diff --git a/lib/metasploit/framework/login_scanner/axis2.rb b/lib/metasploit/framework/login_scanner/axis2.rb index 5fb73067ac..9821e53ab1 100644 --- a/lib/metasploit/framework/login_scanner/axis2.rb +++ b/lib/metasploit/framework/login_scanner/axis2.rb @@ -17,7 +17,7 @@ module Metasploit # (see Base#attempt_login) def attempt_login(credential) http_client = Rex::Proto::Http::Client.new( - host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies + host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password ) configure_http_client(http_client) diff --git a/lib/metasploit/framework/login_scanner/buffalo.rb b/lib/metasploit/framework/login_scanner/buffalo.rb index e690871da0..dffcc3e7f1 100644 --- a/lib/metasploit/framework/login_scanner/buffalo.rb +++ b/lib/metasploit/framework/login_scanner/buffalo.rb @@ -34,7 +34,7 @@ module Metasploit result_opts[:service_name] = 'http' end begin - cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version) + cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, http_username, http_password) configure_http_client(cli) cli.connect req = cli.request_cgi({ diff --git a/lib/metasploit/framework/login_scanner/chef_webui.rb b/lib/metasploit/framework/login_scanner/chef_webui.rb index 1f4cdf2d16..76ac2ad1e3 100644 --- a/lib/metasploit/framework/login_scanner/chef_webui.rb +++ b/lib/metasploit/framework/login_scanner/chef_webui.rb @@ -69,7 +69,7 @@ module Metasploit # @param (see Rex::Proto::Http::Resquest#request_raw) # @return [Rex::Proto::Http::Response] The HTTP response def send_request(opts) - cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => self}, ssl, ssl_version, proxies) + cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => self}, ssl, ssl_version, proxies, http_username, http_password) configure_http_client(cli) cli.connect req = cli.request_raw(opts) diff --git a/lib/metasploit/framework/login_scanner/gitlab.rb b/lib/metasploit/framework/login_scanner/gitlab.rb index a8213d9d2d..648151d13a 100644 --- a/lib/metasploit/framework/login_scanner/gitlab.rb +++ b/lib/metasploit/framework/login_scanner/gitlab.rb @@ -35,7 +35,9 @@ module Metasploit }, ssl, ssl_version, - proxies) + proxies, + http_username, + http_password) configure_http_client(cli) cli.connect diff --git a/lib/metasploit/framework/login_scanner/glassfish.rb b/lib/metasploit/framework/login_scanner/glassfish.rb index 3b48584f35..72ee429180 100644 --- a/lib/metasploit/framework/login_scanner/glassfish.rb +++ b/lib/metasploit/framework/login_scanner/glassfish.rb @@ -20,6 +20,13 @@ module Metasploit # @return [String] Cookie session attr_accessor :jsession + # @!attribute http_username + attr_accessor :http_username + # @return [String] HTTP username + + # @!attribute http_password + attr_accessor :http_password + # (see Base#check_setup) def check_setup begin @@ -61,7 +68,7 @@ module Metasploit # @param (see Rex::Proto::Http::Resquest#request_raw) # @return [Rex::Proto::Http::Response] The HTTP response def send_request(opts) - cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies) + cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password) configure_http_client(cli) cli.connect req = cli.request_raw(opts) diff --git a/lib/metasploit/framework/login_scanner/http.rb b/lib/metasploit/framework/login_scanner/http.rb index 77928c41bb..df40e14047 100644 --- a/lib/metasploit/framework/login_scanner/http.rb +++ b/lib/metasploit/framework/login_scanner/http.rb @@ -161,6 +161,14 @@ module Metasploit # @return [Boolean] Whether to conform to IIS digest authentication mode. attr_accessor :digest_auth_iis + # @!attribute http_username + # @return [String] + attr_accessor :http_username + + # @!attribute http_password + # @return [String] + attr_accessor :http_password + validates :uri, presence: true, length: { minimum: 1 } @@ -171,7 +179,7 @@ module Metasploit # (see Base#check_setup) def check_setup http_client = Rex::Proto::Http::Client.new( - host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies + host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password ) request = http_client.request_cgi( 'uri' => uri, @@ -213,8 +221,8 @@ module Metasploit cli_ssl = opts['ssl'] || ssl cli_ssl_version = opts['ssl_version'] || ssl_version cli_proxies = opts['proxies'] || proxies - username = opts['credential'] ? opts['credential'].public : '' - password = opts['credential'] ? opts['credential'].private : '' + username = opts['credential'] ? opts['credential'].public : http_username + password = opts['credential'] ? opts['credential'].private : http_password realm = opts['credential'] ? opts['credential'].realm : nil context = opts['context'] || { 'Msf' => framework, 'MsfExploit' => framework_module} diff --git a/lib/metasploit/framework/login_scanner/ipboard.rb b/lib/metasploit/framework/login_scanner/ipboard.rb index f322c9e629..5bbcd2ae49 100644 --- a/lib/metasploit/framework/login_scanner/ipboard.rb +++ b/lib/metasploit/framework/login_scanner/ipboard.rb @@ -7,10 +7,18 @@ module Metasploit # IP Board login scanner class IPBoard < HTTP + # @!attribute http_username + # @return [String] + attr_accessor :http_username + + # @!attribute http_password + # @return [String] + attr_accessor :http_password + # (see Base#attempt_login) def attempt_login(credential) http_client = Rex::Proto::Http::Client.new( - host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies + host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, self.http_username, self.http_password ) configure_http_client(http_client) diff --git a/lib/metasploit/framework/login_scanner/jenkins.rb b/lib/metasploit/framework/login_scanner/jenkins.rb index 3d5f338498..26884714e6 100644 --- a/lib/metasploit/framework/login_scanner/jenkins.rb +++ b/lib/metasploit/framework/login_scanner/jenkins.rb @@ -37,7 +37,7 @@ module Metasploit result_opts[:service_name] = 'http' end begin - cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies) + cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password) configure_http_client(cli) cli.connect req = cli.request_cgi({ diff --git a/lib/metasploit/framework/login_scanner/mybook_live.rb b/lib/metasploit/framework/login_scanner/mybook_live.rb index a69b304934..c7442e05da 100644 --- a/lib/metasploit/framework/login_scanner/mybook_live.rb +++ b/lib/metasploit/framework/login_scanner/mybook_live.rb @@ -35,7 +35,7 @@ module Metasploit begin cred = Rex::Text.uri_encode(credential.private) body = "data%5BLogin%5D%5Bowner_name%5D=admin&data%5BLogin%5D%5Bowner_passwd%5D=#{cred}" - cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version) + cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, http_username, http_password) configure_http_client(cli) cli.connect req = cli.request_cgi( diff --git a/lib/metasploit/framework/login_scanner/smh.rb b/lib/metasploit/framework/login_scanner/smh.rb index b8c4ca6c51..947a576bf6 100644 --- a/lib/metasploit/framework/login_scanner/smh.rb +++ b/lib/metasploit/framework/login_scanner/smh.rb @@ -33,7 +33,7 @@ module Metasploit res = nil begin - cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies) + cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password) configure_http_client(cli) cli.connect req = cli.request_cgi(req_opts) diff --git a/lib/metasploit/framework/login_scanner/wordpress_multicall.rb b/lib/metasploit/framework/login_scanner/wordpress_multicall.rb index eaeb9aedf8..68565b952b 100644 --- a/lib/metasploit/framework/login_scanner/wordpress_multicall.rb +++ b/lib/metasploit/framework/login_scanner/wordpress_multicall.rb @@ -92,7 +92,7 @@ module Metasploit 'ctype' =>'text/xml' } - client = Rex::Proto::Http::Client.new(rhost) + client = Rex::Proto::Http::Client.new(host, port, {}, ssl, ssl_version, proxies, http_username, http_password) client.connect req = client.request_cgi(opts) res = client.send_recv(req) diff --git a/lib/metasploit/framework/login_scanner/wordpress_rpc.rb b/lib/metasploit/framework/login_scanner/wordpress_rpc.rb index 51265384fc..48f820e679 100644 --- a/lib/metasploit/framework/login_scanner/wordpress_rpc.rb +++ b/lib/metasploit/framework/login_scanner/wordpress_rpc.rb @@ -10,7 +10,7 @@ module Metasploit # (see Base#attempt_login) def attempt_login(credential) http_client = Rex::Proto::Http::Client.new( - host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies + host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password ) configure_http_client(http_client) @@ -32,7 +32,7 @@ module Metasploit request = http_client.request_cgi( 'uri' => uri, 'method' => method, - 'data' => generate_xml_request(credential.public,credential.private), + 'data' => generate_xml_request(credential.public,credential.private) ) response = http_client.send_recv(request) diff --git a/lib/metasploit/framework/login_scanner/zabbix.rb b/lib/metasploit/framework/login_scanner/zabbix.rb index 17bdb3ff91..97c53f1949 100644 --- a/lib/metasploit/framework/login_scanner/zabbix.rb +++ b/lib/metasploit/framework/login_scanner/zabbix.rb @@ -66,7 +66,7 @@ module Metasploit # @param (see Rex::Proto::Http::Resquest#request_raw) # @return [Rex::Proto::Http::Response] The HTTP response def send_request(opts) - cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => self}, ssl, ssl_version, proxies) + cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => self}, ssl, ssl_version, proxies, http_username, http_password) configure_http_client(cli) cli.connect req = cli.request_raw(opts) diff --git a/lib/msf/core/auxiliary/crawler.rb b/lib/msf/core/auxiliary/crawler.rb index 4fd18ca9c3..b45cf52028 100644 --- a/lib/msf/core/auxiliary/crawler.rb +++ b/lib/msf/core/auxiliary/crawler.rb @@ -23,8 +23,8 @@ module Auxiliary::HttpCrawler OptInt.new('MAX_PAGES', [ true, 'The maximum number of pages to crawl per URL', 500]), OptInt.new('MAX_MINUTES', [ true, 'The maximum number of minutes to spend on each URL', 5]), OptInt.new('MAX_THREADS', [ true, 'The maximum number of concurrent requests', 4]), - OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication']), - OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication']), + OptString.new('HttpUsername', [false, 'The HTTP username to specify for authentication']), + OptString.new('HttpPassword', [false, 'The HTTP password to specify for authentication']), OptString.new('DOMAIN', [ true, 'The domain to use for windows authentication', 'WORKSTATION']), OptBool.new('SSL', [ false, 'Negotiate SSL/TLS for outgoing connections', false]) @@ -123,9 +123,9 @@ module Auxiliary::HttpCrawler :info => "" }) - if datastore['USERNAME'] and datastore['USERNAME'] != '' - t[:username] = datastore['USERNAME'].to_s - t[:password] = datastore['PASSWORD'].to_s + if datastore['HttpUsername'] and datastore['HttpUsername'] != '' + t[:username] = datastore['HttpUsername'].to_s + t[:password] = datastore['HttpPassword'].to_s t[:domain] = datastore['DOMAIN'].to_s end diff --git a/lib/msf/core/exploit/http/client.rb b/lib/msf/core/exploit/http/client.rb index a8dd7a38be..47d481c702 100644 --- a/lib/msf/core/exploit/http/client.rb +++ b/lib/msf/core/exploit/http/client.rb @@ -48,8 +48,8 @@ module Exploit::Remote::HttpClient OptString.new('UserAgent', [false, 'The User-Agent header to use for all requests', Rex::Proto::Http::Client::DefaultUserAgent ]), - OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', '']), - OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', '']), + OptString.new('HttpUsername', [false, 'The HTTP username to specify for authentication', '']), + OptString.new('HttpPassword', [false, 'The HTTP password to specify for authentication', '']), OptBool.new('DigestAuthIIS', [false, 'Conform to