Fixing up OWA bruteforce module to conform with the usual print_status
messages.
This commit is contained in:
parent
a578db7f56
commit
44a47f9913
|
@ -419,6 +419,8 @@ module Auxiliary::AuthBrute
|
|||
# datastore["VERBOSE"] is set to true.
|
||||
#
|
||||
# If :level would make the method nonsense, default to print_status.
|
||||
#
|
||||
# TODO: This needs to be simpler to be useful.
|
||||
def print_brute(opts={})
|
||||
if opts[:level] and opts[:level].to_s[/^v/]
|
||||
return unless datastore["VERBOSE"]
|
||||
|
|
|
@ -60,19 +60,19 @@ class Metasploit3 < Msf::Auxiliary
|
|||
inboxPath = '/owa/' # Get request with cookie/sessionid
|
||||
loginCheck = /Inbox|A mailbox couldn\'t be found/ # check result
|
||||
else
|
||||
print_error('Invalid Version, Select 2003, 2007, or 2010')
|
||||
print_error('Invalid VERSION, select one of 2003, 2007, or 2010')
|
||||
return
|
||||
end
|
||||
|
||||
print_status("Testing OWA: version #{datastore['VERSION']} against #{vhost}:#{datastore['RPORT'].to_s}")
|
||||
print_status("#{msg} Testing version #{datastore['VERSION']}")
|
||||
|
||||
begin
|
||||
each_user_pass do |user, pass|
|
||||
vprint_status("Trying #{user} : #{pass}")
|
||||
vprint_status("#{msg} Trying #{user} : #{pass}")
|
||||
try_user_pass(user, pass, authPath, inboxPath, loginCheck, vhost)
|
||||
end
|
||||
rescue ::Rex::ConnectionError, Errno::ECONNREFUSED
|
||||
print_error('HTTP Connection Error, Aborting')
|
||||
print_error("#{msg} HTTP Connection Error, Aborting")
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -98,17 +98,17 @@ class Metasploit3 < Msf::Auxiliary
|
|||
}, 20)
|
||||
|
||||
rescue ::Rex::ConnectionError, Errno::ECONNREFUSED, Errno::ETIMEDOUT
|
||||
print_error('HTTP Connection Failed, Aborting')
|
||||
print_error("#{msg} HTTP Connection Failed, Aborting")
|
||||
return :abort
|
||||
end
|
||||
|
||||
if not res
|
||||
print_error('HTTP Connection Error, Aborting')
|
||||
print_error("#{msg} HTTP Connection Error, Aborting")
|
||||
return :abort
|
||||
end
|
||||
|
||||
if not res.headers['set-cookie']
|
||||
print_error('Received Invalid Repsonse due to a missing cookie (Possibly Due To Invalid Version), Aborting')
|
||||
print_error("#{msg} Received invalid repsonse due to a missing cookie (possibly due to invalid version), aborting")
|
||||
return :abort
|
||||
end
|
||||
|
||||
|
@ -125,22 +125,22 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'headers' => headers
|
||||
}, 20)
|
||||
rescue ::Rex::ConnectionError, Errno::ECONNREFUSED, Errno::ETIMEDOUT
|
||||
print_error('HTTP Connection Failed, Aborting')
|
||||
print_error("#{msg} HTTP Connection Failed, Aborting")
|
||||
return :abort
|
||||
end
|
||||
|
||||
if not res
|
||||
print_error('HTTP Connection Error, Aborting')
|
||||
print_error("#{msg} HTTP Connection Error, Aborting")
|
||||
return :abort
|
||||
end
|
||||
|
||||
if res.code == 302
|
||||
vprint_error("FAILED LOGIN. #{user} : #{pass}")
|
||||
vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}'")
|
||||
return :skip_pass
|
||||
end
|
||||
|
||||
if res.body =~ loginCheck
|
||||
print_good("SUCCESSFUL LOGIN. '#{user}' : '#{pass}'")
|
||||
print_good("#{msg} SUCCESSFUL LOGIN. '#{user}' : '#{pass}'")
|
||||
|
||||
report_hash = {
|
||||
:host => datastore['RHOST'],
|
||||
|
@ -154,9 +154,13 @@ class Metasploit3 < Msf::Auxiliary
|
|||
report_auth_info(report_hash)
|
||||
return :next_user
|
||||
else
|
||||
vprint_error("FAILED LOGIN. #{user} : #{pass}")
|
||||
vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}'")
|
||||
return :skip_pass
|
||||
end
|
||||
end
|
||||
|
||||
def msg
|
||||
"#{vhost}:#{rport} OWA -"
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue