Fix up basic auth madness
parent
902948e5d3
commit
4212c36566
|
@ -163,7 +163,6 @@ module Exploit::Remote::HttpClient
|
|||
nclient.set_config(
|
||||
'vhost' => self.vhost(),
|
||||
'agent' => datastore['UserAgent'],
|
||||
'basic_auth' => self.basic_auth,
|
||||
'uri_encode_mode' => datastore['HTTP::uri_encode_mode'],
|
||||
'uri_full_url' => datastore['HTTP::uri_full_url'],
|
||||
'pad_method_uri_count' => datastore['HTTP::pad_method_uri_count'],
|
||||
|
@ -292,9 +291,9 @@ module Exploit::Remote::HttpClient
|
|||
#
|
||||
# Combine the user/pass into an auth string for the HTTP Client
|
||||
#
|
||||
def basic_auth
|
||||
return if not datastore['USERNAME']
|
||||
datastore['USERNAME'].to_s + ":" + (datastore['PASSWORD'].to_s || '')
|
||||
def basic_auth(username, password)
|
||||
auth_str = Rex::Text.encode_base64("#{username}:#{password}")
|
||||
"Basic #{auth_str}"
|
||||
end
|
||||
|
||||
##
|
||||
|
|
|
@ -113,7 +113,6 @@ class Client
|
|||
#
|
||||
# @param opts [Hash]
|
||||
# @option opts 'agent' [String] User-Agent header value
|
||||
# @option opts 'basic_auth' [String] Basic-Auth header value
|
||||
# @option opts 'connection' [String] Connection header value
|
||||
# @option opts 'cookie' [String] Cookie header value
|
||||
# @option opts 'data' [String] HTTP data (only useful with some methods, see rfc2616)
|
||||
|
|
|
@ -87,12 +87,6 @@ class ClientRequest
|
|||
|
||||
def initialize(opts={})
|
||||
@opts = DefaultConfig.merge(opts)
|
||||
|
||||
# Backwards compatibility for wonky basic authentication api from
|
||||
# the dawn of time.
|
||||
if opts['basic_auth'] and not opts['authorization']
|
||||
@opts['authorization'] = "Basic #{Rex::Text.encode_base64(opts['basic_auth'])}"
|
||||
end
|
||||
end
|
||||
|
||||
def to_s
|
||||
|
|
|
@ -70,7 +70,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
res = send_request_cgi({
|
||||
'uri' => dir,
|
||||
'method' => 'GET',
|
||||
'basic_auth' => "#{user}:#{pass}"
|
||||
'authorization' => basic_auth(user,pass)
|
||||
})
|
||||
vprint_status(res.body) if res
|
||||
|
||||
|
|
|
@ -79,7 +79,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
res = send_request_cgi({
|
||||
'uri'=> uri,
|
||||
'method'=>'GET',
|
||||
'basic_auth' => "#{Rex::Text.rand_text_alpha(127)}:#{datastore['PASSWORD']}"
|
||||
'authorization' => basic_auth(Rex::Text.rand_text_alpha(127),datastore['PASSWORD'])
|
||||
})
|
||||
|
||||
if res.nil?
|
||||
|
@ -94,7 +94,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
res = send_request_cgi({
|
||||
'uri' => uri,
|
||||
'method'=> 'GET',
|
||||
'basic_auth' => "admin:#{datastore['PASSWORD']}"
|
||||
'authorization' => basic_auth('admin', datastore['PASSWORD'])
|
||||
})
|
||||
|
||||
if not res
|
||||
|
|
|
@ -90,7 +90,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
res = send_request_cgi({
|
||||
'uri' => uri,
|
||||
'method' => 'GET',
|
||||
'basic_auth' => "#{user}:#{pass}"
|
||||
'authorization' => basic_auth(user,pass)
|
||||
})
|
||||
|
||||
unless (res.kind_of? Rex::Proto::Http::Response)
|
||||
|
@ -136,7 +136,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
res = send_request_cgi({
|
||||
'uri' => uri,
|
||||
'method' => 'POST',
|
||||
'basic_auth' => "#{user}:#{pass}",
|
||||
'authorization' => basic_auth(user,pass),
|
||||
#'data' => data_cmd,
|
||||
|
||||
'vars_post' => {
|
||||
|
|
|
@ -59,7 +59,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
res = send_request_cgi({
|
||||
'method' => 'GET',
|
||||
'uri' => normalize_uri(traversal, file),
|
||||
'basic_auth' => "#{user}:#{pass}"
|
||||
'authorization' => basic_auth(user,pass)
|
||||
})
|
||||
|
||||
if res and res.code == 200 and res.body !~ /404\ File\ Not\ Found/
|
||||
|
@ -95,7 +95,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
res = send_request_cgi({
|
||||
'uri' => '/',
|
||||
'method' => 'GET',
|
||||
'basic_auth' => "#{user}:#{pass}"
|
||||
'authorization' => basic_auth(user,pass)
|
||||
})
|
||||
|
||||
return :abort if res.nil?