IIS, should work for most servers. Only set to false for non-IIS servers', true]), Opt::SSLVersion, OptBool.new('FingerprintCheck', [ false, 'Conduct a pre-exploit fingerprint verification', true]), @@ -150,8 +150,8 @@ module Exploit::Remote::HttpClient dossl = ssl end - client_username = opts['username'] || datastore['USERNAME'] || '' - client_password = opts['password'] || datastore['PASSWORD'] || '' + client_username = opts['username'] || datastore['HttpUsername'] || '' + client_password = opts['password'] || datastore['HttpPassword'] || '' nclient = Rex::Proto::Http::Client.new( opts['rhost'] || rhost, diff --git a/modules/auxiliary/admin/appletv/appletv_display_image.rb b/modules/auxiliary/admin/appletv/appletv_display_image.rb index 7d2a259628..4531180572 100644 --- a/modules/auxiliary/admin/appletv/appletv_display_image.rb +++ b/modules/auxiliary/admin/appletv/appletv_display_image.rb @@ -27,7 +27,7 @@ class MetasploitModule < Msf::Auxiliary [ ['URL', 'http://nto.github.io/AirPlay.html'] ], - 'DefaultOptions' => { 'USERNAME' => 'AirPlay' }, + 'DefaultOptions' => { 'HttpUsername' => 'AirPlay' }, 'License' => MSF_LICENSE )) @@ -36,7 +36,7 @@ class MetasploitModule < Msf::Auxiliary Opt::RPORT(7000), OptInt.new('TIME', [true, 'Time in seconds to show the image', 10]), OptPath.new('FILE', [true, 'Image to upload and show']), - OptString.new('PASSWORD', [false, 'The password for AppleTV AirPlay']) + OptString.new('HttpPassword', [false, 'The password for AppleTV AirPlay']) ], self.class) # We're not actually using any of these against AppleTV in our Rex HTTP client init, @@ -72,8 +72,8 @@ class MetasploitModule < Msf::Auxiliary ssl, ssl_version, proxies, - datastore['USERNAME'], - datastore['PASSWORD'] + datastore['HttpUsername'], + datastore['HttpPassword'] ) add_socket(http) diff --git a/modules/auxiliary/admin/appletv/appletv_display_video.rb b/modules/auxiliary/admin/appletv/appletv_display_video.rb index c6a2d3d7f8..5841c55961 100644 --- a/modules/auxiliary/admin/appletv/appletv_display_video.rb +++ b/modules/auxiliary/admin/appletv/appletv_display_video.rb @@ -33,7 +33,7 @@ class MetasploitModule < Msf::Auxiliary [ ['URL', 'http://nto.github.io/AirPlay.html'] ], - 'DefaultOptions' => { 'USERNAME' => 'AirPlay' }, + 'DefaultOptions' => { 'HttpUsername' => 'AirPlay' }, 'License' => MSF_LICENSE )) @@ -41,7 +41,7 @@ class MetasploitModule < Msf::Auxiliary Opt::RPORT(7000), OptInt.new('TIME', [true, 'Time in seconds to show the video', 60]), OptString.new('URL', [true, 'URL of video to show. Must use an IP address']), - OptString.new('PASSWORD', [false, 'The password for AppleTV AirPlay']) + OptString.new('HttpPassword', [false, 'The password for AppleTV AirPlay']) ], self.class) # We're not actually using any of these against AppleTV in our Rex HTTP client init, @@ -77,8 +77,8 @@ class MetasploitModule < Msf::Auxiliary ssl, ssl_version, proxies, - datastore['USERNAME'], - datastore['PASSWORD'] + datastore['HttpUsername'], + datastore['HttpPassword'] ) add_socket(http) diff --git a/modules/auxiliary/admin/http/linksys_e1500_e2500_exec.rb b/modules/auxiliary/admin/http/linksys_e1500_e2500_exec.rb index e462ad3985..eabe39c493 100644 --- a/modules/auxiliary/admin/http/linksys_e1500_e2500_exec.rb +++ b/modules/auxiliary/admin/http/linksys_e1500_e2500_exec.rb @@ -32,16 +32,16 @@ class MetasploitModule < Msf::Auxiliary register_options( [ - OptString.new('USERNAME',[ true, 'User to login with', 'admin']), - OptString.new('PASSWORD',[ true, 'Password to login with', 'password']), + OptString.new('HttpUsername',[ true, 'User to login with', 'admin']), + OptString.new('HttpPassword',[ true, 'Password to login with', 'password']), OptString.new('CMD', [ true, 'The command to execute', 'telnetd -p 1337']) ], self.class) end def run uri = '/apply.cgi' - user = datastore['USERNAME'] - pass = datastore['PASSWORD'] + user = datastore['HttpUsername'] + pass = datastore['HttpPassword'] print_status("#{rhost}:#{rport} - Trying to login with #{user} / #{pass}") diff --git a/modules/auxiliary/admin/http/linksys_wrt54gl_exec.rb b/modules/auxiliary/admin/http/linksys_wrt54gl_exec.rb index 1ab5cca3ca..befc6193cb 100644 --- a/modules/auxiliary/admin/http/linksys_wrt54gl_exec.rb +++ b/modules/auxiliary/admin/http/linksys_wrt54gl_exec.rb @@ -42,8 +42,8 @@ class MetasploitModule < Msf::Auxiliary [ Opt::RPORT(80), OptString.new('TARGETURI',[ true, 'PATH to OS Command Injection', '/apply.cgi']), - OptString.new('USERNAME',[ true, 'User to login with', 'admin']), - OptString.new('PASSWORD',[ false, 'Password to login with', 'password']), + OptString.new('HttpUsername',[ true, 'User to login with', 'admin']), + OptString.new('HttpPassword',[ false, 'Password to login with', 'password']), OptString.new('CMD', [ true, 'The command to execute', 'ping 127.0.0.1']), OptString.new('NETMASK', [ false, 'LAN Netmask of the router', '255.255.255.0']), OptAddress.new('LANIP', [ false, 'LAN IP address of the router (default is RHOST)']), @@ -66,7 +66,7 @@ class MetasploitModule < Msf::Auxiliary def run #setting up some basic variables uri = datastore['TARGETURI'] - user = datastore['USERNAME'] + user = datastore['HttpUsername'] rhost = datastore['RHOST'] netmask = datastore['NETMASK'] routername = datastore['ROUTER_NAME'] @@ -75,10 +75,10 @@ class MetasploitModule < Msf::Auxiliary ip = lan_ip.split('.') - if datastore['PASSWORD'].nil? + if datastore['HttpPassword'].nil? pass = "" else - pass = datastore['PASSWORD'] + pass = datastore['HttpPassword'] end print_status("Trying to login with #{user} / #{pass}") diff --git a/modules/auxiliary/admin/http/openbravo_xxe.rb b/modules/auxiliary/admin/http/openbravo_xxe.rb index b07c68631f..f8d6be81be 100644 --- a/modules/auxiliary/admin/http/openbravo_xxe.rb +++ b/modules/auxiliary/admin/http/openbravo_xxe.rb @@ -41,8 +41,8 @@ class MetasploitModule < Msf::Auxiliary register_options( [ OptString.new('TARGETURI', [ true, "Base Openbravo directory path", '/openbravo/']), - OptString.new('USERNAME', [true, "The Openbravo user", "Openbravo"]), - OptString.new('PASSWORD', [true, "The Openbravo password", "openbravo"]), + OptString.new('HttpUsername', [true, "The Openbravo user", "Openbravo"]), + OptString.new('HttpPassword', [true, "The Openbravo password", "openbravo"]), OptString.new('FILEPATH', [true, "The filepath to read on the server", "/etc/passwd"]), OptString.new('ENDPOINT', [true, "The XML API REST endpoint to use", "ADUser"]) ], self.class) @@ -53,7 +53,7 @@ class MetasploitModule < Msf::Auxiliary users = send_request_raw({ 'method' => 'GET', 'uri' => normalize_uri(datastore['TARGETURI'], "/ws/dal/#{datastore["ENDPOINT"]}"), - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']) + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']) }, 60) if !users or users.code != 200 @@ -86,7 +86,7 @@ class MetasploitModule < Msf::Auxiliary 'method' => 'PUT', 'uri' => normalize_uri(target_uri.path, "/ws/dal/#{datastore["ENDPOINT"]}/#{id}"), 'data' => xml, - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']) + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']) }) if !resp or resp.code != 200 or resp.body =~ /Not updating entity/ @@ -94,12 +94,12 @@ class MetasploitModule < Msf::Auxiliary next end - print_status("Found writeable #{datastore["ENDPOINT"]}: #{other_id}") + print_status("Found writable #{datastore["ENDPOINT"]}: #{other_id}") u = send_request_raw({ 'method' => 'GET', 'uri' => normalize_uri(datastore['TARGETURI'], "/ws/dal/#{datastore["ENDPOINT"]}/#{id}"), - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']) + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']) }) u = REXML::Document.new u.body @@ -116,7 +116,7 @@ class MetasploitModule < Msf::Auxiliary 'method' => 'PUT', 'uri' => normalize_uri(target_uri.path, "/ws/dal/#{datastore["ENDPOINT"]}/#{id}"), 'data' => xml, - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']) + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']) }) print_good("File saved to: #{path}") diff --git a/modules/auxiliary/admin/sap/sap_mgmt_con_osexec.rb b/modules/auxiliary/admin/sap/sap_mgmt_con_osexec.rb index 23d106176d..4f059f70e9 100644 --- a/modules/auxiliary/admin/sap/sap_mgmt_con_osexec.rb +++ b/modules/auxiliary/admin/sap/sap_mgmt_con_osexec.rb @@ -32,8 +32,8 @@ class MetasploitModule < Msf::Auxiliary [ Opt::RPORT(50013), OptString.new('URI', [false, 'Path to the SAP Management Console ', '/']), - OptString.new('USERNAME', [true, 'Username to use', '']), - OptString.new('PASSWORD', [true, 'Password to use', '']), + OptString.new('HttpUsername', [true, 'Username to use', '']), + OptString.new('HttpPassword', [true, 'Password to use', '']), OptString.new('CMD', [true, 'Command to run', 'set']), ], self.class) register_autofilter_ports([ 50013 ]) @@ -126,7 +126,7 @@ class MetasploitModule < Msf::Auxiliary data << '' + "\r\n" data << '' + "\r\n\r\n" - user_pass = Rex::Text.encode_base64(datastore['USERNAME'] + ":" + datastore['PASSWORD']) + user_pass = Rex::Text.encode_base64(datastore['HttpUsername'] + ":" + datastore['HttpPassword']) begin res = send_request_raw({ diff --git a/modules/auxiliary/dos/sap/sap_soap_rfc_eps_delete_file.rb b/modules/auxiliary/dos/sap/sap_soap_rfc_eps_delete_file.rb index 9eeeadf3ed..d7572016e0 100644 --- a/modules/auxiliary/dos/sap/sap_soap_rfc_eps_delete_file.rb +++ b/modules/auxiliary/dos/sap/sap_soap_rfc_eps_delete_file.rb @@ -51,8 +51,8 @@ class MetasploitModule < Msf::Auxiliary register_options([ Opt::RPORT(8000), OptString.new('CLIENT', [true, 'SAP Client', '001']), - OptString.new('USERNAME', [true, 'Username', 'SAP*']), - OptString.new('PASSWORD', [true, 'Password', '06071992']), + OptString.new('HttpUsername', [true, 'Username', 'SAP*']), + OptString.new('HttpPassword', [true, 'Password', '06071992']), OptString.new('DIRNAME', [true, 'Directory Path which contains the file to delete', '/tmp']), OptString.new('FILENAME', [true, 'Filename to delete', 'msf.txt']) ], self.class) @@ -80,7 +80,7 @@ class MetasploitModule < Msf::Auxiliary 'uri' => '/sap/bc/soap/rfc', 'method' => 'POST', 'data' => data, - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'], 'ctype' => 'text/xml; charset=UTF-8', 'headers' => { diff --git a/modules/auxiliary/gather/snare_registry.rb b/modules/auxiliary/gather/snare_registry.rb index c2f8c765ae..9272f05bd5 100644 --- a/modules/auxiliary/gather/snare_registry.rb +++ b/modules/auxiliary/gather/snare_registry.rb @@ -35,8 +35,8 @@ class MetasploitModule < Msf::Auxiliary register_options( [ Opt::RPORT(6161), - OptString.new('USERNAME', [ false, 'The username for Snare remote access', 'snare' ]), - OptString.new('PASSWORD', [ false, 'The password for Snare remote access', '' ]), + OptString.new('HttpUsername', [ false, 'The username for Snare remote access', 'snare' ]), + OptString.new('HttpPassword', [ false, 'The password for Snare remote access', '' ]), OptString.new('REG_DUMP_KEY', [ false, 'Retrieve this registry key and all sub-keys', 'HKLM\\HARDWARE\\DESCRIPTION\\System' ]), OptBool.new('REG_DUMP_ALL', [false, 'Retrieve the entire Windows registry', false]), OptInt.new('TIMEOUT', [true, 'Timeout in seconds for downloading each registry key/hive', 300]) @@ -68,7 +68,7 @@ class MetasploitModule < Msf::Auxiliary end res = send_request_cgi({ 'uri' => normalize_uri('RegDump'), - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'vars_get' => vars_get }, datastore['TIMEOUT']) if !res @@ -102,7 +102,7 @@ class MetasploitModule < Msf::Auxiliary print_status("#{peer} - Retrieving list of registry hives ...") res = send_request_cgi( 