Properly checking for credential duplication.

git-svn-id: file:///home/svn/framework3/trunk@8551 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Tod Beardsley 2010-02-18 18:11:18 +00:00
parent 534d56cdd8
commit 38a3b8203e
1 changed files with 6 additions and 3 deletions

View File

@ -39,12 +39,15 @@ class Metasploit3 < Msf::Auxiliary
def run_host(ip) def run_host(ip)
each_user_pass { |user, pass| each_user_pass { |user, pass|
do_login(user, pass, datastore['VERBOSE']) this_cred = [user,ip,rport].join(":")
next if self.credentials_tried[this_cred] == pass || self.credentials_good[this_cred]
self.credentials_tried[this_cred] = pass
do_login(user, pass, this_cred, datastore['VERBOSE'])
} }
end end
def do_login(user='root', pass='', verbose=false) def do_login(user='root', pass='', this_cred = '', verbose=false)
print_status("Trying username:'#{user}' with password:'#{pass}' against #{rhost}:#{rport}") if verbose print_status("Trying username:'#{user}' with password:'#{pass}' against #{rhost}:#{rport}") if verbose
begin begin
@ -58,7 +61,7 @@ class Metasploit3 < Msf::Auxiliary
:targ_host => rhost, :targ_host => rhost,
:targ_port => rport :targ_port => rport
) )
return :next_user self.credentials_good[this_cred] = pass
rescue ::RbMysql::AccessDeniedError rescue ::RbMysql::AccessDeniedError
print_status("#{rhost}:#{rport} failed to login as '#{user}' with password '#{pass}'") if verbose print_status("#{rhost}:#{rport} failed to login as '#{user}' with password '#{pass}'") if verbose
return :fail return :fail