infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clean up perms and whitespace for owa_login

bug/bundler_fix
William Vu 2014-04-02 01:42:28 -05:00
parent ba03890004
commit c37dbd104a
No known key found for this signature in database
GPG Key ID: E761DCB4C1629024
1 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
modules/auxiliary/scanner/http/owa_login.rb Executable file → Normal file
View File

@ -30,7 +30,6 @@ class Metasploit3 < Msf::Auxiliary
'Brandon Knight', 'Brandon Knight',
'Pete (Bokojan) Arzamendi, #Outlook 2013 updates' 'Pete (Bokojan) Arzamendi, #Outlook 2013 updates'
], ],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Actions' => 'Actions' =>
[ [
@ -61,7 +60,7 @@ class Metasploit3 < Msf::Auxiliary
'InboxCheck' => /Inbox|location(\x20*)=(\x20*)"\\\/(\w+)\\\/logoff\.owa|A mailbox couldn\'t be found|\<a .+onclick="return JumpTo\('logoff\.aspx.+\">/ 'InboxCheck' => /Inbox|location(\x20*)=(\x20*)"\\\/(\w+)\\\/logoff\.owa|A mailbox couldn\'t be found|\<a .+onclick="return JumpTo\('logoff\.aspx.+\">/
} }
], ],
[ [
'OWA_2013', 'OWA_2013',
{ {
'Description' => 'OWA version 2013', 'Description' => 'OWA version 2013',
@ -72,9 +71,9 @@ class Metasploit3 < Msf::Auxiliary
] ]
], ],
'DefaultAction' => 'OWA_2010', 'DefaultAction' => 'OWA_2010',
'DefaultOptions' => { 'DefaultOptions' => {
'SSL' => true 'SSL' => true
} }
) )
@ -162,8 +161,6 @@ class Metasploit3 < Msf::Auxiliary
vhost = opts["vhost"] vhost = opts["vhost"]
domain = opts["domain"] domain = opts["domain"]
user = domain + '\\' + user if domain user = domain + '\\' + user if domain
headers = { headers = {
@ -208,8 +205,8 @@ class Metasploit3 < Msf::Auxiliary
return :abort return :abort
end end
if action.name == "OWA_2013" if action.name == "OWA_2013"
#Check for a response code to make sure login was valid. Changes from 2010 to 2013. #Check for a response code to make sure login was valid. Changes from 2010 to 2013.
#Check if the password needs to be changed. #Check if the password needs to be changed.
if res.headers['location'] =~ /expiredpassword/ if res.headers['location'] =~ /expiredpassword/
print_good("#{msg} SUCCESSFUL LOGIN. '#{user}' : '#{pass}': NOTE password change required") print_good("#{msg} SUCCESSFUL LOGIN. '#{user}' : '#{pass}': NOTE password change required")
report_hash = { report_hash = {
@ -225,13 +222,13 @@ class Metasploit3 < Msf::Auxiliary
return :next_user return :next_user
end end
#No password change required moving on. #No password change required moving on.
reason = res.headers['location'].split('reason=')[1] reason = res.headers['location'].split('reason=')[1]
if reason == nil if reason == nil
headers['Cookie'] = 'PBack=0;' << res.get_cookies headers['Cookie'] = 'PBack=0;' << res.get_cookies
else else
#Login didn't work. no point on going on. #Login didn't work. no point on going on.
vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}'") vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}'")
return :Skip_pass return :Skip_pass
end end
else else