'uri' => normalize_uri('RegDump'), - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']) + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']) ) if !res fail_with(Failure::Unreachable, "#{peer} - Connection failed") diff --git a/modules/auxiliary/gather/xbmc_traversal.rb b/modules/auxiliary/gather/xbmc_traversal.rb index a71c72732d..b10ecd8589 100644 --- a/modules/auxiliary/gather/xbmc_traversal.rb +++ b/modules/auxiliary/gather/xbmc_traversal.rb @@ -38,8 +38,8 @@ class MetasploitModule < Msf::Auxiliary Opt::RPORT(8080), OptString.new('FILEPATH', [false, 'The name of the file to download', '/private/var/mobile/Library/Preferences/XBMC/userdata/passwords.xml']), OptInt.new('DEPTH', [true, 'The max traversal depth', 9]), - OptString.new('USERNAME', [true, 'The username to use for the HTTP server', 'xbmc']), - OptString.new('PASSWORD', [false, 'The password to use for the HTTP server', 'xbmc']), + OptString.new('HttpUsername', [true, 'The username to use for the HTTP server', 'xbmc']), + OptString.new('HttpPassword', [false, 'The password to use for the HTTP server', 'xbmc']), ], self.class) end @@ -56,7 +56,7 @@ class MetasploitModule < Msf::Auxiliary res = send_request_raw({ 'method' => 'GET', 'uri' => "/#{traversal}/#{datastore['FILEPATH']}", - 'authorization' => basic_auth(datastore['USERNAME'],datastore['PASSWORD']) + 'authorization' => basic_auth(datastore['HttpUsername'],datastore['HttpPassword']) }, 25) rescue Rex::ConnectionRefused print_error("#{rhost}:#{rport} Could not connect.") diff --git a/modules/auxiliary/scanner/couchdb/couchdb_enum.rb b/modules/auxiliary/scanner/couchdb/couchdb_enum.rb index 8a00c5aa99..a554debb74 100644 --- a/modules/auxiliary/scanner/couchdb/couchdb_enum.rb +++ b/modules/auxiliary/scanner/couchdb/couchdb_enum.rb @@ -29,14 +29,14 @@ class MetasploitModule < Msf::Auxiliary [ Opt::RPORT(5984), OptString.new('TARGETURI', [true, 'Path to list all the databases', '/_all_dbs']), - OptString.new('USERNAME', [false, 'The username to login as']), - OptString.new('PASSWORD', [false, 'The password to login with']) + OptString.new('HttpUsername', [false, 'The username to login as']), + OptString.new('HttpPassword', [false, 'The password to login with']) ], self.class) end def run - username = datastore['USERNAME'] - password = datastore['PASSWORD'] + username = datastore['HttpUsername'] + password = datastore['HttpPassword'] begin res = send_request_cgi( diff --git a/modules/auxiliary/scanner/couchdb/couchdb_login.rb b/modules/auxiliary/scanner/couchdb/couchdb_login.rb index 9cad284af0..883ec782e8 100644 --- a/modules/auxiliary/scanner/couchdb/couchdb_login.rb +++ b/modules/auxiliary/scanner/couchdb/couchdb_login.rb @@ -38,12 +38,14 @@ class MetasploitModule < Msf::Auxiliary File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt") ]), OptBool.new('USER_AS_PASS', [ false, "Try the username as the password for all users", false]), ], self.class) + + deregister_options('HttpUsername', 'HttpPassword') end def run_host(ip) - user = datastore['USERNAME'].to_s - pass = datastore['PASSWORD'].to_s + user = datastore['HttpUsername'].to_s + pass = datastore['HttpPassword'].to_s if user.nil? || user.strip == '' each_user_pass do |user, pass| diff --git a/modules/auxiliary/scanner/http/appletv_login.rb b/modules/auxiliary/scanner/http/appletv_login.rb index 16265f428e..6e48839b68 100644 --- a/modules/auxiliary/scanner/http/appletv_login.rb +++ b/modules/auxiliary/scanner/http/appletv_login.rb @@ -55,7 +55,7 @@ class MetasploitModule < Msf::Auxiliary deregister_options( 'USERNAME', 'USER_AS_PASS', 'DB_ALL_CREDS', 'DB_ALL_USERS', 'NTLM::SendLM', 'NTLM::SendNTLM', 'NTLM::SendSPN', 'NTLM::UseLMKey', 'NTLM::UseNTLM2_session', 'NTLM::UseNTLMv2', - 'REMOVE_USERPASS_FILE', 'REMOVE_USER_FILE', 'DOMAIN' + 'REMOVE_USERPASS_FILE', 'REMOVE_USER_FILE', 'DOMAIN', 'HttpUsername' ) end diff --git a/modules/auxiliary/scanner/http/axis_login.rb b/modules/auxiliary/scanner/http/axis_login.rb index cd70c330f3..5aa55046cc 100644 --- a/modules/auxiliary/scanner/http/axis_login.rb +++ b/modules/auxiliary/scanner/http/axis_login.rb @@ -83,7 +83,9 @@ class MetasploitModule < Msf::Auxiliary cred_details: cred_collection, stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], - connection_timeout: 5 + connection_timeout: 5, + http_username: datastore['HttpUsername'], + http_password: datastore['HttpPassword'] ) ) diff --git a/modules/auxiliary/scanner/http/buffalo_login.rb b/modules/auxiliary/scanner/http/buffalo_login.rb index 8b9aaed703..56e2e020a6 100644 --- a/modules/auxiliary/scanner/http/buffalo_login.rb +++ b/modules/auxiliary/scanner/http/buffalo_login.rb @@ -28,8 +28,6 @@ class MetasploitModule < Msf::Auxiliary [ Opt::RPORT(80) ], self.class) - - deregister_options('RHOST') end def run_host(ip) @@ -48,7 +46,9 @@ class MetasploitModule < Msf::Auxiliary cred_details: cred_collection, stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], - connection_timeout: 10 + connection_timeout: 10, + http_username: datastore['HttpUsername'], + http_password: datastore['HttpPassword'] ) ) diff --git a/modules/auxiliary/scanner/http/caidao_bruteforce_login.rb b/modules/auxiliary/scanner/http/caidao_bruteforce_login.rb index 679be904dc..35ceaffd4b 100644 --- a/modules/auxiliary/scanner/http/caidao_bruteforce_login.rb +++ b/modules/auxiliary/scanner/http/caidao_bruteforce_login.rb @@ -39,7 +39,7 @@ class MetasploitModule < Msf::Auxiliary ], self.class) # caidao does not have an username, there's only password - deregister_options('USERNAME', 'USER_AS_PASS', 'USERPASS_FILE', 'USER_FILE', 'DB_ALL_USERS') + deregister_options('HttpUsername', 'HttpPassword', 'USERNAME', 'USER_AS_PASS', 'USERPASS_FILE', 'USER_FILE', 'DB_ALL_USERS') end def scanner(ip) @@ -61,7 +61,9 @@ class MetasploitModule < Msf::Auxiliary cred_details: cred_collection, stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], - connection_timeout: 5 + connection_timeout: 5, + http_username: datastore['HttpUsername'], + http_password: datastore['HttpPassword'] )) }.call end diff --git a/modules/auxiliary/scanner/http/chef_webui_login.rb b/modules/auxiliary/scanner/http/chef_webui_login.rb index f048863072..57ab4e9aea 100644 --- a/modules/auxiliary/scanner/http/chef_webui_login.rb +++ b/modules/auxiliary/scanner/http/chef_webui_login.rb @@ -36,6 +36,8 @@ class MetasploitModule < Msf::Auxiliary register_options( [ Opt::RPORT(443), + OptString.new('USERNAME', [false, 'The username to specify for authentication', '']), + OptString.new('PASSWORD', [false, 'The password to specify for authentication', '']), OptString.new('TARGETURI', [ true, 'The path to the Chef Web UI application', '/']), ], self.class) end @@ -149,7 +151,9 @@ class MetasploitModule < Msf::Auxiliary cred_details: @cred_collection, stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], - connection_timeout: 5 + connection_timeout: 5, + http_username: datastore['HttpUsername'], + http_password: datastore['HttpPassword'] ) ) end diff --git a/modules/auxiliary/scanner/http/dlink_dir_615h_http_login.rb b/modules/auxiliary/scanner/http/dlink_dir_615h_http_login.rb index d5db9ee957..b7076d1cd0 100644 --- a/modules/auxiliary/scanner/http/dlink_dir_615h_http_login.rb +++ b/modules/auxiliary/scanner/http/dlink_dir_615h_http_login.rb @@ -39,6 +39,8 @@ class MetasploitModule < Msf::Auxiliary OptPath.new('PASS_FILE', [ false, "File containing passwords, one per line", File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt") ]), ], self.class) + + deregister_options('HttpUsername', 'HttpPassword') end def target_url diff --git a/modules/auxiliary/scanner/http/dlink_dir_session_cgi_http_login.rb b/modules/auxiliary/scanner/http/dlink_dir_session_cgi_http_login.rb index 5651a583a7..7bcd2d4518 100644 --- a/modules/auxiliary/scanner/http/dlink_dir_session_cgi_http_login.rb +++ b/modules/auxiliary/scanner/http/dlink_dir_session_cgi_http_login.rb @@ -42,6 +42,8 @@ class MetasploitModule < Msf::Auxiliary OptPath.new('PASS_FILE', [ false, "File containing passwords, one per line", File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt") ]), ], self.class) + + deregister_options('HttpUsername', 'HttpPassword') end def target_url diff --git a/modules/auxiliary/scanner/http/etherpad_duo_login.rb b/modules/auxiliary/scanner/http/etherpad_duo_login.rb index 887ddc0ec2..a4daa7af24 100644 --- a/modules/auxiliary/scanner/http/etherpad_duo_login.rb +++ b/modules/auxiliary/scanner/http/etherpad_duo_login.rb @@ -25,6 +25,7 @@ class MetasploitModule < Msf::Auxiliary 'License' => MSF_LICENSE )) + deregister_options('HttpUsername', 'HttpPassword') end def run_host(ip) diff --git a/modules/auxiliary/scanner/http/gitlab_login.rb b/modules/auxiliary/scanner/http/gitlab_login.rb index 7a5283878b..1c9e01bf03 100644 --- a/modules/auxiliary/scanner/http/gitlab_login.rb +++ b/modules/auxiliary/scanner/http/gitlab_login.rb @@ -28,8 +28,8 @@ class MetasploitModule < Msf::Auxiliary register_options( [ Opt::RPORT(80), - OptString.new('USERNAME', [ true, 'The username to test', 'root' ]), - OptString.new('PASSWORD', [ true, 'The password to test', '5iveL!fe' ]), + OptString.new('HttpUsername', [ true, 'The username to test', 'root' ]), + OptString.new('HttpPassword', [ true, 'The password to test', '5iveL!fe' ]), OptString.new('TARGETURI', [true, 'The path to GitLab', '/']) ], self.class) @@ -58,10 +58,10 @@ class MetasploitModule < Msf::Auxiliary cred_collection = Metasploit::Framework::CredentialCollection.new( blank_passwords: datastore['BLANK_PASSWORDS'], pass_file: datastore['PASS_FILE'], - password: datastore['PASSWORD'], + password: datastore['HttpPassword'], user_file: datastore['USER_FILE'], userpass_file: datastore['USERPASS_FILE'], - username: datastore['USERNAME'], + username: datastore['HttpUsername'], user_as_pass: datastore['USER_AS_PASS'] ) diff --git a/modules/auxiliary/scanner/http/glassfish_login.rb b/modules/auxiliary/scanner/http/glassfish_login.rb index 44f0e8cd5d..916d510f21 100644 --- a/modules/auxiliary/scanner/http/glassfish_login.rb +++ b/modules/auxiliary/scanner/http/glassfish_login.rb @@ -92,7 +92,9 @@ class MetasploitModule < Msf::Auxiliary cred_details: @cred_collection, stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], - connection_timeout: 5 + connection_timeout: 5, + http_username: datastore['HttpUsername'], + http_password: datastore['HttpPassword'] ) ) end diff --git a/modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb b/modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb index d681ead5f8..05b63143b0 100644 --- a/modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb +++ b/modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb @@ -74,10 +74,10 @@ class MetasploitModule < Msf::Auxiliary @cred_collection = Metasploit::Framework::CredentialCollection.new( blank_passwords: datastore['BLANK_PASSWORDS'], pass_file: datastore['PASS_FILE'], - password: datastore['PASSWORD'], + password: datastore['HttpPassword'], user_file: datastore['USER_FILE'], userpass_file: datastore['USERPASS_FILE'], - username: datastore['USERNAME'], + username: datastore['HttpUsername'], user_as_pass: datastore['USER_AS_PASS'] ) @@ -87,7 +87,9 @@ class MetasploitModule < Msf::Auxiliary cred_details: @cred_collection, stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], - connection_timeout: 5 + connection_timeout: 5, + http_username: datastore['HttpUsername'], + http_password: datastore['HttpPassword'] ) ) end diff --git a/modules/auxiliary/scanner/http/http_login.rb b/modules/auxiliary/scanner/http/http_login.rb index dcecc60836..4df7c0804e 100644 --- a/modules/auxiliary/scanner/http/http_login.rb +++ b/modules/auxiliary/scanner/http/http_login.rb @@ -48,6 +48,8 @@ class MetasploitModule < Msf::Auxiliary OptString.new('REQUESTTYPE', [ false, "Use HTTP-GET or HTTP-PUT for Digest-Auth, PROPFIND for WebDAV (default:GET)", "GET" ]) ], self.class) register_autofilter_ports([ 80, 443, 8080, 8081, 8000, 8008, 8443, 8444, 8880, 8888 ]) + + deregister_options('USERNAME', 'PASSWORD') end def to_uri(uri) @@ -146,10 +148,10 @@ class MetasploitModule < Msf::Auxiliary cred_collection = Metasploit::Framework::CredentialCollection.new( blank_passwords: datastore['BLANK_PASSWORDS'], pass_file: datastore['PASS_FILE'], - password: datastore['PASSWORD'], + password: datastore['HttpPassword'], user_file: datastore['USER_FILE'], userpass_file: datastore['USERPASS_FILE'], - username: datastore['USERNAME'], + username: datastore['HttpUsername'], user_as_pass: datastore['USER_AS_PASS'], ) diff --git a/modules/auxiliary/scanner/http/http_traversal.rb b/modules/auxiliary/scanner/http/http_traversal.rb index 131f326dc9..6f3f92fc8e 100644 --- a/modules/auxiliary/scanner/http/http_traversal.rb +++ b/modules/auxiliary/scanner/http/http_traversal.rb @@ -166,7 +166,7 @@ class MetasploitModule < Msf::Auxiliary req['uri'] = this_path req['headers'] = {'Cookie'=>datastore['COOKIE']} if not datastore['COOKIE'].empty? req['data'] = data if not data.empty? - req['authorization'] = basic_auth(datastore['USERNAME'], datastore['PASSWORD']) + req['authorization'] = basic_auth(datastore['HttpUsername'], datastore['HttpPassword']) return req end diff --git a/modules/auxiliary/scanner/http/ipboard_login.rb b/modules/auxiliary/scanner/http/ipboard_login.rb index 6fe82fc2bc..4cfb5059ef 100644 --- a/modules/auxiliary/scanner/http/ipboard_login.rb +++ b/modules/auxiliary/scanner/http/ipboard_login.rb @@ -43,7 +43,9 @@ class MetasploitModule < Msf::Auxiliary cred_details: cred_collection, stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], - connection_timeout: 5 + connection_timeout: 5, + http_username: datastore['HttpUsername'], + http_password: datastore['HttpPassword'] ) ) diff --git a/modules/auxiliary/scanner/http/jenkins_login.rb b/modules/auxiliary/scanner/http/jenkins_login.rb index 08e6c34881..fc40eff6c1 100644 --- a/modules/auxiliary/scanner/http/jenkins_login.rb +++ b/modules/auxiliary/scanner/http/jenkins_login.rb @@ -51,7 +51,9 @@ class MetasploitModule < Msf::Auxiliary cred_details: cred_collection, stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], - connection_timeout: 10 + connection_timeout: 10, + http_username: datastore['HttpUsername'], + http_password: datastore['HttpPassword'] ) ) diff --git a/modules/auxiliary/scanner/http/linksys_e1500_traversal.rb b/modules/auxiliary/scanner/http/linksys_e1500_traversal.rb index 1cab8ba1ef..e42c055521 100644 --- a/modules/auxiliary/scanner/http/linksys_e1500_traversal.rb +++ b/modules/auxiliary/scanner/http/linksys_e1500_traversal.rb @@ -33,8 +33,8 @@ class MetasploitModule < Msf::Auxiliary [ OptPath.new('SENSITIVE_FILES', [ true, "File containing senstive files, one per line", File.join(Msf::Config.data_directory, "wordlists", "sensitive_files.txt") ]), - OptString.new('USERNAME',[ true, 'User to login with', 'admin']), - OptString.new('PASSWORD',[ true, 'Password to login with', 'password']), + OptString.new('HttpUsername',[ true, 'User to login with', 'admin']), + OptString.new('HttpPassword',[ true, 'Password to login with', 'password']), ], self.class) end @@ -91,8 +91,8 @@ class MetasploitModule < Msf::Auxiliary end def run_host(ip) - user = datastore['USERNAME'] - pass = datastore['PASSWORD'] + user = datastore['HttpUsername'] + pass = datastore['HttpPassword'] vprint_status("#{rhost}:#{rport} - Trying to login with #{user} / #{pass}") diff --git a/modules/auxiliary/scanner/http/manageengine_desktop_central_login.rb b/modules/auxiliary/scanner/http/manageengine_desktop_central_login.rb index 8623f79753..e78845afbc 100644 --- a/modules/auxiliary/scanner/http/manageengine_desktop_central_login.rb +++ b/modules/auxiliary/scanner/http/manageengine_desktop_central_login.rb @@ -46,7 +46,9 @@ class MetasploitModule < Msf::Auxiliary cred_details: @cred_collection, stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], - connection_timeout: 5 + connection_timeout: 5, + http_username: datastore['HttpUsername'], + http_password: datastore['HttpPassword'] ) ) end diff --git a/modules/auxiliary/scanner/http/mybook_live_login.rb b/modules/auxiliary/scanner/http/mybook_live_login.rb index 10a8ce6b42..ef26c0074e 100644 --- a/modules/auxiliary/scanner/http/mybook_live_login.rb +++ b/modules/auxiliary/scanner/http/mybook_live_login.rb @@ -60,6 +60,8 @@ class MetasploitModule < Msf::Auxiliary stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], connection_timeout: 10, + http_username: datastore['HttpUsername'], + http_password: datastore['HttpPassword'] ) ) diff --git a/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb b/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb index f6d645fbb2..ce68725982 100644 --- a/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb +++ b/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb @@ -31,8 +31,8 @@ class MetasploitModule < Msf::Auxiliary [ OptPath.new('FILELIST', [ true, "File containing sensitive files, one per line", File.join(Msf::Config.data_directory, "wordlists", "sensitive_files.txt") ]), - OptString.new('USERNAME',[ true, 'User to login with', 'service']), - OptString.new('PASSWORD',[ true, 'Password to login with', 'service']) + OptString.new('HttpUsername',[ true, 'User to login with', 'service']), + OptString.new('HttpPassword',[ true, 'Password to login with', 'service']) ], self.class) end @@ -82,8 +82,8 @@ class MetasploitModule < Msf::Auxiliary end def run_host(ip) - user = datastore['USERNAME'] - pass = datastore['PASSWORD'] + user = datastore['HttpUsername'] + pass = datastore['HttpPassword'] vprint_status("Trying to login with #{user} / #{pass}") diff --git a/modules/auxiliary/scanner/http/pocketpad_login.rb b/modules/auxiliary/scanner/http/pocketpad_login.rb index 5c4700f54a..137fae776d 100644 --- a/modules/auxiliary/scanner/http/pocketpad_login.rb +++ b/modules/auxiliary/scanner/http/pocketpad_login.rb @@ -25,6 +25,8 @@ class MetasploitModule < Msf::Auxiliary ], 'License' => MSF_LICENSE )) + + deregister_options('HttpUsername', 'HttpPassword') end def run_host(ip) diff --git a/modules/auxiliary/scanner/http/radware_appdirector_enum.rb b/modules/auxiliary/scanner/http/radware_appdirector_enum.rb index bc84d5d8a6..0945bceb3a 100644 --- a/modules/auxiliary/scanner/http/radware_appdirector_enum.rb +++ b/modules/auxiliary/scanner/http/radware_appdirector_enum.rb @@ -38,6 +38,8 @@ class MetasploitModule < Msf::Auxiliary OptString.new('USERNAME', [true, "A specific username to authenticate as, default 'radware'", "radware"]), OptString.new('PASSWORD', [true, "A specific password to authenticate with, deault 'radware'", "radware"]) ], self.class) + + deregister_options('HttpUsername', 'HttpPassword') end def run_host(ip) diff --git a/modules/auxiliary/scanner/http/symantec_web_gateway_login.rb b/modules/auxiliary/scanner/http/symantec_web_gateway_login.rb index 4f702e5cc1..5488abffad 100644 --- a/modules/auxiliary/scanner/http/symantec_web_gateway_login.rb +++ b/modules/auxiliary/scanner/http/symantec_web_gateway_login.rb @@ -28,6 +28,12 @@ class MetasploitModule < Msf::Auxiliary 'SSL' => true, } )) + + register_options( + [ + OptString.new('USERNAME', [false, 'The username to specify for authentication', '']), + OptString.new('PASSWORD', [false, 'The password to specify for authentication', '']) + ], self.class) end @@ -50,7 +56,9 @@ class MetasploitModule < Msf::Auxiliary cred_details: cred_collection, stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], - connection_timeout: 5 + connection_timeout: 5, + http_username: datastore['HttpUsername'], + http_password: datastore['HttpPassword'] )) }.call end diff --git a/modules/auxiliary/scanner/http/tomcat_mgr_login.rb b/modules/auxiliary/scanner/http/tomcat_mgr_login.rb index 5bc92f7447..36fd6025cb 100644 --- a/modules/auxiliary/scanner/http/tomcat_mgr_login.rb +++ b/modules/auxiliary/scanner/http/tomcat_mgr_login.rb @@ -58,6 +58,8 @@ class MetasploitModule < Msf::Auxiliary register_options( [ Opt::RPORT(8080), + OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', '']), + OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', '']), OptString.new('TARGETURI', [true, "URI for Manager login. Default is /manager/html", "/manager/html"]), OptPath.new('USERPASS_FILE', [ false, "File containing users and passwords separated by space, one pair per line", File.join(Msf::Config.data_directory, "wordlists", "tomcat_mgr_default_userpass.txt") ]), @@ -110,7 +112,9 @@ class MetasploitModule < Msf::Auxiliary cred_details: cred_collection, stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], - connection_timeout: 10 + connection_timeout: 10, + http_username: datastore['HttpUsername'], + http_password: datastore['HttpPassword'] ) ) diff --git a/modules/auxiliary/scanner/http/wordpress_multicall_creds.rb b/modules/auxiliary/scanner/http/wordpress_multicall_creds.rb index 12f8841bbe..3f2da7cf5f 100644 --- a/modules/auxiliary/scanner/http/wordpress_multicall_creds.rb +++ b/modules/auxiliary/scanner/http/wordpress_multicall_creds.rb @@ -116,6 +116,8 @@ class MetasploitModule < Msf::Auxiliary stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], connection_timeout: 5, + http_username: datastore['HttpUsername'], + http_password: datastore['HttpPassword'] ) ) diff --git a/modules/auxiliary/scanner/http/wordpress_xmlrpc_login.rb b/modules/auxiliary/scanner/http/wordpress_xmlrpc_login.rb index 02f774518a..bdf0190d7d 100644 --- a/modules/auxiliary/scanner/http/wordpress_xmlrpc_login.rb +++ b/modules/auxiliary/scanner/http/wordpress_xmlrpc_login.rb @@ -70,6 +70,8 @@ class MetasploitModule < Msf::Auxiliary stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], connection_timeout: 5, + http_username: datastore['HttpUsername'], + http_password: datastore['HttpPassword'] ) ) diff --git a/modules/auxiliary/scanner/http/zabbix_login.rb b/modules/auxiliary/scanner/http/zabbix_login.rb index 16256268f9..423c1f98d8 100644 --- a/modules/auxiliary/scanner/http/zabbix_login.rb +++ b/modules/auxiliary/scanner/http/zabbix_login.rb @@ -153,6 +153,8 @@ class MetasploitModule < Msf::Auxiliary stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], connection_timeout: 5, + http_username: datastore['HttpUsername'], + http_password: datastore['HttpPassword'] ) ) end diff --git a/modules/auxiliary/scanner/nessus/nessus_rest_login.rb b/modules/auxiliary/scanner/nessus/nessus_rest_login.rb index 1469af89cc..9cd685fe35 100644 --- a/modules/auxiliary/scanner/nessus/nessus_rest_login.rb +++ b/modules/auxiliary/scanner/nessus/nessus_rest_login.rb @@ -32,6 +32,8 @@ class MetasploitModule < Msf::Auxiliary Opt::RPORT(8834), OptString.new('TARGETURI', [ true, 'The path to the Nessus server login API', '/session']), ], self.class) + + deregister_options('HttpUsername', 'HttpPassword') end diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb index 114d6758d9..4c73ef5558 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb @@ -39,6 +39,8 @@ class MetasploitModule < Msf::Auxiliary File.join(Msf::Config.data_directory, "wordlists", "sap_common.txt") ]) ], self.class) register_autofilter_ports([ 50013 ]) + + deregister_options('HttpUsername', 'HttpPassword') end def run_host(rhost) diff --git a/modules/auxiliary/scanner/sap/sap_smb_relay.rb b/modules/auxiliary/scanner/sap/sap_smb_relay.rb index fb43861d0c..c892c27ce8 100644 --- a/modules/auxiliary/scanner/sap/sap_smb_relay.rb +++ b/modules/auxiliary/scanner/sap/sap_smb_relay.rb @@ -53,8 +53,8 @@ class MetasploitModule < Msf::Auxiliary register_options([ Opt::RPORT(8000), OptString.new('CLIENT', [true, 'SAP client', '001']), - OptString.new('USERNAME', [false, 'Username (Ex SAP*)']), - OptString.new('PASSWORD', [false, 'Password (Ex 06071992)']), + OptString.new('HttpUsername', [false, 'Username (Ex SAP*)']), + OptString.new('HttpPassword', [false, 'Password (Ex 06071992)']), OptAddress.new('LHOST', [true, 'Server IP or hostname of the SMB Capture system']), OptEnum.new('ABUSE', [true, 'SMB Relay abuse to use', "MMR", [ @@ -69,11 +69,11 @@ class MetasploitModule < Msf::Auxiliary end def valid_credentials? - if datastore['USERNAME'].nil? or datastore['USERNAME'].empty? + if datastore['HttpUsername'].blank? return false end - if datastore['PASSWORD'].nil? or datastore['PASSWORD'].empty? + if datastore['HttpPassword'].blank? return false end return true @@ -98,7 +98,7 @@ class MetasploitModule < Msf::Auxiliary res = send_request_raw({ 'uri' => '/sap/bw/xml/soap/xmla?sap-client=' + datastore['CLIENT'] + '&sap-language=EN', 'method' => 'POST', - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'data' => data, 'ctype' => 'text/xml; charset=UTF-8', 'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'] @@ -118,7 +118,7 @@ class MetasploitModule < Msf::Auxiliary begin smb_uri = "\\\\#{datastore['LHOST']}\\#{Rex::Text.rand_text_alpha_lower(7)}.