From b6a50da3946c311fefb39ea80e7f17322b86e9e0 Mon Sep 17 00:00:00 2001
From: m-1-k-3 <github@s3cur1ty.de>
Date: Fri, 29 Mar 2013 21:20:51 +0100
Subject: [PATCH] feedback included, server header check

---
 .../http/dlink_dir_300_615_http_login.rb      | 30 ++++---------------
 1 file changed, 5 insertions(+), 25 deletions(-)

diff --git a/modules/auxiliary/scanner/http/dlink_dir_300_615_http_login.rb b/modules/auxiliary/scanner/http/dlink_dir_300_615_http_login.rb
index f4308f937d..a8bf534e33 100644
--- a/modules/auxiliary/scanner/http/dlink_dir_300_615_http_login.rb
+++ b/modules/auxiliary/scanner/http/dlink_dir_300_615_http_login.rb
@@ -74,40 +74,16 @@ class Metasploit3 < Msf::Auxiliary
 		if result == :success
 			print_good("#{target_url} - Successful login '#{user}' : '#{pass}'")
 
-			any_user = false
-			any_pass = false
-
-			vprint_status("#{target_url} - Trying random username with password:'#{pass}'")
-			any_user  =  determine_result(do_http_login(Rex::Text.rand_text_alpha(8), pass))
-
-			vprint_status("#{target_url} - Trying username:'#{user}' with random password")
-			any_pass  = determine_result(do_http_login(user, Rex::Text.rand_text_alpha(8)))
-
-			if any_user == :success
-				user = "anyuser"
-				print_status("#{target_url} - Any username with password '#{pass}' is allowed")
-			else
-				print_status("#{target_url} - Random usernames are not allowed.")
-			end
-
-			if any_pass == :success
-				pass = "anypass"
-				print_status("#{target_url} - Any password with username '#{user}' is allowed")
-			else
-				print_status("#{target_url} - Random passwords are not allowed.")
-			end
-
 			report_auth_info(
 				:host   => rhost,
 				:port   => rport,
 				:sname => (ssl ? 'https' : 'http'),
 				:user   => user,
 				:pass   => pass,
-				:proof  => "WEBAPP=\"Generic\", PROOF=#{response.to_s}",
+				:proof  => "WEBAPP=\"DLink Management Interface\", PROOF=#{response.to_s}",
 				:active => true
 			)
 
-			return :abort if ([any_user,any_pass].include? :success)
 			return :next_user
 		else
 			vprint_error("#{target_url} - Failed to login as '#{user}'")
@@ -127,6 +103,10 @@ class Metasploit3 < Msf::Auxiliary
 					"login" => "+Log+In+"
 				}
 			})
+			return if response.nil?
+			return if (response.headers['Server'].nil? or response.headers['Server'] !~ /Mathopd\/1\.5p6/)
+			return if (response.code == 404)
+
 			return response
 		rescue ::Rex::ConnectionError
 			vprint_error("#{target_url} - Failed to connect to the web server")