Allow authbrute modules to use a single username/password in a sane way

git-svn-id: file:///home/svn/framework3/trunk@8945 4d416f70-5f16-0410-b530-b9f4589650da

lib/msf/core/auxiliary/auth_brute.rb

@@ -12,6 +12,8 @@ def initialize(info = {})
 	super
 
 	register_options([
+	OptString.new('USERNAME', [ false, 'A specific username to authenticate as' ]),
+	OptString.new('PASSWORD', [ false, 'A specific password to authenticate with' ]),
 	OptPath.new('USER_FILE', [ false, "File containing usernames, one per line" ]),
 	OptPath.new('PASS_FILE', [ false, "File containing passwords, one per line" ]),
 	OptPath.new('USERPASS_FILE',  [ false, "File containing users and passwords separated by space, one pair per line" ]),
@@ -37,11 +39,25 @@ def each_user_pass(&block)
 	credentials = extract_word_pair(datastore['USERPASS_FILE'])
 	users       = extract_words(datastore['USER_FILE'])
 	passwords   = extract_words(datastore['PASS_FILE'])
+
+	if datastore['USERNAME']
+		users << datastore['USERNAME']
+	end
+
+	if datastore['PASSWORD']
+		passwords << datastore['PASSWORD']
+	end
+
 	if datastore['BLANK_PASSWORDS']
 		credentials = gen_blank_passwords(users,credentials) + credentials
 	end
 	credentials.concat(combine_users_and_passwords(users,passwords))
 	credentials = just_uniq_passwords(credentials) if @strip_usernames
+
+	if datastore['USERNAME']
+		credentials.unshift( [datastore['USERNAME'], datastore['PASSWORD'].to_s] )
+	end
+
 	credentials.each do |u,p|
 		fq_user = "%s:%s:%s" % [datastore['RHOST'], datastore['RPORT'], u]
 		userpass_sleep_interval unless @@credentials_tried.empty?

modules/auxiliary/scanner/http/http_login.rb

@@ -37,8 +37,6 @@ class Metasploit3 < Msf::Auxiliary
 		register_options(
 			[
 				Opt::RPORT(80),
-				OptString.new('USERNAME', [ false, 'The username to authenticate as' ]),
-				OptString.new('PASSWORD', [ false, 'The password for the specified username' ]),
 				OptPath.new('USERPASS_FILE',  [ false, "File containing users and passwords separated by space, one pair per line",
 					File.join(Msf::Config.install_root, "data", "wordlists", "http_default_userpass.txt") ]),
 				OptPath.new('USER_FILE',  [ false, "File containing users, one pair per line",

modules/auxiliary/scanner/http/tomcat_mgr_login.rb

@@ -45,9 +45,6 @@ class Metasploit3 < Msf::Auxiliary
 		register_options(
 			[
 				Opt::RPORT(8080),
-				OptBool.new('VERBOSE', [ true, 'Verbose output', false]),
-				OptString.new('USERNAME', [ false, 'The username to authenticate as' ]),
-				OptString.new('PASSWORD', [ false, 'The password for the specified username' ]),
 				OptPath.new('USERPASS_FILE',  [ false, "File containing users and passwords separated by space, one pair per line",
 					File.join(Msf::Config.install_root, "data", "wordlists", "tomcat_mgr_default_userpass.txt") ]),
 				OptPath.new('USER_FILE',  [ false, "File containing users, one pair per line",
@@ -98,8 +95,8 @@ class Metasploit3 < Msf::Auxiliary
 			return :abort if (res.code == 404)
 			srvhdr = res.headers['Server']
 			if res.code == 200
-				# Could go with res.headers["Server"] =~ /Apache-Coyote/i 
-				# as well but that seems like an element someone's more 
+				# Could go with res.headers["Server"] =~ /Apache-Coyote/i
+				# as well but that seems like an element someone's more
 				# likely to change
 				success = true if(res.body.scan(/Tomcat/i).size >= 5)
 				success
@@ -127,3 +124,4 @@ class Metasploit3 < Msf::Auxiliary
 		end
 	end
 end
+

modules/auxiliary/scanner/ssh/ssh_login.rb

@@ -39,8 +39,6 @@ class Metasploit3 < Msf::Auxiliary
 
 		register_options(
 			[
-				OptString.new('USERNAME', [ false, 'The username to authenticate as' ]),
-				OptString.new('PASSWORD', [ false, 'The password for the specified username' ]),
 				Opt::RPORT(22)
 			], self.class
 		)