Start with a random username to test 401 codes
SeeRM #7991 While this fixes the specific case of tomcat_mgr_login, it doesn't address the general case where modules are attempting to test code 401 responses in order to determine if bruteforcing should continue.unstable
parent
f0e3b0c124
commit
10d8bebe73
|
@ -75,7 +75,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
uri = normalize_uri(datastore['URI'])
|
||||
res = send_request_cgi({
|
||||
'uri' => uri,
|
||||
'method' => 'GET'
|
||||
'method' => 'GET',
|
||||
'username' => Rex::Text.rand_text_alpha(8)
|
||||
}, 25)
|
||||
http_fingerprint({ :response => res })
|
||||
rescue ::Rex::ConnectionError => e
|
||||
|
|
Loading…
Reference in New Issue