File tree Expand file tree Collapse file tree 2 files changed +9
-3
lines changed
lib/metasploit/framework/login_scanner
modules/auxiliary/scanner/http Expand file tree Collapse file tree 2 files changed +9
-3
lines changed Original file line number Diff line number Diff line change @@ -40,7 +40,13 @@ def attempt_login(credential)
40
40
if nonce_response . body =~ /name='auth_key'\s +value='.*?((?:[a-z0-9]*))'/i
41
41
server_nonce = $1
42
42
43
- auth_uri = "#{ uri } /index.php?app=core&module=global§ion=login&do=process"
43
+ if uri . end_with? '/'
44
+ base_uri = uri . gsub ( /\/ $/ , '' )
45
+ else
46
+ base_uri = uri
47
+ end
48
+
49
+ auth_uri = "#{ base_uri } /index.php?app=core&module=global§ion=login&do=process"
44
50
45
51
request = http_client . request_cgi (
46
52
'uri' => auth_uri ,
@@ -54,7 +60,7 @@ def attempt_login(credential)
54
60
55
61
response = http_client . send_recv ( request )
56
62
57
- if response && response . code == 200 && response . get_cookies . include? ( 'ipsconnect' ) && response . get_cookies . include? ( 'coppa' )
63
+ if response && response . get_cookies . include? ( 'ipsconnect' ) && response . get_cookies . include? ( 'coppa' )
58
64
result_opts . merge! ( status : Metasploit ::Model ::Login ::Status ::SUCCESSFUL , proof : response )
59
65
else
60
66
result_opts . merge! ( status : Metasploit ::Model ::Login ::Status ::INCORRECT , proof : response )
Original file line number Diff line number Diff line change @@ -66,7 +66,7 @@ def run_host(ip)
66
66
invalidate_login ( credential_data )
67
67
:abort
68
68
when Metasploit ::Model ::Login ::Status ::INCORRECT
69
- print_brute :level => :verror , :ip => ip , :msg => "Failed: '#{ result . credential } ' #{ result . proof } "
69
+ print_brute :level => :verror , :ip => ip , :msg => "Failed: '#{ result . credential } '"
70
70
invalidate_login ( credential_data )
71
71
end
72
72
end
You can’t perform that action at this time.
0 commit comments