Fix up basic auth madness

2013-03-01 11:59:02 -06:00 · 2013-03-01 11:59:02 -06:00 · 4212c36566
parent 902948e5d3
commit 4212c36566
12 changed files with 16 additions and 46 deletions
--- a/lib/msf/core/exploit/http/client.rb
+++ b/lib/msf/core/exploit/http/client.rb
@ -163,7 +163,6 @@ module Exploit::Remote::HttpClient
 		nclient.set_config(
 			'vhost' => self.vhost(),
 			'agent' => datastore['UserAgent'],
-			'basic_auth' => self.basic_auth,
 			'uri_encode_mode'        => datastore['HTTP::uri_encode_mode'],
 			'uri_full_url'           => datastore['HTTP::uri_full_url'],
 			'pad_method_uri_count'   => datastore['HTTP::pad_method_uri_count'],
@ -292,9 +291,9 @@ module Exploit::Remote::HttpClient
 	#
 	# Combine the user/pass into an auth string for the HTTP Client
 	#
-	def basic_auth
-		return if not datastore['USERNAME']
-		datastore['USERNAME'].to_s + ":" + (datastore['PASSWORD'].to_s || '')
+	def basic_auth(username, password)
+		auth_str = Rex::Text.encode_base64("#{username}:#{password}")
+		"Basic #{auth_str}"
 	end

 	##
--- a/lib/rex/proto/http/client.rb
+++ b/lib/rex/proto/http/client.rb
@ -113,7 +113,6 @@ class Client
 	#
 	# @param opts [Hash]
 	# @option opts 'agent'         [String] User-Agent header value
-	# @option opts 'basic_auth'    [String] Basic-Auth header value
 	# @option opts 'connection'    [String] Connection header value
 	# @option opts 'cookie'        [String] Cookie header value
 	# @option opts 'data'          [String] HTTP data (only useful with some methods, see rfc2616)
--- a/lib/rex/proto/http/client_request.rb
+++ b/lib/rex/proto/http/client_request.rb
@ -87,12 +87,6 @@ class ClientRequest

 	def initialize(opts={})
 		@opts = DefaultConfig.merge(opts)
-
-		# Backwards compatibility for wonky basic authentication api from
-		# the dawn of time.
-		if opts['basic_auth'] and not opts['authorization']
-			@opts['authorization'] = "Basic #{Rex::Text.encode_base64(opts['basic_auth'])}"
-		end
 	end

 	def to_s
--- a/modules/auxiliary/admin/http/iis_auth_bypass.rb
+++ b/modules/auxiliary/admin/http/iis_auth_bypass.rb
@ -70,7 +70,7 @@ class Metasploit3 < Msf::Auxiliary
 		res = send_request_cgi({
 			'uri' => dir,
 			'method' => 'GET',
-			'basic_auth' => "#{user}:#{pass}"
+			'authorization' => basic_auth(user,pass)
 		})
 		vprint_status(res.body) if res

--- a/modules/auxiliary/admin/http/intersil_pass_reset.rb
+++ b/modules/auxiliary/admin/http/intersil_pass_reset.rb
@ -79,7 +79,7 @@ class Metasploit3 < Msf::Auxiliary
 		res = send_request_cgi({
 			'uri'=> uri,
 			'method'=>'GET',
-			'basic_auth' => "#{Rex::Text.rand_text_alpha(127)}:#{datastore['PASSWORD']}"
+			'authorization' => basic_auth(Rex::Text.rand_text_alpha(127),datastore['PASSWORD'])
 		})

 		if res.nil?
@ -94,7 +94,7 @@ class Metasploit3 < Msf::Auxiliary
 		res = send_request_cgi({
 			'uri'   => uri,
 			'method'=> 'GET',
-			'basic_auth' => "admin:#{datastore['PASSWORD']}"
+			'authorization' => basic_auth('admin', datastore['PASSWORD'])
 		})

 		if not res
--- a/modules/auxiliary/admin/http/linksys_wrt54gl_exec.rb
+++ b/modules/auxiliary/admin/http/linksys_wrt54gl_exec.rb
@ -90,7 +90,7 @@ class Metasploit3 < Msf::Auxiliary
 			res = send_request_cgi({
 				'uri'	 => uri,
 				'method'  => 'GET',
-				'basic_auth' => "#{user}:#{pass}"
+				'authorization' => basic_auth(user,pass)
 			})

 			unless (res.kind_of? Rex::Proto::Http::Response)
@ -136,7 +136,7 @@ class Metasploit3 < Msf::Auxiliary
 			res = send_request_cgi({
 				'uri'	=> uri,
 				'method' => 'POST',
-				'basic_auth' => "#{user}:#{pass}",
+				'authorization' => basic_auth(user,pass),
 				#'data' => data_cmd,

