diff --git a/lib/metasploit/framework/login_scanner/axis2.rb b/lib/metasploit/framework/login_scanner/axis2.rb index 04665852ee..1772f76ade 100644 --- a/lib/metasploit/framework/login_scanner/axis2.rb +++ b/lib/metasploit/framework/login_scanner/axis2.rb @@ -30,14 +30,14 @@ module Metasploit begin # Refactor to access Metasploit::Framework::LoginScanner::HTTP#send_request() - # to send request to the HTTP server and obtain a response + # to send request to the HTTP server and obtain a response response = send_request({ 'uri' => uri, 'method' => 'POST', 'vars_post' => { - 'userName' => Rex::Text.uri_encode(credential.public), - 'password' => Rex::Text.uri_encode(credential.private), + 'userName' => credential.public, + 'password' => credential.private, 'submit' => '+Login+' } }) diff --git a/lib/metasploit/framework/login_scanner/chef_webui.rb b/lib/metasploit/framework/login_scanner/chef_webui.rb index 213f41bd14..2edd6f86cc 100644 --- a/lib/metasploit/framework/login_scanner/chef_webui.rb +++ b/lib/metasploit/framework/login_scanner/chef_webui.rb @@ -47,8 +47,7 @@ module Metasploit def check_setup begin res = send_request({ - 'uri' => normalize_uri('/users/login'), - 'cgi' => false + 'uri' => normalize_uri('/users/login') }) return "Connection failed" if res.nil? @@ -71,7 +70,7 @@ module Metasploit # # @param (see Rex::Proto::Http::Resquest#request_raw) # @return [Rex::Proto::Http::Response] The HTTP response - def send_request(opts) + def send_request(opts) res = super(opts) # Save the session ID cookie @@ -102,8 +101,7 @@ module Metasploit 'headers' => { 'Content-Type' => 'application/x-www-form-urlencoded', 'Cookie' => "#{self.session_name}=#{self.session_id}" - }, - 'cgi' => false + } } send_request(opts) @@ -120,8 +118,7 @@ module Metasploit # Obtain a CSRF token first res = send_request({ - 'uri' => normalize_uri('/users/login'), - 'cgi' => false + 'uri' => normalize_uri('/users/login') }) unless (res && res.code == 200 && res.body =~ /input name="authenticity_token" type="hidden" value="([^"]+)"/m) return {:status => Metasploit::Model::Login::Status::UNTRIED, :proof => res.body} @@ -136,8 +133,7 @@ module Metasploit 'method' => 'GET', 'headers' => { 'Cookie' => "#{self.session_name}=#{self.session_id}" - }, - 'cgi' => false + } } res = send_request(opts) if (res && res.code == 200 && res.body.to_s =~ /New password for the User/) diff --git a/lib/metasploit/framework/login_scanner/glassfish.rb b/lib/metasploit/framework/login_scanner/glassfish.rb index c602884972..bd15b91834 100644 --- a/lib/metasploit/framework/login_scanner/glassfish.rb +++ b/lib/metasploit/framework/login_scanner/glassfish.rb @@ -32,7 +32,6 @@ module Metasploit begin res = send_request({ 'uri' => '/common/index.jsf', - 'cgi' => false }) return "Connection failed" if res.nil? if !([200, 302].include?(res.code)) diff --git a/lib/metasploit/framework/login_scanner/ipboard.rb b/lib/metasploit/framework/login_scanner/ipboard.rb index 0e6bbdc893..0696e23f0e 100644 --- a/lib/metasploit/framework/login_scanner/ipboard.rb +++ b/lib/metasploit/framework/login_scanner/ipboard.rb @@ -16,7 +16,7 @@ module Metasploit attr_accessor :http_password # (see Base#attempt_login) - def attempt_login(credential) + def attempt_login(credential) result_opts = { credential: credential, host: host, diff --git a/lib/metasploit/framework/login_scanner/mybook_live.rb b/lib/metasploit/framework/login_scanner/mybook_live.rb index c833884e1a..ba302104f5 100644 --- a/lib/metasploit/framework/login_scanner/mybook_live.rb +++ b/lib/metasploit/framework/login_scanner/mybook_live.rb @@ -33,13 +33,12 @@ module Metasploit result_opts[:service_name] = 'http' end begin - cred = Rex::Text.uri_encode(credential.private) res = send_request({ 'method' => method, 'uri' => uri, 'vars_post' => { 'data[Login][owner_name]' => 'admin', - 'data[Login][owner_passwd]' => cred + 'data[Login][owner_passwd]' => credential.private } }) diff --git a/lib/metasploit/framework/login_scanner/zabbix.rb b/lib/metasploit/framework/login_scanner/zabbix.rb index 6059ac7b40..5d481d89a8 100644 --- a/lib/metasploit/framework/login_scanner/zabbix.rb +++ b/lib/metasploit/framework/login_scanner/zabbix.rb @@ -42,8 +42,7 @@ module Metasploit def check_setup begin res = send_request({ - 'uri' => normalize_uri('/'), - 'cgi' => false + 'uri' => normalize_uri('/') }) return "Connection failed" if res.nil? @@ -100,8 +99,7 @@ module Metasploit 'data' => data, 'headers' => { 'Content-Type' => 'application/x-www-form-urlencoded' - }, - 'cgi' => false + } } send_request(opts) @@ -114,8 +112,7 @@ module Metasploit 'method' => 'GET', 'headers' => { 'Cookie' => "#{self.zsession}" - }, - 'cgi' => false + } } send_request(opts) end diff --git a/modules/auxiliary/scanner/nessus/nessus_rest_login.rb b/modules/auxiliary/scanner/nessus/nessus_rest_login.rb index 56c7782262..09e8fc9bd6 100644 --- a/modules/auxiliary/scanner/nessus/nessus_rest_login.rb +++ b/modules/auxiliary/scanner/nessus/nessus_rest_login.rb @@ -43,6 +43,7 @@ class MetasploitModule < Msf::Auxiliary ) @scanner = Metasploit::Framework::LoginScanner::Nessus.new( + configure_http_login_scanner( host: ip, port: datastore['RPORT'], uri: datastore['TARGETURI'], @@ -51,6 +52,7 @@ class MetasploitModule < Msf::Auxiliary stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], connection_timeout: 5 + ) ) @scanner.ssl = datastore['SSL'] @scanner.ssl_version = datastore['SSLVERSION']