Land rapid7#6921, Support basic and form auth at the same time

Author: pbarry-r7

lib/metasploit/framework/login_scanner/axis2.rb

@@ -17,7 +17,7 @@ class Axis2 < HTTP
         # (see Base#attempt_login)
         def attempt_login(credential)
           http_client = Rex::Proto::Http::Client.new(
-            host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies
+            host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password
           )
 
           configure_http_client(http_client)

lib/metasploit/framework/login_scanner/buffalo.rb

@@ -34,7 +34,7 @@ def attempt_login(credential)
             result_opts[:service_name] = 'http'
           end
           begin
-            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version)
+            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, http_username, http_password)
             configure_http_client(cli)
             cli.connect
             req = cli.request_cgi({

lib/metasploit/framework/login_scanner/chef_webui.rb

@@ -69,7 +69,7 @@ def check_setup
         # @param (see Rex::Proto::Http::Resquest#request_raw)
         # @return [Rex::Proto::Http::Response] The HTTP response
         def send_request(opts)
-          cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => self}, ssl, ssl_version, proxies)
+          cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => self}, ssl, ssl_version, proxies, http_username, http_password)
           configure_http_client(cli)
           cli.connect
           req = cli.request_raw(opts)

lib/metasploit/framework/login_scanner/gitlab.rb

@@ -35,7 +35,9 @@ def attempt_login(credential)
                                                },
                                                ssl,
                                                ssl_version,
-                                               proxies)
+                                               proxies,
+                                               http_username,
+                                               http_password)
             configure_http_client(cli)
             cli.connect
 

lib/metasploit/framework/login_scanner/glassfish.rb

@@ -20,6 +20,13 @@ class Glassfish < HTTP
         #   @return [String] Cookie session
         attr_accessor :jsession
 
+        # @!attribute http_username
+        attr_accessor :http_username
+        #   @return [String] HTTP username
+
+        # @!attribute http_password
+        attr_accessor :http_password
+
         # (see Base#check_setup)
         def check_setup
           begin
@@ -61,7 +68,7 @@ def check_setup
         # @param (see Rex::Proto::Http::Resquest#request_raw)
         # @return [Rex::Proto::Http::Response] The HTTP response
         def send_request(opts)
-          cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies)
+          cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password)
           configure_http_client(cli)
           cli.connect
           req = cli.request_raw(opts)

lib/metasploit/framework/login_scanner/http.rb

@@ -161,6 +161,14 @@ class HTTP
         #   @return [Boolean] Whether to conform to IIS digest authentication mode.
         attr_accessor :digest_auth_iis
 
+        # @!attribute http_username
+        # @return [String]
+        attr_accessor :http_username
+
+        # @!attribute http_password
+        # @return [String]
+        attr_accessor :http_password
+
 
         validates :uri, presence: true, length: { minimum: 1 }
 
@@ -171,7 +179,7 @@ class HTTP
         # (see Base#check_setup)
         def check_setup
           http_client = Rex::Proto::Http::Client.new(
-            host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies
+            host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password
           )
           request = http_client.request_cgi(
             'uri' => uri,
@@ -213,8 +221,8 @@ def send_request(opts)
           cli_ssl         = opts['ssl'] || ssl
           cli_ssl_version = opts['ssl_version'] || ssl_version
           cli_proxies     = opts['proxies'] || proxies
-          username        = opts['credential'] ? opts['credential'].public : ''
-          password        = opts['credential'] ? opts['credential'].private : ''
+          username        = opts['credential'] ? opts['credential'].public : http_username
+          password        = opts['credential'] ? opts['credential'].private : http_password
           realm           = opts['credential'] ? opts['credential'].realm : nil
           context         = opts['context'] || { 'Msf' => framework, 'MsfExploit' => framework_module}
 

lib/metasploit/framework/login_scanner/ipboard.rb

@@ -7,10 +7,18 @@ module LoginScanner
       # IP Board login scanner
       class IPBoard < HTTP
 
+        # @!attribute http_username
+        # @return [String]
+        attr_accessor :http_username
+
+        # @!attribute http_password
+        # @return [String]
+        attr_accessor :http_password
+
         # (see Base#attempt_login)
         def attempt_login(credential)
           http_client = Rex::Proto::Http::Client.new(
-              host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies
+              host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, self.http_username, self.http_password
           )
           configure_http_client(http_client)
 

lib/metasploit/framework/login_scanner/jenkins.rb

@@ -37,7 +37,7 @@ def attempt_login(credential)
             result_opts[:service_name] = 'http'
           end
           begin
-            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies)
+            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password)
             configure_http_client(cli)
             cli.connect
             req = cli.request_cgi({

lib/metasploit/framework/login_scanner/mybook_live.rb

@@ -35,7 +35,7 @@ def attempt_login(credential)
           begin
             cred = Rex::Text.uri_encode(credential.private)
             body = "data%5BLogin%5D%5Bowner_name%5D=admin&data%5BLogin%5D%5Bowner_passwd%5D=#{cred}"
-            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version)
+            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, http_username, http_password)
             configure_http_client(cli)
             cli.connect
             req = cli.request_cgi(

lib/metasploit/framework/login_scanner/smh.rb

@@ -33,7 +33,7 @@ def attempt_login(credential)
           res = nil
 
           begin
-            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies)
+            cli = Rex::Proto::Http::Client.new(host, port, {'Msf' => framework, 'MsfExploit' => framework_module}, ssl, ssl_version, proxies, http_username, http_password)
             configure_http_client(cli)
             cli.connect
             req = cli.request_cgi(req_opts)