Land rapid7#5157, OWA login scanner auth timing logs

Brent Cook · Brent Cook · commit 5296c6507d30 · 2015-04-21T11:06:08.000-05:00
diff --git a/modules/auxiliary/scanner/http/owa_login.rb b/modules/auxiliary/scanner/http/owa_login.rb
@@ -27,7 +27,8 @@ def initialize
           'SecureState R&D Team',
           'sinn3r',
           'Brandon Knight',
-          'Pete (Bokojan) Arzamendi, #Outlook 2013 updates'
+          'Pete (Bokojan) Arzamendi', # Outlook 2013 updates
+          'Nate Power'                # HTTP timing option
         ],
       'License'        => MSF_LICENSE,
       'Actions'        =>
@@ -81,6 +82,7 @@ def initialize
         OptInt.new('RPORT', [ true, "The target port", 443]),
         OptAddress.new('RHOST', [ true, "The target address", true]),
         OptBool.new('ENUM_DOMAIN', [ true, "Automatically enumerate AD domain using NTLM authentication", true]),
+        OptBool.new('AUTH_TIME', [ false, "Check HTTP authentication response time", true])
       ], self.class)
 
 
@@ -163,6 +165,10 @@ def try_user_pass(opts)
     end
 
     begin
+      if datastore['AUTH_TIME']
+        start_time = Time.now
+      end
+
       res = send_request_cgi({
         'encode'   => true,
         'uri'      => auth_path,
@@ -171,6 +177,9 @@ def try_user_pass(opts)
         'data'     => data
       })
 
+      if datastore['AUTH_TIME']
+        elapsed_time = Time.now - start_time
+      end
     rescue ::Rex::ConnectionError, Errno::ECONNREFUSED, Errno::ETIMEDOUT
       print_error("#{msg} HTTP Connection Failed, Aborting")
       return :abort
@@ -189,7 +198,7 @@ def try_user_pass(opts)
       # Check for a response code to make sure login was valid. Changes from 2010 to 2013.
       # Check if the password needs to be changed.
       if res.headers['location'] =~ /expiredpassword/
-        print_good("#{msg} SUCCESSFUL LOGIN. '#{user}' : '#{pass}': NOTE password change required")
+        print_good("#{msg} SUCCESSFUL LOGIN. #{elapsed_time} '#{user}' : '#{pass}': NOTE password change required")
         report_hash = {
           :host   => datastore['RHOST'],
           :port   => datastore['RPORT'],
@@ -213,7 +222,7 @@ def try_user_pass(opts)
         headers['Cookie'] = 'PBack=0;' << res.get_cookies
       else
       # Login didn't work. no point on going on.
-        vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}' (HTTP redirect with reason #{reason})")
+        vprint_error("#{msg} FAILED LOGIN. #{elapsed_time} '#{user}' : '#{pass}' (HTTP redirect with reason #{reason})")
         return :Skip_pass
       end
     else
@@ -248,12 +257,12 @@ def try_user_pass(opts)
     end
 
     if res.redirect?
-      vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}' (response was a #{res.code} redirect)")
+      vprint_error("#{msg} FAILED LOGIN. #{elapsed_time} '#{user}' : '#{pass}' (response was a #{res.code} redirect)")
       return :skip_pass
     end
 
     if res.body =~ login_check
-      print_good("#{msg} SUCCESSFUL LOGIN. '#{user}' : '#{pass}'")
+      print_good("#{msg} SUCCESSFUL LOGIN. #{elapsed_time} '#{user}' : '#{pass}'")
 
       report_hash = {
         :host   => datastore['RHOST'],
@@ -267,7 +276,7 @@ def try_user_pass(opts)
       report_auth_info(report_hash)
       return :next_user
     else
-      vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}' (response body did not match)")
+      vprint_error("#{msg} FAILED LOGIN. #{elapsed_time} '#{user}' : '#{pass}' (response body did not match)")
       return :skip_pass
     end
   end
@@ -318,4 +327,3 @@ def msg
   end
 
 end
-
