Skip to content

Commit 86a9402

Browse files
rbsecrbsec
committed
Fix lotus_domino_hashes not working.
Some Lotus Domino servers prefix the "dspHTTPPassword" with a dollar sign. Updated regex to take this into account.
1 parent 90ce761 commit 86a9402

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -162,7 +162,7 @@ def dump_hashes(view_id,cookie,uri)
162162
if (res and res.body)
163163
short_name = res.body.scan(/<INPUT NAME=\"ShortName\" TYPE=(?:.*) VALUE=\"([^\s]+)"/i).join
164164
user_mail = res.body.scan(/<INPUT NAME=\"InternetAddress\" TYPE=(?:.*) VALUE=\"([^\s]+)"/i).join
165-
pass_hash = res.body.scan(/<INPUT NAME=\"dspHTTPPassword\" TYPE=(?:.*) VALUE=\"([^\s]+)"/i).join
165+
pass_hash = res.body.scan(/<INPUT NAME=\"\$?dspHTTPPassword\" TYPE=(?:.*) VALUE=\"([^\s]+)"/i).join
166166

167167
if short_name.to_s.strip.empty?
168168
short_name = 'NULL'

0 commit comments

Comments
 (0)