#{Rex::Text.rand_text_alpha_lower(3)}" - if datastore['USERNAME'].empty? + if datastore['HttpUsername'].empty? vprint_status("#{rhost}:#{rport} - Sending unauthenticated request for #{smb_uri}") res = send_request_cgi({ 'uri' => '/mmr/MMR', @@ -137,7 +137,7 @@ class MetasploitModule < Msf::Auxiliary res = send_request_cgi({ 'uri' => '/mmr/MMR', 'method' => 'GET', - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'], 'ctype' => 'text/xml; charset=UTF-8', 'vars_get' => { @@ -169,7 +169,7 @@ class MetasploitModule < Msf::Auxiliary 'uri' => '/sap/bc/soap/rfc', 'method' => 'POST', 'data' => data, - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'], 'ctype' => 'text/xml; charset=UTF-8', 'headers' => { diff --git a/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb b/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb index 72033622a3..933d48e48a 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb @@ -43,8 +43,8 @@ class MetasploitModule < Msf::Auxiliary register_options([ Opt::RPORT(8000), OptString.new('CLIENT', [true, 'SAP client', '001']), - OptString.new('USERNAME', [true, 'Username', 'SAP*']), - OptString.new('PASSWORD', [true, 'Password', '06071992']), + OptString.new('HttpUsername', [true, 'Username', 'SAP*']), + OptString.new('HttpPassword', [true, 'Password', '06071992']), OptString.new('BAPI_FIRST',[true,'First name','John']), OptString.new('BAPI_LAST',[true,'Last name','Doe']), OptString.new('BAPI_PASSWORD',[true,'Password for the account (Default is msf1234)','msf1234']), @@ -103,7 +103,7 @@ class MetasploitModule < Msf::Auxiliary 'data' => data, 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}", 'ctype' => 'text/xml; charset=UTF-8', - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'headers' => { 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', }, diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb index f170841f30..cfcdf928bf 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb @@ -49,6 +49,8 @@ class MetasploitModule < Msf::Auxiliary OptPath.new('USERPASS_FILE', [ false, "File containing users and passwords separated by space, one pair per line", File.join(Msf::Config.data_directory, "wordlists", "sap_default.txt") ]) ], self.class) + + deregister_options('HttpUsername', 'HttpPassword') end def run_host(rhost) diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb index fe280f2599..dd4e0b9a5b 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb @@ -43,8 +43,8 @@ class MetasploitModule < Msf::Auxiliary register_options( [ OptString.new('CLIENT', [true, 'SAP Client', '001']), - OptString.new('USERNAME', [true, 'Username', 'SAP*']), - OptString.new('PASSWORD', [true, 'Password', '06071992']), + OptString.new('HttpUsername', [true, 'Username', 'SAP*']), + OptString.new('HttpPassword', [true, 'Password', '06071992']), OptEnum.new('OS', [true, 'Target OS', "linux", ['linux','windows']]), OptString.new('CMD', [true, 'Command to run', "id"]) ], self.class) @@ -98,7 +98,7 @@ class MetasploitModule < Msf::Auxiliary 'data' => data, 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}", 'ctype' => 'text/xml; charset=UTF-8', - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'headers' => { 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', }, diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec.rb index 567db4db73..544879301b 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec.rb @@ -44,8 +44,8 @@ class MetasploitModule < Msf::Auxiliary [ Opt::RPORT(8000), OptString.new('CLIENT', [true, 'SAP Client', '001']), - OptString.new('USERNAME', [true, 'Username', 'SAP*']), - OptString.new('PASSWORD', [true, 'Password', '06071992']), + OptString.new('HttpUsername', [true, 'Username', 'SAP*']), + OptString.new('HttpPassword', [true, 'Password', '06071992']), OptEnum.new('OS', [true, 'Target OS', "linux", ['linux','windows']]), OptString.new('CMD', [true, 'Command to run', "id"]) ], self.class) @@ -99,7 +99,7 @@ class MetasploitModule < Msf::Auxiliary 'data' => data, 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}", 'ctype' => 'text/xml; charset=UTF-8', - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'headers' => { 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', }, diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_eps_get_directory_listing.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_eps_get_directory_listing.rb index 3946cdc795..d0171301d2 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_eps_get_directory_listing.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_eps_get_directory_listing.rb @@ -50,8 +50,8 @@ class MetasploitModule < Msf::Auxiliary register_options([ Opt::RPORT(8000), OptString.new('CLIENT', [true, 'SAP Client', '001']), - OptString.new('USERNAME', [true, 'Username', 'SAP*']), - OptString.new('PASSWORD', [true, 'Password', '06071992']), + OptString.new('HttpUsername', [true, 'Username', 'SAP*']), + OptString.new('HttpPassword', [true, 'Password', '06071992']), OptString.new('DIR',[true,'Directory path (e.g. /etc)','/etc']) ], self.class) end @@ -75,7 +75,7 @@ class MetasploitModule < Msf::Auxiliary 'uri' => '/sap/bc/soap/rfc', 'method' => 'POST', 'data' => data, - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'], 'ctype' => 'text/xml; charset=UTF-8', 'headers' => { diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_pfl_check_os_file_existence.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_pfl_check_os_file_existence.rb index 2a5dc93882..7ae555feed 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_pfl_check_os_file_existence.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_pfl_check_os_file_existence.rb @@ -52,8 +52,8 @@ class MetasploitModule < Msf::Auxiliary register_options([ OptString.new('CLIENT', [true, 'SAP Client', '001']), - OptString.new('USERNAME', [true, 'Username', 'SAP*']), - OptString.new('PASSWORD', [true, 'Password', '06071992']), + OptString.new('HttpUsername', [true, 'Username', 'SAP*']), + OptString.new('HttpPassword', [true, 'Password', '06071992']), OptString.new('FILEPATH',[true,'File Path to check for (e.g. /etc)','/etc/passwd']) ], self.class) end @@ -77,7 +77,7 @@ class MetasploitModule < Msf::Auxiliary 'uri' => '/sap/bc/soap/rfc', 'method' => 'POST', 'data' => data, - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'], 'ctype' => 'text/xml; charset=UTF-8', 'headers' => { diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb index f8572c005c..935d3cf98f 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb @@ -45,8 +45,8 @@ class MetasploitModule < Msf::Auxiliary [ Opt::RPORT(8000), OptString.new('CLIENT', [true, 'Client', '001']), - OptString.new('USERNAME', [true, 'Username ', 'SAP*']), - OptString.new('PASSWORD', [true, 'Password ', '06071992']) + OptString.new('HttpUsername', [true, 'Username ', 'SAP*']), + OptString.new('HttpPassword', [true, 'Password ', '06071992']) ], self.class) end @@ -66,7 +66,7 @@ class MetasploitModule < Msf::Auxiliary 'method' => 'POST', 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{client}", 'data' => data, - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'ctype' => 'text/xml; charset=UTF-8', 'headers' => { 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions' diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb index d7ee3ed5a9..e86664c91e 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb @@ -45,8 +45,8 @@ class MetasploitModule < Msf::Auxiliary [ Opt::RPORT(8000), OptString.new('CLIENT', [true, 'SAP client', '001']), - OptString.new('USERNAME', [true, 'Username', 'SAP*']), - OptString.new('PASSWORD', [true, 'Password', '06071992']), + OptString.new('HttpUsername', [true, 'Username', 'SAP*']), + OptString.new('HttpPassword', [true, 'Password', '06071992']), OptString.new('TABLE', [true, 'Table to read', 'USR02']), OptString.new('FIELDS', [true, 'Fields to read', 'BNAME,BCODE']) ], self.class) @@ -87,7 +87,7 @@ class MetasploitModule < Msf::Auxiliary 'method' => 'POST', 'data' => data, 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}", - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'ctype' => 'text/xml; charset=UTF-8', 'encode_params' => false, 'headers' => { diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_rzl_read_dir.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_rzl_read_dir.rb index 4a78406fc9..10a5670bab 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_rzl_read_dir.