infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Correct capitilzation of GitLab

bug/bundler_fix
Meatballs 2015-03-17 11:32:14 +00:00
parent 25840c41cf
commit d18224e3cb
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/metasploit/framework/login_scanner/gitlab.rb
View File

@ -3,8 +3,8 @@ require 'metasploit/framework/login_scanner/http'
module Metasploit
module Framework
module LoginScanner
# Gitlab login scanner
class Gitlab < HTTP
# GitLab login scanner
class GitLab < HTTP
# Inherit LIKELY_PORTS,LIKELY_SERVICE_NAMES, and REALM_KEY from HTTP
CAN_GET_SESSION = false
DEFAULT_PORT = 80
@ -53,7 +53,7 @@ module Metasploit
elsif res.body.include? 'user[login]'
user_field = 'user[login]'
else
fail RuntimeError, 'Not a valid Gitlab login page'
fail RuntimeError, 'Not a valid GitLab login page'
end
local_session_cookie = res.get_cookies.scan(/(_gitlab_session=[A-Za-z0-9%-]+)/).flatten[0]

14
modules/auxiliary/scanner/http/gitlab_login.rb
View File

@ -15,8 +15,8 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'Gitlab Login Utility',
'Description' => 'This module attempts to login to a Gitlab instance using a specific user/pass.',
'Name' => 'GitLab Login Utility',
'Description' => 'This module attempts to login to a GitLab instance using a specific user/pass.',
'Author' => [ 'Ben Campbell' ],
'License' => MSF_LICENSE
)
@ -26,7 +26,7 @@ class Metasploit3 < Msf::Auxiliary
Opt::RPORT(80),
OptString.new('USERNAME', [ true, 'The username to test', 'root' ]),
OptString.new('PASSWORD', [ true, 'The password to test', '5iveL!fe' ]),
OptString.new('TARGETURI', [true, 'The path to Gitlab', '/'])
OptString.new('TARGETURI', [true, 'The path to GitLab', '/'])
], self.class)
register_autofilter_ports([ 80, 443 ])
@ -43,11 +43,11 @@ class Metasploit3 < Msf::Auxiliary
)
if res && res.body && res.body.include?('user[email]')
vprint_status("#{peer} - Gitlab v5 login page")
vprint_status("#{peer} - GitLab v5 login page")
elsif res && res.body && res.body.include?('user[login]')
vprint_status("#{peer} - Gitlab v7 login page")
vprint_status("#{peer} - GitLab v7 login page")
else
vprint_error('Not a valid Gitlab login page')
vprint_error('Not a valid GitLab login page')
return
end
@ -61,7 +61,7 @@ class Metasploit3 < Msf::Auxiliary
user_as_pass: datastore['USER_AS_PASS']
)
scanner = Metasploit::Framework::LoginScanner::Gitlab.new(
scanner = Metasploit::Framework::LoginScanner::GitLab.new(
configure_http_login_scanner(
cred_details: cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],