/lib/msf/core/auxiliary/auth_brute.rb
@ -419,6 +419,8 @@ module Auxiliary::AuthBrute
 	# datastore["VERBOSE"] is set to true.
 	#
 	# If :level would make the method nonsense, default to print_status.
+	#
+	# TODO: This needs to be simpler to be useful.
 	def print_brute(opts={})
 		if opts[:level] and opts[:level].to_s[/^v/]
 			return unless datastore["VERBOSE"]
--- a/modules/auxiliary/scanner/http/owa_login.rb
+++ b/modules/auxiliary/scanner/http/owa_login.rb
@ -60,19 +60,19 @@ class Metasploit3 < Msf::Auxiliary
 			inboxPath = '/owa/'         # Get request with cookie/sessionid
 			loginCheck = /Inbox|A mailbox couldn\'t be found/        # check result
 		else
-			print_error('Invalid Version, Select 2003, 2007, or 2010')
+			print_error('Invalid VERSION, select one of 2003, 2007, or 2010')
 			return
 		end

-		print_status("Testing OWA: version #{datastore['VERSION']} against #{vhost}:#{datastore['RPORT'].to_s}")
+		print_status("#{msg} Testing version #{datastore['VERSION']}")

 		begin
 			each_user_pass do |user, pass|
-				vprint_status("Trying #{user} : #{pass}")
+				vprint_status("#{msg} Trying #{user} : #{pass}")
 				try_user_pass(user, pass, authPath, inboxPath, loginCheck, vhost)
 			end
 		rescue ::Rex::ConnectionError, Errno::ECONNREFUSED
-			print_error('HTTP Connection Error, Aborting')
+			print_error("#{msg} HTTP Connection Error, Aborting")
 		end
 	end

@ -98,17 +98,17 @@ class Metasploit3 < Msf::Auxiliary
 			}, 20)

 		rescue ::Rex::ConnectionError, Errno::ECONNREFUSED, Errno::ETIMEDOUT
-			print_error('HTTP Connection Failed, Aborting')
+			print_error("#{msg} HTTP Connection Failed, Aborting")
 			return :abort
 		end

 		if not res
-			print_error('HTTP Connection Error, Aborting')
+			print_error("#{msg} HTTP Connection Error, Aborting")
 			return :abort
 		end

 		if not res.headers['set-cookie']
-			print_error('Received Invalid Repsonse due to a missing cookie (Possibly Due To Invalid Version), Aborting')
+			print_error("#{msg} Received invalid repsonse due to a missing cookie (possibly due to invalid version), aborting")
 			return :abort
 		end

@ -125,22 +125,22 @@ class Metasploit3 < Msf::Auxiliary
 				'headers'   => headers
 			}, 20)
 		rescue ::Rex::ConnectionError, Errno::ECONNREFUSED, Errno::ETIMEDOUT
-			print_error('HTTP Connection Failed, Aborting')
+			print_error("#{msg} HTTP Connection Failed, Aborting")
 			return :abort
 		end

 		if not res
-			print_error('HTTP Connection Error, Aborting')
+			print_error("#{msg} HTTP Connection Error, Aborting")
 			return :abort
 		end

 		if res.code == 302
-			vprint_error("FAILED LOGIN. #{user} : #{pass}")
+			vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}'")
 			return :skip_pass
 		end

 		if res.body =~ loginCheck
-			print_good("SUCCESSFUL LOGIN. '#{user}' : '#{pass}'")
+			print_good("#{msg} SUCCESSFUL LOGIN. '#{user}' : '#{pass}'")

 			report_hash = {
 				:host   => datastore['RHOST'],
@ -154,9 +154,13 @@ class Metasploit3 < Msf::Auxiliary
 			report_auth_info(report_hash)
 			return :next_user
 		else
-			vprint_error("FAILED LOGIN. #{user} : #{pass}")
+			vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}'")
 			return :skip_pass
 		end
 	end

+	def msg
+		"#{vhost}:#{rport} OWA -"
+	end
+
 end