Updates to better OWA fix

Tod Beardsley · Tod Beardsley · commit 5fb268bbdffc · 2014-11-04T14:32:54.000-06:00
diff --git a/modules/auxiliary/scanner/http/owa_login.rb b/modules/auxiliary/scanner/http/owa_login.rb
@@ -221,7 +221,7 @@ def try_user_pass(opts)
       cookies = res.get_cookies
       cookie_header = 'PBack=0'
       %w(sessionid cadata).each do |necessary_cookie|
-        if cookies =~ /#{necessary_cookie}=([^;]+)/
+        if cookies =~ /#{necessary_cookie}=([^;]*)/
           cookie_header << "; #{Regexp.last_match(1)}"
         else
           print_error("#{msg} Missing #{necessary_cookie} cookie.  This is not OWA 2010, aborting")
@@ -247,11 +247,6 @@ def try_user_pass(opts)
       return :abort
     end
 
-    if res.redirect?
-      vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}' (response was a #{res.code} redirect)")
-      return :skip_pass
-    end
-
     if res.body =~ login_check
       print_good("#{msg} SUCCESSFUL LOGIN. '#{user}' : '#{pass}'")
 
@@ -266,6 +261,12 @@ def try_user_pass(opts)
 
       report_auth_info(report_hash)
       return :next_user
+
+    if res.redirect?
+      vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}' (response was a #{res.code} redirect)")
+      return :skip_pass
+    end
+
     else
       vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}' (response body did not match)")
       return :skip_pass