 				'vars_post' => {
--- a/modules/auxiliary/admin/http/netgear_sph200d_traversal.rb
+++ b/modules/auxiliary/admin/http/netgear_sph200d_traversal.rb
@ -59,7 +59,7 @@ class Metasploit3 < Msf::Auxiliary
 		res = send_request_cgi({
 			'method'     => 'GET',
 			'uri'        => normalize_uri(traversal, file),
-			'basic_auth' => "#{user}:#{pass}"
+			'authorization' => basic_auth(user,pass)
 		})

 		if res and res.code == 200 and res.body !~ /404\ File\ Not\ Found/
@ -95,7 +95,7 @@ class Metasploit3 < Msf::Auxiliary
 			res = send_request_cgi({
 				'uri'        => '/',
 				'method'     => 'GET',
-				'basic_auth' => "#{user}:#{pass}"
+				'authorization' => basic_auth(user,pass)
 			})

 			return :abort if res.nil?
--- a/modules/auxiliary/gather/xbmc_traversal.rb
+++ b/modules/auxiliary/gather/xbmc_traversal.rb
@ -58,7 +58,7 @@ class Metasploit3 < Msf::Auxiliary
 			res = send_request_raw({
 				'method' => 'GET',
 				'uri'    => "/#{traversal}/#{datastore['FILEPATH']}",
-				'basic_auth' => "#{datastore['USERNAME']}:#{datastore['PASSWORD']}"
+				'authorization' => basic_auth(datastore['USERNAME'],datastore['PASSWORD'])
 			}, 25)
 		rescue Rex::ConnectionRefused
 			print_error("#{rhost}:#{rport} Could not connect.")
--- a/modules/auxiliary/scanner/http/http_traversal.rb
+++ b/modules/auxiliary/scanner/http/http_traversal.rb
@ -28,8 +28,7 @@ class Metasploit3 < Msf::Auxiliary
 				source against PHP applications.  The 'WRITABLE' action can be used to determine
 				if the trigger can be used to write files outside the www directory.

-					To use the 'COOKIE' option, set your value like so: "name=value".  To use
-				the 'BASICAUTH' option, set it like this: "username:password".
+					To use the 'COOKIE' option, set your value like so: "name=value".
 			},
 			'Author'         =>
 				[
@ -70,8 +69,7 @@ class Metasploit3 < Msf::Auxiliary
 				# We favor automatic
 				OptString.new('TRIGGER',   [false,'Trigger string. Ex: ../', '']),
 				OptString.new('FILE',      [false, 'Default file to read for the fuzzing stage', '']),
-				OptString.new('COOKIE',    [false, 'Cookie value to use when sending the requests', '']),
-				OptString.new('BASICAUTH', [false, 'Credential to use for basic auth (Ex: admin:admin)', ''])
+				OptString.new('COOKIE',    [false, 'Cookie value to use when sending the requests', ''])
 			], self.class)

 		deregister_options('RHOST')
@ -155,7 +153,7 @@ class Metasploit3 < Msf::Auxiliary
 		req['uri']        = this_path
 		req['headers']    = {'Cookie'=>datastore['COOKIE']} if not datastore['COOKIE'].empty?
 		req['data']       = datastore['DATA'] if not datastore['DATA'].empty?
-		req['basic_auth'] = datastore['BASICAUTH'] if not datastore['BASICAUTH'].empty?
+		req['authorization'] = basic_auth(datastore['USERNAME'], datastore['PASSWORD'])

 		return req
 	end
--- a/modules/auxiliary/scanner/http/jboss_vulnscan.rb
+++ b/modules/auxiliary/scanner/http/jboss_vulnscan.rb
@ -129,7 +129,7 @@ class Metasploit3 < Msf::Auxiliary
 			'uri'       => app,
 			'method'    => 'GET',
 			'ctype'     => 'text/plain',
-			'basic_auth' => 'admin:admin'
+			'authorization' => basic_auth('admin','admin')
 		}, 20)
 		if (res and res.code == 200)
 			print_good("#{rhost}:#{rport} Authenticated using admin:admin")
--- a/modules/exploits/multi/http/netwin_surgeftp_exec.rb
+++ b/modules/exploits/multi/http/netwin_surgeftp_exec.rb
@ -64,7 +64,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		{
 			'uri'     => '/cgi/surgeftpmgr.cgi',
 			'method'  => 'POST',
-			'basic_auth' => datastore['USERNAME'] + ":" + datastore['PASSWORD'],
+			'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
 			'vars_post' =>
 				{
 					'global_smtp' => "",
--- a/spec/lib/rex/proto/http/client_spec.rb
+++ b/spec/lib/rex/proto/http/client_spec.rb
@ -85,26 +85,6 @@ describe Rex::Proto::Http::Client do
 				match.captures[0].chomp.should == base64
 			end
 		end
-
-		context "and basic_auth" do
-			before do
-				cli.set_config({"basic_auth" => "user:pass"})
-			end
-			it "should not have two Authorization headers" do
-				req = cli.request_cgi
-				match = req.to_s.match("Authorization: Basic")
-				match.should be
-				match.length.should == 1
-			end
-			it "should prefer basic_auth" do
-				req = cli.request_cgi
-				match = req.to_s.match(/Authorization: Basic (.*)$/)
-				match.should be
-				match.captures.length.should == 1
-				match.captures[0].chomp.should == base64
-			end
-		end
-
 	end

 	it "should attempt to connect to a server" do