|
||||
|
|
|
@ -58,7 +58,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
res = send_request_raw({
|
||||
'method' => 'GET',
|
||||
'uri' => "/#{traversal}/#{datastore['FILEPATH']}",
|
||||
'basic_auth' => "#{datastore['USERNAME']}:#{datastore['PASSWORD']}"
|
||||
'authorization' => basic_auth(datastore['USERNAME'],datastore['PASSWORD'])
|
||||
}, 25)
|
||||
rescue Rex::ConnectionRefused
|
||||
print_error("#{rhost}:#{rport} Could not connect.")
|
||||
|
|
|
@ -28,8 +28,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
source against PHP applications. The 'WRITABLE' action can be used to determine
|
||||
if the trigger can be used to write files outside the www directory.
|
||||
|
||||
To use the 'COOKIE' option, set your value like so: "name=value". To use
|
||||
the 'BASICAUTH' option, set it like this: "username:password".
|
||||
To use the 'COOKIE' option, set your value like so: "name=value".
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
@ -70,8 +69,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
# We favor automatic
|
||||
OptString.new('TRIGGER', [false,'Trigger string. Ex: ../', '']),
|
||||
OptString.new('FILE', [false, 'Default file to read for the fuzzing stage', '']),
|
||||
OptString.new('COOKIE', [false, 'Cookie value to use when sending the requests', '']),
|
||||
OptString.new('BASICAUTH', [false, 'Credential to use for basic auth (Ex: admin:admin)', ''])
|
||||
OptString.new('COOKIE', [false, 'Cookie value to use when sending the requests', ''])
|
||||
], self.class)
|
||||
|
||||
deregister_options('RHOST')
|
||||
|
@ -155,7 +153,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
req['uri'] = this_path
|
||||
req['headers'] = {'Cookie'=>datastore['COOKIE']} if not datastore['COOKIE'].empty?
|
||||
req['data'] = datastore['DATA'] if not datastore['DATA'].empty?
|
||||
req['basic_auth'] = datastore['BASICAUTH'] if not datastore['BASICAUTH'].empty?
|
||||
req['authorization'] = basic_auth(datastore['USERNAME'], datastore['PASSWORD'])
|
||||
|
||||
return req
|
||||
end
|
||||
|
|
|
@ -129,7 +129,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'uri' => app,
|
||||
'method' => 'GET',
|
||||
'ctype' => 'text/plain',
|
||||
'basic_auth' => 'admin:admin'
|
||||
'authorization' => basic_auth('admin','admin')
|
||||
}, 20)
|
||||
if (res and res.code == 200)
|
||||
print_good("#{rhost}:#{rport} Authenticated using admin:admin")
|
||||
|
|
|
@ -64,7 +64,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
{
|
||||
'uri' => '/cgi/surgeftpmgr.cgi',
|
||||
'method' => 'POST',
|
||||
'basic_auth' => datastore['USERNAME'] + ":" + datastore['PASSWORD'],
|
||||
'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
|
||||
'vars_post' =>
|
||||
{
|
||||
'global_smtp' => "",
|
||||
|
|
|
@ -85,26 +85,6 @@ describe Rex::Proto::Http::Client do
|
|||
match.captures[0].chomp.should == base64
|
||||
end
|
||||
end
|
||||
|
||||
context "and basic_auth" do
|
||||
before do
|
||||
cli.set_config({"basic_auth" => "user:pass"})
|
||||
end
|
||||
it "should not have two Authorization headers" do
|
||||
req = cli.request_cgi
|
||||
match = req.to_s.match("Authorization: Basic")
|
||||
match.should be
|
||||
match.length.should == 1
|
||||
end
|
||||
it "should prefer basic_auth" do
|
||||
req = cli.request_cgi
|
||||
match = req.to_s.match(/Authorization: Basic (.*)$/)
|
||||
match.should be
|
||||
match.captures.length.should == 1
|
||||
match.captures[0].chomp.should == base64
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
it "should attempt to connect to a server" do
|
||||
|
|
Loading…
Reference in New Issue