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_rzl_read_dir.rb @@ -51,8 +51,8 @@ class MetasploitModule < Msf::Auxiliary register_options([ OptString.new('CLIENT', [true, 'SAP Client', '001']), - OptString.new('USERNAME', [true, 'Username', 'SAP*']), - OptString.new('PASSWORD', [true, 'Password', '06071992']), + OptString.new('HttpUsername', [true, 'Username', 'SAP*']), + OptString.new('HttpPassword', [true, 'Password', '06071992']), OptString.new('DIR',[true,'Directory path (e.g. /etc)','/etc']) ], self.class) end @@ -99,7 +99,7 @@ class MetasploitModule < Msf::Auxiliary 'uri' => '/sap/bc/soap/rfc', 'method' => 'POST', 'data' => data, - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'], 'ctype' => 'text/xml; charset=UTF-8', 'headers' => { diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface.rb index 21c1d4caba..9958ef4ddd 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface.rb @@ -43,8 +43,8 @@ class MetasploitModule < Msf::Auxiliary [ Opt::RPORT(8000), OptString.new('CLIENT', [true, 'SAP client', '001']), - OptString.new('USERNAME', [true, 'Username', 'SAP*']), - OptString.new('PASSWORD', [true, 'Password', '06071992']), + OptString.new('HttpUsername', [true, 'Username', 'SAP*']), + OptString.new('HttpPassword', [true, 'Password', '06071992']), OptString.new('ABAP_PASSWORD',[false,'Password for the account (Default is msf1234)','msf1234']), OptString.new('ABAP_USER',[false,'Username for the account (Username in upper case only. Default is MSF)', 'MSF']) ], self.class) @@ -76,7 +76,7 @@ class MetasploitModule < Msf::Auxiliary 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}", 'ctype' => 'text/xml; charset=UTF-8', 'encode_params' => false, - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'headers' => { 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions' }, diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec.rb index 6946dff925..0615e0c753 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec.rb @@ -45,8 +45,8 @@ class MetasploitModule < Msf::Auxiliary [ Opt::RPORT(8000), OptString.new('CLIENT', [true, 'SAP Client', '001']), - OptString.new('USERNAME', [true, 'Username', 'SAP*']), - OptString.new('PASSWORD', [true, 'Password', '06071992']), + OptString.new('HttpUsername', [true, 'Username', 'SAP*']), + OptString.new('HttpPassword', [true, 'Password', '06071992']), OptString.new('CMD', [true, 'SM69 command to be executed', 'PING']), OptString.new('PARAM', [false, 'Additional parameters for the SM69 command', nil]), OptEnum.new('OS', [true, 'SM69 Target OS','ANYOS',['ANYOS', 'UNIX', 'Windows NT', 'AS/400', 'OS/400']]) @@ -79,7 +79,7 @@ class MetasploitModule < Msf::Auxiliary 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}", 'ctype' => 'text/xml; charset=UTF-8', 'encode_params' => false, - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'headers' => { 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', }, diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec.rb index 1302852087..026be35789 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec.rb @@ -45,8 +45,8 @@ class MetasploitModule < Msf::Auxiliary [ Opt::RPORT(8000), OptString.new('CLIENT', [true, 'SAP Client', '001']), - OptString.new('USERNAME', [true, 'Username', 'SAP*']), - OptString.new('PASSWORD', [true, 'Password', '06071992']), + OptString.new('HttpUsername', [true, 'Username', 'SAP*']), + OptString.new('HttpPassword', [true, 'Password', '06071992']), OptString.new('CMD', [true, 'SM69 command to be executed', 'PING']), OptString.new('PARAM', [false, 'Additional parameters for the SM69 command', nil]), OptEnum.new('OS', [true, 'SM69 Target OS','ANYOS',['ANYOS', 'UNIX', 'Windows NT', 'AS/400', 'OS/400']]) @@ -79,7 +79,7 @@ class MetasploitModule < Msf::Auxiliary 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}", 'ctype' => 'text/xml; charset=UTF-8', 'encode_params' => false, - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'headers' =>{ 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', }, diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb index 7069c66c5b..8d9debb9f5 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb @@ -47,8 +47,8 @@ class MetasploitModule < Msf::Auxiliary [ Opt::RPORT(8000), OptString.new('CLIENT', [true, 'SAP Client ', '001']), - OptString.new('USERNAME', [true, 'Username', 'SAP*']), - OptString.new('PASSWORD', [true, 'Password', '06071992']), + OptString.new('HttpUsername', [true, 'Username', 'SAP*']), + OptString.new('HttpPassword', [true, 'Password', '06071992']), ], self.class) end @@ -95,7 +95,7 @@ class MetasploitModule < Msf::Auxiliary 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}", 'ctype' => 'text/xml; charset=UTF-8', 'encode_params' => false, - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'headers' =>{ 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', }, diff --git a/modules/auxiliary/scanner/sap/sap_soap_th_saprel_disclosure.rb b/modules/auxiliary/scanner/sap/sap_soap_th_saprel_disclosure.rb index f7233c60d9..09e6ee3b0b 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_th_saprel_disclosure.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_th_saprel_disclosure.rb @@ -45,8 +45,8 @@ class MetasploitModule < Msf::Auxiliary [ Opt::RPORT(8000), OptString.new('CLIENT', [true, 'SAP Client', '001']), - OptString.new('USERNAME', [true, 'Username', 'SAP*']), - OptString.new('PASSWORD', [true, 'Password', '06071992']) + OptString.new('HttpUsername', [true, 'Username', 'SAP*']), + OptString.new('HttpPassword', [true, 'Password', '06071992']) ], self.class) end @@ -70,7 +70,7 @@ class MetasploitModule < Msf::Auxiliary 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}", 'ctype' => 'text/xml; charset=UTF-8', 'encode_params' => false, - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'headers' => { 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', }, diff --git a/modules/auxiliary/scanner/winrm/winrm_login.rb b/modules/auxiliary/scanner/winrm/winrm_login.rb index 8b651e1935..5b7f023495 100644 --- a/modules/auxiliary/scanner/winrm/winrm_login.rb +++ b/modules/auxiliary/scanner/winrm/winrm_login.rb @@ -35,7 +35,6 @@ class MetasploitModule < Msf::Auxiliary ], 'License' => MSF_LICENSE ) - end diff --git a/modules/exploits/linux/http/dlink_dcs931l_upload.rb b/modules/exploits/linux/http/dlink_dcs931l_upload.rb index 588b4e8675..ac4482c5b0 100644 --- a/modules/exploits/linux/http/dlink_dcs931l_upload.rb +++ b/modules/exploits/linux/http/dlink_dcs931l_upload.rb @@ -60,16 +60,16 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ - OptString.new('USERNAME', [true, 'Camera username', 'admin']), - OptString.new('PASSWORD', [false, 'Camera password (default: blank)', '']) + OptString.new('HttpUsername', [true, 'Camera username', 'admin']), + OptString.new('HttpPassword', [false, 'Camera password (default: blank)', '']) ], self.class) end def check res = send_request_cgi( 'uri' => normalize_uri('uploadfile.htm'), - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD'] - )) + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']) + ) unless res vprint_status("The connection timed out.") @@ -126,7 +126,7 @@ class MetasploitModule < Msf::Exploit::Remote res = send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri('setSystemAdmin'), - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'vars_post' => Hash[{ 'ReplySuccessPage' => 'advanced.htm', 'ReplyErrorPage' => 'errradv.htm', @@ -203,7 +203,7 @@ EOF send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri('setFileUpload'), - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'ctype' => "multipart/form-data; boundary=#{boundary}", 'data' => post_data) end diff --git a/modules/exploits/linux/http/dlink_dcs_930l_authenticated_remote_command_execution.rb b/modules/exploits/linux/http/dlink_dcs_930l_authenticated_remote_command_execution.rb index 204c28565a..e4660dc305 100644 --- a/modules/exploits/linux/http/dlink_dcs_930l_authenticated_remote_command_execution.rb +++ b/modules/exploits/linux/http/dlink_dcs_930l_authenticated_remote_command_execution.rb @@ -46,8 +46,8 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ - OptString.new('USERNAME', [ true, 'User to login with', 'admin']), - OptString.new('PASSWORD', [ false, 'Password to login with', '']) + OptString.new('HttpUsername', [ true, 'User to login with', 'admin']), + OptString.new('HttpPassword', [ false, 'Password to login with', '']) ], self.class) register_advanced_options( @@ -66,8 +66,8 @@ class MetasploitModule < Msf::Exploit::Remote end def exploit - user = datastore['USERNAME'] - pass = datastore['PASSWORD'] || '' + user = datastore['HttpUsername'] + pass = datastore['HttpPassword'] || '' test_login(user, pass) exploit_telnet diff --git a/modules/exploits/linux/http/f5_icall_cmd.rb b/modules/exploits/linux/http/f5_icall_cmd.rb index a7fa0234a7..b2be257015 100644 --- a/modules/exploits/linux/http/f5_icall_cmd.rb +++ b/modules/exploits/linux/http/f5_icall_cmd.rb @@ -55,8 +55,8 @@ class MetasploitModule < Msf::Exploit::Remote Opt::RPORT(443), OptBool.new('SSL', [true, 'Use SSL', true]), OptString.new('TARGETURI', [true, 'The base path to the iControl installation', '/iControl/iControlPortal.cgi']), - OptString.new('USERNAME', [true, 'The username to authenticate with', 'admin']), - OptString.new('PASSWORD', [true, 'The password to authenticate with', 'admin']) + OptString.new('HttpUsername', [true, 'The username to authenticate with', 'admin']), + OptString.new('HttpPassword', [true, 'The password to authenticate with', 'admin']) ]) register_advanced_options( [ @@ -103,8 +103,8 @@ class MetasploitModule < Msf::Exploit::Remote 'uri' => normalize_uri(target_uri.path), 'method' => 'POST', 'data' => pay, - 'username' => datastore['USERNAME'], - 'password' => datastore['PASSWORD'] + 'username' => datastore['HttpUsername'], + 'password' => datastore['HttpPassword'] ) if res return res diff --git a/modules/exploits/linux/http/f5_icontrol_exec.rb b/modules/exploits/linux/http/f5_icontrol_exec.rb index 05a1ad2591..833681f114 100644 --- a/modules/exploits/linux/http/f5_icontrol_exec.rb +++ b/modules/exploits/linux/http/f5_icontrol_exec.rb @@ -43,8 +43,8 @@ class MetasploitModule < Msf::Exploit::Remote Opt::RPORT(443), OptBool.new('SSL', [true, 'Use SSL', true]), OptString.new('TARGETURI', [true, 'The base path to the iControl installation', '/']), - OptString.new('USERNAME', [true, 'The username to authenticate with', 'admin']), - OptString.new('PASSWORD', [true, 'The password to authenticate with', 'admin']) + OptString.new('HttpUsername', [true, 'The username to authenticate with', 'admin']), + OptString.new('HttpPassword', [true, 'The password to authenticate with', 'admin']) ], self.class) end @@ -61,8 +61,8 @@ class MetasploitModule < Msf::Exploit::Remote 'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'), 'method' => 'POST', 'data' => get_hostname, - 'username' => datastore['USERNAME'], - 'password' => datastore['PASSWORD'] + 'username' => datastore['HttpUsername'], + 'password' => datastore['HttpPassword'] }) res.body =~ /y:string">(.*)<\/return/ @@ -73,8 +73,8 @@ class MetasploitModule < Msf::Exploit::Remote 'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'), 'method' => 'POST', 'data' => get_hostname, - 'username' => datastore['USERNAME'], - 'password' => datastore['PASSWORD'] + 'username' => datastore['HttpUsername'], + 'password' => datastore['HttpPassword'] }) res.body =~ /y:string">(.*)<\/return/ @@ -95,8 +95,8 @@ class MetasploitModule < Msf::Exploit::Remote 'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'), 'method' => 'POST', 'data' => pay, - 'username' => datastore['USERNAME'], - 'password' => datastore['PASSWORD'] + 'username' => datastore['HttpUsername'], + 'password' => datastore['HttpPassword'] }) return Exploit::CheckCode::Vulnerable @@ -120,8 +120,8 @@ class MetasploitModule < Msf::Exploit::Remote 'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'), 'method' => 'POST', 'data' => pay, - 'username' => datastore['USERNAME'], - 'password' => datastore['PASSWORD'] + 'username' => datastore['HttpUsername'], + 'password' => datastore['HttpPassword'] }) end diff --git a/modules/exploits/linux/http/linksys_e1500_apply_exec.rb b/modules/exploits/linux/http/linksys_e1500_apply_exec.rb index d2f717dc84..1dbfb9f6e8 100644 --- a/modules/exploits/linux/http/linksys_e1500_apply_exec.rb +++ b/modules/exploits/linux/http/linksys_e1500_apply_exec.rb @@ -63,8 +63,8 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ - OptString.new('USERNAME', [ true, 'The username to authenticate as', 'admin' ]), - OptString.new('PASSWORD', [ true, 'The password for the specified username', 'admin' ]), + OptString.new('HttpUsername', [ true, 'The username to authenticate as', 'admin' ]), + OptString.new('HttpPassword', [ true, 'The password for the specified username', 'admin' ]), OptAddress.new('DOWNHOST', [ false, 'An alternative host to request the MIPS payload from' ]), OptString.new('DOWNFILE', [ false, 'Filename to download, (default: random)' ]), OptInt.new('HTTP_DELAY', [true, 'Time that the HTTP Server will wait for the ELF payload request', 60]) @@ -100,8 +100,8 @@ class MetasploitModule < Msf::Exploit::Remote def exploit downfile = datastore['DOWNFILE'] || rand_text_alpha(8+rand(8)) uri = '/apply.cgi' - user = datastore['USERNAME'] - pass = datastore['PASSWORD'] + user = datastore['HttpUsername'] + pass = datastore['HttpPassword'] rhost = datastore['RHOST'] rport = datastore['RPORT'] diff --git a/modules/exploits/linux/http/linksys_wrt110_cmd_exec.rb b/modules/exploits/linux/http/linksys_wrt110_cmd_exec.rb index 11ff4d4d9a..42588991ae 100644 --- a/modules/exploits/linux/http/linksys_wrt110_cmd_exec.rb +++ b/modules/exploits/linux/http/linksys_wrt110_cmd_exec.rb @@ -43,8 +43,8 @@ class MetasploitModule < Msf::Exploit::Remote )) register_options([ - OptString.new('USERNAME', [ false, 'Valid router administrator username', 'admin']), - OptString.new('PASSWORD', [ false, 'Password to login with', 'admin']), + OptString.new('HttpUsername', [ false, 'Valid router administrator username', 'admin']), + OptString.new('HttpPassword', [ false, 'Password to login with', 'admin']), OptAddress.new('RHOST', [true, 'The address of the router', '192.168.1.1']), OptInt.new('TIMEOUT', [false, 'The timeout to use in every request', 20]) ], self.class) @@ -106,11 +106,11 @@ class MetasploitModule < Msf::Exploit::Remote # Helper methods def user - datastore['USERNAME'] + datastore['HttpUsername'] end def pass - datastore['PASSWORD'] || '' + datastore['HttpPassword'] || '' end def send_auth_request_cgi(opts={}, timeout=nil) diff --git a/modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rb b/modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rb index 11e0b35ccf..d375f3b7f9 100644 --- a/modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rb +++ b/modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rb @@ -65,8 +65,8 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ - OptString.new('USERNAME', [ true, 'The username to authenticate as', 'admin' ]), - OptString.new('PASSWORD', [ true, 'The password for the specified username', 'admin' ]), + OptString.new('HttpUsername', [ true, 'The username to authenticate as', 'admin' ]), + OptString.new('HttpPassword', [ true, 'The password for the specified username', 'admin' ]), OptAddress.new('LHOST', [ true, 'The listen IP address from where the victim downloads the MIPS payload' ]), OptString.new('DOWNFILE', [ false, 'Filename to download, (default: random)' ]), OptInt.new('DELAY', [true, 'Time that the HTTP Server will wait for the ELF payload request', 10]) @@ -102,8 +102,8 @@ class MetasploitModule < Msf::Exploit::Remote def exploit downfile = datastore['DOWNFILE'] || rand_text_alpha(8+rand(4)) uri = '/apply.cgi' - user = datastore['USERNAME'] - pass = datastore['PASSWORD'] + user = datastore['HttpUsername'] + pass = datastore['HttpPassword'] lhost = datastore['LHOST'] # diff --git a/modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb b/modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb index fb0d1ca187..d889ea6568 100644 --- a/modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb +++ b/modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb @@ -65,8 +65,8 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ - OptString.new('USERNAME', [ true, 'The username to authenticate as', 'admin' ]), - OptString.new('PASSWORD', [ true, 'The password for the specified username', 'admin' ]), + OptString.new('HttpUsername', [ true, 'The username to authenticate as', 'admin' ]), + OptString.new('HttpPassword', [ true, 'The password for the specified username', 'admin' ]), OptAddress.new('DOWNHOST', [ false, 'An alternative host to request the MIPS payload from' ]), OptString.new('DOWNFILE', [ false, 'Filename to download, (default: random)' ]), OptInt.new('HTTP_DELAY', [true, 'Time that the HTTP Server will wait for the ELF payload request', 60]), @@ -243,8 +243,8 @@ class MetasploitModule < Msf::Exploit::Remote def exploit downfile = datastore['DOWNFILE'] || rand_text_alpha(8+rand(8)) uri = '/apply.cgi' - user = datastore['USERNAME'] - pass = datastore['PASSWORD'] + user = datastore['HttpUsername'] + pass = datastore['HttpPassword'] rhost = datastore['RHOST'] rport = datastore['RPORT'] restore = datastore['RESTORE_CONF'] diff --git a/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb b/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb index 0d0c2e5fc9..6caa30d7f8 100644 --- a/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb +++ b/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb @@ -65,8 +65,8 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ - OptString.new('USERNAME', [ true, 'The username to authenticate as', 'admin' ]), - OptString.new('PASSWORD', [ true, 'The password for the specified username', 'password' ]), + OptString.new('HttpUsername', [ true, 'The username to authenticate as', 'admin' ]), + OptString.new('HttpPassword', [ true, 'The password for the specified username', 'password' ]), OptAddress.new('DOWNHOST', [ false, 'An alternative host to request the MIPS payload from' ]), OptString.new('DOWNFILE', [ false, 'Filename to download, (default: random)' ]), OptInt.new('HTTP_DELAY', [true, 'Time that the HTTP Server will wait for the ELF payload request', 60]) @@ -104,8 +104,8 @@ class MetasploitModule < Msf::Exploit::Remote def exploit downfile = datastore['DOWNFILE'] || rand_text_alpha(8+rand(8)) uri = '/setup.cgi' - user = datastore['USERNAME'] - pass = datastore['PASSWORD'] + user = datastore['HttpUsername'] + pass = datastore['HttpPassword'] rhost = datastore['RHOST'] rport = datastore['RPORT'] diff --git a/modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb b/modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb index 41d72de2b9..74d53b5e34 100644 --- a/modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb +++ b/modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb @@ -65,8 +65,8 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ - OptString.new('USERNAME', [ true, 'The username to authenticate as', 'admin' ]), - OptString.new('PASSWORD', [ true, 'The password for the specified username', 'password' ]), + OptString.new('HttpUsername', [ true, 'The username to authenticate as', 'admin' ]), + OptString.new('HttpPassword', [ true, 'The password for the specified username', 'password' ]), OptAddress.new('DOWNHOST', [ false, 'An alternative host to request the MIPS payload from' ]), OptString.new('DOWNFILE', [ false, 'Filename to download, (default: random)' ]), OptInt.new('HTTP_DELAY', [true, 'Time that the HTTP Server will wait for the ELF payload request', 60]), @@ -217,8 +217,8 @@ class MetasploitModule < Msf::Exploit::Remote def exploit downfile = datastore['DOWNFILE'] || rand_text_alpha(8+rand(8)) uri = '/pppoe.cgi' - user = datastore['USERNAME'] - pass = datastore['PASSWORD'] + user = datastore['HttpUsername'] + pass = datastore['HttpPassword'] @timeout = datastore['RELOAD_CONF_DELAY'] # diff --git a/modules/exploits/linux/http/piranha_passwd_exec.rb b/modules/exploits/linux/http/piranha_passwd_exec.rb index 2422a19bb5..2973589dc4 100644 --- a/modules/exploits/linux/http/piranha_passwd_exec.rb +++ b/modules/exploits/linux/http/piranha_passwd_exec.rb @@ -70,8 +70,8 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ - OptString.new('USERNAME', [true, 'The HTTP username to specify for basic authentication', 'piranha']), - OptString.new('PASSWORD', [true, 'The HTTP password to specify for basic authentication', 'q']) + OptString.new('HttpUsername', [true, 'The HTTP username to specify for basic authentication', 'piranha']), + OptString.new('HttpPassword', [true, 'The HTTP password to specify for basic authentication', 'q']) ], self.class) end diff --git a/modules/exploits/linux/http/tp_link_sc2020n_authenticated_telnet_injection.rb b/modules/exploits/linux/http/tp_link_sc2020n_authenticated_telnet_injection.rb index 78c464ca15..7dc57f3513 100644 --- a/modules/exploits/linux/http/tp_link_sc2020n_authenticated_telnet_injection.rb +++ b/modules/exploits/linux/http/tp_link_sc2020n_authenticated_telnet_injection.rb @@ -45,8 +45,8 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ - OptString.new('USERNAME', [ true, 'User to login with', 'admin']), - OptString.new('PASSWORD', [ true, 'Password to login with', 'admin']) + OptString.new('HttpUsername', [ true, 'User to login with', 'admin']), + OptString.new('HttpPassword', [ true, 'Password to login with', 'admin']) ], self.class) register_advanced_options( @@ -66,8 +66,8 @@ class MetasploitModule < Msf::Exploit::Remote def exploit print_status('Exploiting') - user = datastore['USERNAME'] - pass = datastore['PASSWORD'] + user = datastore['HttpUsername'] + pass = datastore['HttpPassword'] test_login(user, pass) exploit_telnet end diff --git a/modules/exploits/linux/http/zen_load_balancer_exec.rb b/modules/exploits/linux/http/zen_load_balancer_exec.rb index d388ce25d8..68e6fb3558 100644 --- a/modules/exploits/linux/http/zen_load_balancer_exec.rb +++ b/modules/exploits/linux/http/zen_load_balancer_exec.rb @@ -59,8 +59,8 @@ class MetasploitModule < Msf::Exploit::Remote [ Opt::RPORT(444), OptBool.new('SSL', [true, 'Use SSL', true]), - OptString.new('USERNAME', [true, 'The username for the application', 'admin']), - OptString.new('PASSWORD', [true, 'The password for the application', 'admin']) + OptString.new('HttpUsername', [true, 'The username for the application', 'admin']), + OptString.new('HttpPassword', [true, 'The password for the application', 'admin']) ], self.class) end @@ -86,8 +86,8 @@ class MetasploitModule < Msf::Exploit::Remote end def exploit - user = datastore['USERNAME'] - pass = datastore['PASSWORD'] + user = datastore['HttpUsername'] + pass = datastore['HttpPassword'] cmd = Rex::Text.uri_encode(";#{payload.encoded}&") lines = rand(100) + 1 diff --git a/modules/exploits/multi/http/cups_bash_env_exec.rb b/modules/exploits/multi/http/cups_bash_env_exec.rb index c8d35b9342..3ba27ab138 100644 --- a/modules/exploits/multi/http/cups_bash_env_exec.rb +++ b/modules/exploits/multi/http/cups_bash_env_exec.rb @@ -59,8 +59,8 @@ class MetasploitModule < Msf::Exploit::Remote register_options([ Opt::RPORT(631), OptBool.new('SSL', [ true, 'Use SSL', true ]), - OptString.new('USERNAME', [ true, 'CUPS username', 'root']), - OptString.new('PASSWORD', [ true, 'CUPS user password', '']), + OptString.new('HttpUsername', [ true, 'CUPS username', 'root']), + OptString.new('HttpPassword', [ true, 'CUPS user password', '']), OptEnum.new('CVE', [ true, 'CVE to exploit', 'CVE-2014-6271', ['CVE-2014-6271', 'CVE-2014-6278'] ]), OptString.new('RPATH', [ true, 'Target PATH for binaries', '/bin' ]) ], self.class) @@ -233,7 +233,7 @@ EOF 'ctype' => "multipart/form-data; boundary=#{pd.bound}", 'data' => data, 'cookie' => "org.cups.sid=#{@cookie};", - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']) + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']) ) end @@ -245,7 +245,7 @@ EOF send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'printers', printer_name), - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'cookie' => "org.cups.sid=#{@cookie}", 'vars_post' => { 'org.cups.sid' => @cookie, @@ -262,7 +262,7 @@ EOF send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'admin'), - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'cookie' => "org.cups.sid=#{@cookie}", 'vars_post' => { 'org.cups.sid' => @cookie, diff --git a/modules/exploits/multi/http/gestioip_exec.rb b/modules/exploits/multi/http/gestioip_exec.rb index 5f4c75ebb5..3ce66f4b55 100644 --- a/modules/exploits/multi/http/gestioip_exec.rb +++ b/modules/exploits/multi/http/gestioip_exec.rb @@ -46,17 +46,17 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ OptString.new('TARGETURI', [true, 'URI', '/gestioip/']), - OptString.new('USERNAME', [false, 'The username to auth as', 'gipadmin']), - OptString.new('PASSWORD', [false, 'The password to auth