Removed bad sets on datastore['USERNAME'] and datastore['PASSWORD']

2014-02-12 13:31:03 -06:00 · 2014-02-12 13:31:03 -06:00 · 5ef40e3844
parent 2b8a8259f9
commit 5ef40e3844
1 changed files with 4 additions and 3 deletions
--- a/modules/auxiliary/scanner/http/owa_login.rb
+++ b/modules/auxiliary/scanner/http/owa_login.rb
@ -86,7 +86,7 @@ class Metasploit3 < Msf::Auxiliary
        OptString.new('AD_DOMAIN', [ false, "Optional AD domain to prepend to usernames", ''])
      ], self.class)

-    deregister_options('BLANK_PASSWORDS', 'RHOSTS')
+    deregister_options('BLANK_PASSWORDS', 'RHOSTS','PASSWORD','USERNAME')
  end

  def cleanup
@ -101,8 +101,6 @@ class Metasploit3 < Msf::Auxiliary

    # OWA doesn't support blank passwords or usernames!
    datastore['BLANK_PASSWORDS'] = false
-    datastore['USERNAME'] = nil
-    datastore['PASSWORD'] = nil

    # If there's a pre-defined username/password, we need to turn off USER_AS_PASS
    # so that the module won't just try username:username, and then exit.
@ -141,6 +139,7 @@ class Metasploit3 < Msf::Auxiliary

    begin
      each_user_pass do |user, pass|
+        next if (user.blank? or pass.blank?)
        vprint_status("#{msg} Trying #{user} : #{pass}")
        try_user_pass({"user" => user, "domain"=>domain, "pass"=>pass, "auth_path"=>auth_path, "inbox_path"=>inbox_path, "login_check"=>login_check, "vhost"=>vhost})
      end
@ -158,6 +157,8 @@ class Metasploit3 < Msf::Auxiliary
    vhost = opts["vhost"]
    domain = opts["domain"]

+    
+
    user = domain + '\\' + user if domain

    headers = {