infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add more improvements

unstable
sinn3r 2012-11-12 15:40:12 -06:00
parent 8fe3f289bf
commit 72f0a5613f
1 changed files with 26 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
modules/auxiliary/scanner/http/drupal_views_user_enum.rb
View File

@ -50,7 +50,11 @@ class Metasploit3 < Msf::Auxiliary
if not res if not res
return false return false
elsif res.message != 'OK' or res.body != '[ ]' elsif res and res.body =~ /\<title\>Access denied/
# This probably means the Views Module actually isn't installed
print_error("#{rhost} - Access denied")
return false
elsif res and res.message != 'OK' or res.body != '[ ]'
return false return false
else else
return true return true
@ -72,7 +76,7 @@ class Metasploit3 < Msf::Auxiliary
# Check if remote host is available or appears vulnerable # Check if remote host is available or appears vulnerable
if not check(enum_uri) if not check(enum_uri)
print_status("#{ip} does not appear to be vulnerable, will not continue") print_error("#{ip} does not appear to be vulnerable, will not continue")
return return
end end
@ -109,14 +113,26 @@ class Metasploit3 < Msf::Auxiliary
final_results.each do |user| final_results.each do |user|
print_good("Found User: #{user}") print_good("Found User: #{user}")
store_loot( report_auth_info(
type, :host => Rex::Socket.getaddress(datastore['RHOST']),
'text/plain', :port => datastore['RPORT'],
Rex::Socket.getaddress(datastore['RHOST']), :user => user,
user, :type => "drupal_user"
'drupal_user.txt',
user
) )
end end
# One username per line
final_results = final_results * "\n"
p = store_loot(
'drupal_user',
'text/plain',
Rex::Socket.getaddress(datastore['RHOST']),
final_results.to_s,
'drupal_user.txt'
)
print_status("Usernames stored in: #{p}")
end end
end end