infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

First stab at axis2 login scanner

bug/bundler_fix
James Lee 2014-05-27 23:53:04 -05:00
parent 85737d1235
commit 3ac2182984
No known key found for this signature in database
GPG Key ID: 2D6094C7CEA0A321
1 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
lib/metasploit/framework/login_scanner/axis2.rb Normal file
View File

@ -0,0 +1,54 @@
require 'metasploit/framework/login_scanner/http'
module Metasploit
module Framework
module LoginScanner
# Tomcat Manager login scanner
class Axis2 < HTTP
DEFAULT_PORT = 8080
# (see Base#attempt_login)
def attempt_login(credential)
http_client = Rex::Proto::Http::Client.new(
host, port, {}, ssl, ssl_version
)
begin
http_client.connect
body = "userName=#{Rex::Text.uri_encode(credential.public)}&password=#{Rex::Text.uri_encode(credential.private)}&submit=+Login+"
request = http_client.request_cgi(
'uri' => uri,
'method' => "POST",
'data' => body,
)
response = http_client.send_recv(request)
end
if response && response.code == 200 && response.body.include?("upload")
result = Result.new(result_opts)
end
result
end
# (see Base#set_sane_defaults)
def set_sane_defaults
self.uri = "/axis2/axis2-admin/login" if self.uri.nil?
@method = "POST".freeze
super
end
# The method *must* be "POST", so don't let the user change it
# @raise [RuntimeError]
def method=(_)
raise RuntimeError, "Method must be POST for Axis2"
end
end
end
end
end