From 937f8f035a40dfa538b360e89cd210c1cefe5bc3 Mon Sep 17 00:00:00 2001
From: andurin <andurin@process-zero.de>
Date: Thu, 5 Apr 2012 11:09:56 +0200
Subject: [PATCH] tomcat_mgr_deploy may report successful creds

---
 .../exploits/multi/http/tomcat_mgr_deploy.rb  | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/modules/exploits/multi/http/tomcat_mgr_deploy.rb b/modules/exploits/multi/http/tomcat_mgr_deploy.rb
index 7a4c940493..9532024809 100644
--- a/modules/exploits/multi/http/tomcat_mgr_deploy.rb
+++ b/modules/exploits/multi/http/tomcat_mgr_deploy.rb
@@ -128,6 +128,16 @@ class Metasploit3 < Msf::Exploit::Remote
 			return CheckCode::Unknown
 		end
 
+		report_auth_info(
+			:host   => rhost,
+			:port   => rport,
+			:sname  => (ssl ? "https" : "http"),
+			:user   => user,
+			:pass   => pass,
+			:proof  => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
+			:active => true
+		)
+
 		print_status("Target is #{detect_platform(res.body)} #{detect_arch(res.body)}")
 		return CheckCode::Vulnerable
 	end
@@ -212,6 +222,16 @@ class Metasploit3 < Msf::Exploit::Remote
 			raise RuntimeError, "Upload failed on #{path_tmp} [#{res.code} #{res.message}]"
 		end
 
+                report_auth_info(
+                        :host   => rhost,
+                        :port   => rport,
+                        :sname  => (ssl ? "https" : "http"),
+                        :user   => user,
+                        :pass   => pass,
+                        :proof  => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
+                        :active => true
+                )
+
 		#
 		# EXECUTE
 		#