From 7855ede2de7095443c8c4d544fbf407a798dbd4b Mon Sep 17 00:00:00 2001 From: Jon Hart Date: Tue, 4 Nov 2014 14:07:39 -0800 Subject: [PATCH 1/3] Move userpass emptiness checking into setup --- modules/auxiliary/scanner/http/owa_login.rb | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/modules/auxiliary/scanner/http/owa_login.rb b/modules/auxiliary/scanner/http/owa_login.rb index 2579774645..bf794113be 100644 --- a/modules/auxiliary/scanner/http/owa_login.rb +++ b/modules/auxiliary/scanner/http/owa_login.rb @@ -93,12 +93,7 @@ class Metasploit3 < Msf::Auxiliary deregister_options('BLANK_PASSWORDS', 'RHOSTS','PASSWORD','USERNAME') end - def run - - vhost = datastore['VHOST'] || datastore['RHOST'] - - print_status("#{msg} Testing version #{action.name}") - + def setup # Here's a weird hack to check if each_user_pass is empty or not # apparently you cannot do each_user_pass.empty? or even inspect() it isempty = true @@ -106,7 +101,13 @@ class Metasploit3 < Msf::Auxiliary isempty = false break end - print_error("No username/password specified") if isempty + raise ArgumentError, "No username/password specified" if isempty + end + + def run + vhost = datastore['VHOST'] || datastore['RHOST'] + + print_status("#{msg} Testing version #{action.name}") auth_path = action.opts['AuthPath'] inbox_path = action.opts['InboxPath'] From 2c028ca7a646203535487b9b14fbaa5bc5e8cb91 Mon Sep 17 00:00:00 2001 From: Jon Hart Date: Tue, 4 Nov 2014 14:19:21 -0800 Subject: [PATCH 2/3] Move redirect check before body check -- a redirect won't have a body --- modules/auxiliary/scanner/http/owa_login.rb | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/modules/auxiliary/scanner/http/owa_login.rb b/modules/auxiliary/scanner/http/owa_login.rb index bf794113be..8aad9f22ec 100644 --- a/modules/auxiliary/scanner/http/owa_login.rb +++ b/modules/auxiliary/scanner/http/owa_login.rb @@ -248,6 +248,11 @@ class Metasploit3 < Msf::Auxiliary return :abort end + if res.redirect? + vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}' (response was a #{res.code} redirect)") + return :skip_pass + end + if res.body =~ login_check print_good("#{msg} SUCCESSFUL LOGIN. '#{user}' : '#{pass}'") @@ -262,12 +267,6 @@ class Metasploit3 < Msf::Auxiliary report_auth_info(report_hash) return :next_user - - if res.redirect? - vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}' (response was a #{res.code} redirect)") - return :skip_pass - end - else vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}' (response body did not match)") return :skip_pass From ff8d481eec935432321a63fc1a7f9c626d02843c Mon Sep 17 00:00:00 2001 From: Jon Hart Date: Tue, 4 Nov 2014 21:21:19 -0800 Subject: [PATCH 3/3] Update description to remove comments about defaults. Default to 2013 --- modules/auxiliary/scanner/http/owa_login.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/auxiliary/scanner/http/owa_login.rb b/modules/auxiliary/scanner/http/owa_login.rb index 8aad9f22ec..c52af77d20 100644 --- a/modules/auxiliary/scanner/http/owa_login.rb +++ b/modules/auxiliary/scanner/http/owa_login.rb @@ -18,8 +18,7 @@ class Metasploit3 < Msf::Auxiliary super( 'Name' => 'Outlook Web App (OWA) Brute Force Utility', 'Description' => %q{ - This module tests credentials on OWA 2003, 2007, 2010, 2013 servers. The default - action is set to OWA 2010. + This module tests credentials on OWA 2003, 2007, 2010, and 2013 servers. }, 'Author' => [ @@ -70,7 +69,7 @@ class Metasploit3 < Msf::Auxiliary } ] ], - 'DefaultAction' => 'OWA_2010', + 'DefaultAction' => 'OWA_2013', 'DefaultOptions' => { 'SSL' => true }