Updates to better OWA fix

2014-11-04 14:31:56 -06:00 · 2014-11-04 14:31:56 -06:00 · 5fb268bbdf
parent 714fd0bec6
commit 5fb268bbdf
1 changed files with 7 additions and 6 deletions
--- a/modules/auxiliary/scanner/http/owa_login.rb
+++ b/modules/auxiliary/scanner/http/owa_login.rb
@ -221,7 +221,7 @@ class Metasploit3 < Msf::Auxiliary
      cookies = res.get_cookies
      cookie_header = 'PBack=0'
      %w(sessionid cadata).each do |necessary_cookie|
-        if cookies =~ /#{necessary_cookie}=([^;]+)/
+        if cookies =~ /#{necessary_cookie}=([^;]*)/
          cookie_header << "; #{Regexp.last_match(1)}"
        else
          print_error("#{msg} Missing #{necessary_cookie} cookie.  This is not OWA 2010, aborting")
@ -247,11 +247,6 @@ class Metasploit3 < Msf::Auxiliary
      return :abort
    end

-    if res.redirect?
-      vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}' (response was a #{res.code} redirect)")
-      return :skip_pass
-    end
-
    if res.body =~ login_check
      print_good("#{msg} SUCCESSFUL LOGIN. '#{user}' : '#{pass}'")

@ -266,6 +261,12 @@ class Metasploit3 < Msf::Auxiliary

      report_auth_info(report_hash)
      return :next_user
+
+    if res.redirect?
+      vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}' (response was a #{res.code} redirect)")
+      return :skip_pass
+    end
+
    else
      vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}' (response body did not match)")
      return :skip_pass