Fix rapid7#3982, allow URIs to be user configurable

Fix rapid7#3982

Author: wchen-r7

lib/metasploit/framework/login_scanner/smh.rb

@@ -21,7 +21,7 @@ def attempt_login(credential)
 
           req_opts = {
             'method' => 'POST',
-            'uri'    => '/proxy/ssllogin',
+            'uri'    => uri,
             'vars_post' => {
               'redirecturl'         => '',
               'redirectquerystring' => '',

modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb

@@ -32,6 +32,13 @@ def initialize(info={})
           'PASS_FILE' => File.join(Msf::Config.data_directory, "wordlists", "unix_passwords.txt")
         }
     ))
+
+    register_advanced_options([
+      OptString.new('LOGIN_URL', [true, 'The URL that handles the login process', '/proxy/ssllogin']),
+      OptString.new('CPQLOGIN', [true, 'The homepage of the login', '/cpqlogin.htm']),
+      OptString.new('LOGIN_REDIRECT', true, 'The URL to redirect to', '/cpqlogin')
+
+    ], self.class)
   end
 
   def get_version(res)
@@ -78,7 +85,7 @@ def init_loginscanner(ip)
     @scanner = Metasploit::Framework::LoginScanner::Smh.new(
       host:               ip,
       port:               rport,
-      uri:                datastore['URI'],
+      uri:                datastore['LOGIN_URL'],
       proxies:            datastore["PROXIES"],
       cred_details:       @cred_collection,
       stop_on_success:    datastore['STOP_ON_SUCCESS'],
@@ -163,10 +170,10 @@ def bruteforce(ip)
 
   def run_host(ip)
     res = send_request_cgi({
-      'uri' => '/cpqlogin.htm',
+      'uri' => datastore['CPQLOGIN'],
       'method' => 'GET',
       'vars_get' => {
-        'RedirectUrl' => '/cpqlogin',
+        'RedirectUrl' => datastore['LOGIN_REDIRECT'],
         'RedirectQueryString' => ''
       }
     })