feedback included, server header check

m-1-k-3 · m-1-k-3 · commit 2b4d6eb4555c · 2013-03-29T21:30:45.000+01:00
diff --git a/modules/auxiliary/scanner/http/dlink_dir_300b_600b_815_http_login.rb b/modules/auxiliary/scanner/http/dlink_dir_300b_600b_815_http_login.rb
@@ -24,7 +24,7 @@ def initialize
 			'Description'    => %q{
 					This module attempts to authenticate to different DLink HTTP management services.
 					Tested devices: D-Link DIR-300 Hardware revision B, D-Link DIR-600 Hardware revision B,
-					D-Link DIR-815 Hardware revision A and DIR-645 Hardware revision A. 
+					D-Link DIR-815 Hardware revision A and DIR-645 Hardware revision A.
 					It is possible that this module also works with	other models.
 					},
 			'Author'         => [
@@ -75,40 +75,16 @@ def do_login(user='admin', pass='')
 		if result == :success
 			print_good("#{target_url} - Successful login '#{user}' : '#{pass}'")
 
-			any_user = false
-			any_pass = false
-
-			vprint_status("#{target_url} - Trying random username with password:'#{pass}'")
-			any_user  =  determine_result(do_http_login(Rex::Text.rand_text_alpha(8), pass))
-
-			vprint_status("#{target_url} - Trying username:'#{user}' with random password")
-			any_pass  = determine_result(do_http_login(user, Rex::Text.rand_text_alpha(8)))
-
-			if any_user == :success
-				user = "anyuser"
-				print_status("#{target_url} - Any username with password '#{pass}' is allowed")
-			else
-				print_status("#{target_url} - Random usernames are not allowed.")
-			end
-
-			if any_pass == :success
-				pass = "anypass"
-				print_status("#{target_url} - Any password with username '#{user}' is allowed")
-			else
-				print_status("#{target_url} - Random passwords are not allowed.")
-			end
-
 			report_auth_info(
 				:host   => rhost,
 				:port   => rport,
 				:sname => (ssl ? 'https' : 'http'),
 				:user   => user,
 				:pass   => pass,
-				:proof  => "WEBAPP=\"Generic\", PROOF=#{response.to_s}",
+				:proof  => "WEBAPP=\"Dlink Management Interface\", PROOF=#{response.to_s}",
 				:active => true
 			)
 
-			return :abort if ([any_user,any_pass].include? :success)
 			return :next_user
 		else
 			vprint_error("#{target_url} - Failed to login as '#{user}'")
@@ -129,6 +105,10 @@ def do_http_login(user,pass)
 					"CAPTCHA" => ""
 				}
 			})
+			return if response.nil?
+			return if (response.headers['Server'].nil? or response.headers['Server'] !~ /Linux,\ HTTP\/1.1,\ DIR-.*Ver\ .*/)
+			return if (response.code == 404)
+
 			return response
 		rescue ::Rex::ConnectionError
 			vprint_error("#{target_url} - Failed to connect to the web server")
