Land #2259, @wchen-r7's patch for [SeeRM #8319]

2013-08-26 16:36:40 -05:00 · 2013-08-26 16:36:40 -05:00 · c660279963
parent a58750fbbb 3769da2722
commit c660279963
1 changed files with 13 additions and 3 deletions
--- a/modules/auxiliary/scanner/http/ektron_cms400net.rb
+++ b/modules/auxiliary/scanner/http/ektron_cms400net.rb
@ -29,8 +29,6 @@ class Metasploit3 < Msf::Auxiliary

 		register_options(
 			[
-				#Set to false to prevent account lockouts - it will!
-				OptBool.new('BLANK_PASSWORDS', [false, "Try blank passwords for all users", false]),
 				OptString.new('URI', [true, "Path to the CMS400.NET login page", '/WorkArea/login.aspx']),
 				OptPath.new(
 					'USERPASS_FILE',
@ -40,7 +38,10 @@ class Metasploit3 < Msf::Auxiliary
 						File.join(Msf::Config.install_root, "data", "wordlists", "cms400net_default_userpass.txt")
 					])
 			], self.class)
-		end
+
+		# "Set to false to prevent account lockouts - it will!"
+		deregister_options('BLANK_PASSWORDS')
+	end

 	def target_url
 		#Function to display correct protocol and host/vhost info
@ -58,6 +59,10 @@ class Metasploit3 < Msf::Auxiliary
 		end
 	end

+    def gen_blank_passwords(users, credentials)
+    	return credentials
+    end
+
 	def run_host(ip)
 		begin
 			res = send_request_cgi(
@ -66,6 +71,11 @@ class Metasploit3 < Msf::Auxiliary
 				'uri'     => normalize_uri(datastore['URI'])
 			}, 20)

+			if res.nil?
+				print_error("Connection timed out")
+				return
+			end
+
 			#Check for HTTP 200 response.
 			#Numerous versions and configs make if difficult to further fingerprint.
 			if (res and res.code == 200)