with', nil]) + OptString.new('HttpUsername', [false, 'The username to auth as', 'gipadmin']), + OptString.new('HttpPassword', [false, 'The password to auth with', nil]) ], self.class) end def user - datastore['USERNAME'] + datastore['HttpUsername'] end def pass - datastore['PASSWORD'] + datastore['HttpPassword'] end def use_auth diff --git a/modules/exploits/multi/http/glassfish_deployer.rb b/modules/exploits/multi/http/glassfish_deployer.rb index dadd0efdc8..348204cde6 100644 --- a/modules/exploits/multi/http/glassfish_deployer.rb +++ b/modules/exploits/multi/http/glassfish_deployer.rb @@ -639,7 +639,9 @@ class MetasploitModule < Msf::Exploit::Remote @scanner = Metasploit::Framework::LoginScanner::Glassfish.new( configure_http_login_scanner( cred_details: @cred_collection, - connection_timeout: 5 + connection_timeout: 5, + http_username: datastore['HttpUsername'], + http_password: datastore['HttpPassword'] ) ) end diff --git a/modules/exploits/multi/http/jboss_maindeployer.rb b/modules/exploits/multi/http/jboss_maindeployer.rb index 50f2944360..d13e2bb018 100644 --- a/modules/exploits/multi/http/jboss_maindeployer.rb +++ b/modules/exploits/multi/http/jboss_maindeployer.rb @@ -82,8 +82,8 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ Opt::RPORT(8080), - OptString.new('USERNAME', [ false, 'The username to authenticate as' ]), - OptString.new('PASSWORD', [ false, 'The password for the specified username' ]), + OptString.new('HttpUsername', [ false, 'The username to authenticate as' ]), + OptString.new('HttpPassword', [ false, 'The password for the specified username' ]), OptString.new('JSP', [ false, 'JSP name to use without .jsp extension (default: random)', nil ]), OptString.new('APPBASE', [ false, 'Application base name, (default: random)', nil ]), OptString.new('PATH', [ true, 'The URI path of the console', '/jmx-console' ]), diff --git a/modules/exploits/multi/http/netwin_surgeftp_exec.rb b/modules/exploits/multi/http/netwin_surgeftp_exec.rb index 117e37cc8b..e3342d1af1 100644 --- a/modules/exploits/multi/http/netwin_surgeftp_exec.rb +++ b/modules/exploits/multi/http/netwin_surgeftp_exec.rb @@ -41,8 +41,8 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ Opt::RPORT(7021), - OptString.new('USERNAME', [ true, 'The username with admin role to authenticate as', 'admin' ]), - OptString.new('PASSWORD', [ true, 'The password for the specified username', 'password' ]) + OptString.new('HttpUsername', [ true, 'The username with admin role to authenticate as', 'admin' ]), + OptString.new('HttpPassword', [ true, 'The password for the specified username', 'password' ]) ], self.class) end @@ -64,7 +64,7 @@ class MetasploitModule < Msf::Exploit::Remote { 'uri' => '/cgi/surgeftpmgr.cgi', 'method' => 'POST', - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'vars_post' => { 'global_smtp' => "", diff --git a/modules/exploits/multi/http/tomcat_mgr_deploy.rb b/modules/exploits/multi/http/tomcat_mgr_deploy.rb index 8bcde06e80..7414bf28ff 100644 --- a/modules/exploits/multi/http/tomcat_mgr_deploy.rb +++ b/modules/exploits/multi/http/tomcat_mgr_deploy.rb @@ -102,8 +102,8 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ - OptString.new('USERNAME', [ false, 'The username to authenticate as' ]), - OptString.new('PASSWORD', [ false, 'The password for the specified username' ]), + OptString.new('HttpUsername', [ false, 'The username to authenticate as' ]), + OptString.new('HttpPassword', [ false, 'The password for the specified username' ]), # /cognos_express/manager/ for Cognos Express (19300) OptString.new('PATH', [ true, "The URI path of the manager app (/deploy and /undeploy will be used)", '/manager']) ], self.class) @@ -312,8 +312,8 @@ class MetasploitModule < Msf::Exploit::Remote origin_type: :service, module_fullname: self.fullname, private_type: :password, - private_data: datastore['PASSWORD'].downcase, - username: datastore['USERNAME'] + private_data: datastore['HttpPassword'].downcase, + username: datastore['HttpUsername'] } credential_data.merge!(service_data) diff --git a/modules/exploits/multi/http/tomcat_mgr_upload.rb b/modules/exploits/multi/http/tomcat_mgr_upload.rb index 802cb21512..fdcedaa6eb 100644 --- a/modules/exploits/multi/http/tomcat_mgr_upload.rb +++ b/modules/exploits/multi/http/tomcat_mgr_upload.rb @@ -95,8 +95,8 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ - OptString.new('USERNAME', [false, 'The username to authenticate as']), - OptString.new('PASSWORD', [false, 'The password for the specified username']), + OptString.new('HttpUsername', [false, 'The username to authenticate as']), + OptString.new('HttpPassword', [false, 'The password for the specified username']), # /cognos_express/manager/ for Cognos Express (19300) OptString.new('TARGETURI', [true, "The URI path of the manager app (/html/upload and /undeploy will be used)", '/manager']) ], self.class) @@ -309,8 +309,8 @@ class MetasploitModule < Msf::Exploit::Remote 'uri' => url, 'method' => 'POST', 'ctype' => 'multipart/form-data; boundary=---------------------------' + boundary_identifier, - 'user' => datastore['USERNAME'], - 'password' => datastore['PASSWORD'], + 'user' => datastore['HttpUsername'], + 'password' => datastore['HttpPassword'], 'cookie' => @session_id, 'vars_get' => vars_get, 'data' => generate_multipart_msg(boundary_identifier, war), @@ -324,8 +324,8 @@ class MetasploitModule < Msf::Exploit::Remote 'uri' => url, 'vars_get' => vars_get, 'method' => 'POST', - 'user' => datastore['USERNAME'], - 'password' => datastore['PASSWORD'], + 'user' => datastore['HttpUsername'], + 'password' => datastore['HttpPassword'], 'cookie' => @session_id }) @@ -417,8 +417,8 @@ class MetasploitModule < Msf::Exploit::Remote origin_type: :service, module_fullname: self.fullname, private_type: :password, - private_data: datastore['PASSWORD'].downcase, - username: datastore['USERNAME'] + private_data: datastore['HttpPassword'].downcase, + username: datastore['HttpUsername'] } credential_data.merge!(service_data) diff --git a/modules/exploits/multi/http/visual_mining_netcharts_upload.rb b/modules/exploits/multi/http/visual_mining_netcharts_upload.rb index 7120fa3926..547babae28 100644 --- a/modules/exploits/multi/http/visual_mining_netcharts_upload.rb +++ b/modules/exploits/multi/http/visual_mining_netcharts_upload.rb @@ -53,8 +53,8 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ Opt::RPORT(8001), - OptString.new('USERNAME', [false, "The username to authenticate with"]), - OptString.new('PASSWORD', [false, "The password to authenticate with"]) + OptString.new('HttpUsername', [false, "The username to authenticate with"]), + OptString.new('HttpPassword', [false, "The password to authenticate with"]) ], self.class) end @@ -123,10 +123,10 @@ class MetasploitModule < Msf::Exploit::Remote end def username - datastore['USERNAME'].blank? ? DEFAULT_USERNAME : datastore['USERNAME'] + datastore['HttpUsername'].blank? ? DEFAULT_USERNAME : datastore['HttpUsername'] end def password - datastore['PASSWORD'].blank? ? DEFAULT_PASSWORD : datastore['PASSWORD'] + datastore['HttpPassword'].blank? ? DEFAULT_PASSWORD : datastore['HttpPassword'] end end diff --git a/modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb b/modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb index 29b4f79091..5d0a2bec96 100644 --- a/modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb +++ b/modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb @@ -83,8 +83,8 @@ class MetasploitModule < Msf::Exploit::Remote [ Opt::RPORT(8000), OptString.new('CLIENT', [true, 'SAP Client', '001']), - OptString.new('USERNAME', [true, 'Username', 'SAP*']), - OptString.new('PASSWORD', [true, 'Password', '06071992']) + OptString.new('HttpUsername', [true, 'Username', 'SAP*']), + OptString.new('HttpPassword', [true, 'Password', '06071992']) ], self.class) register_advanced_options( [ @@ -97,7 +97,7 @@ class MetasploitModule < Msf::Exploit::Remote 'uri' => '/sap/bc/soap/rfc', 'method' => 'POST', 'data' => data, - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'], 'ctype' => 'text/xml; charset=UTF-8', 'headers' => { diff --git a/modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb b/modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb index 0b7ec86a63..32c8b9fc3e 100644 --- a/modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb +++ b/modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb @@ -84,8 +84,8 @@ class MetasploitModule < Msf::Exploit::Remote [ Opt::RPORT(8000), OptString.new('CLIENT', [true, 'SAP Client', '001']), - OptString.new('USERNAME', [true, 'Username', 'SAP*']), - OptString.new('PASSWORD', [true, 'Password', '06071992']) + OptString.new('HttpUsername', [true, 'Username', 'SAP*']), + OptString.new('HttpPassword', [true, 'Password', '06071992']) ], self.class) register_advanced_options( [ @@ -98,7 +98,7 @@ class MetasploitModule < Msf::Exploit::Remote 'uri' => '/sap/bc/soap/rfc', 'method' => 'POST', 'data' => data, - 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), + 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']), 'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'], 'ctype' => 'text/xml; charset=UTF-8', 'headers' => { diff --git a/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb b/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb index 6efb784256..4a0f7a4ff5 100644 --- a/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb +++ b/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb @@ -54,8 +54,8 @@ class MetasploitModule < Msf::Exploit::Remote Opt::RPORT(8899), OptBool.new('SSL', [ true, 'Use SSL', true ]), OptString.new('CMD', [ false, "A single command to execute instead of the payload" ]), - OptString.new('USERNAME', [ true, "The user to authenticate as", 'oracle']), - OptString.new('PASSWORD', [ true, "The password to authenticate with" ]) + OptString.new('HttpUsername', [ true, "The user to authenticate as", 'oracle']), + OptString.new('HttpPassword', [ true, "The password to authenticate with" ]) ], self.class) deregister_options( diff --git a/modules/exploits/windows/http/easyftp_list.rb b/modules/exploits/windows/http/easyftp_list.rb index 0def8e6474..3312904f79 100644 --- a/modules/exploits/windows/http/easyftp_list.rb +++ b/modules/exploits/windows/http/easyftp_list.rb @@ -70,8 +70,8 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ Opt::RPORT(8080), - OptString.new('USERNAME', [true, 'The HTTP username to specify for basic authentication', 'anonymous']), - OptString.new('PASSWORD', [true, 'The HTTP password to specify for basic authentication', 'mozilla@example.com']) + OptString.new('HttpUsername', [true, 'The HTTP username to specify for basic authentication', 'anonymous']), + OptString.new('HttpPassword', [true, 'The HTTP password to specify for basic authentication', 'mozilla@example.com']) ], self.class) end diff --git a/modules/exploits/windows/iis/iis_webdav_upload_asp.rb b/modules/exploits/windows/iis/iis_webdav_upload_asp.rb index 74f593f2ad..e3103db7ac 100644 --- a/modules/exploits/windows/iis/iis_webdav_upload_asp.rb +++ b/modules/exploits/windows/iis/iis_webdav_upload_asp.rb @@ -42,9 +42,9 @@ class MetasploitModule < Msf::Exploit::Remote [ # The USERNAME and PASSWORD are registered again to make them more obvious they're # configurable. - OptString.new('USERNAME', + OptString.new('HttpUsername', [false, 'The HTTP username to specify for authentication', '']), - OptString.new('PASSWORD', + OptString.new('HttpPassword', [false, 'The HTTP password to specify for authentication', '']), OptString.new('PATH', [ true, 'The path to attempt to upload', '/metasploit%RAND%.asp']),