mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-11-12 11:52:01 +01:00
Allow authbrute modules to use a single username/password in a sane way
git-svn-id: file:///home/svn/framework3/trunk@8945 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
parent
dfeb7978bf
commit
ba12ddd280
@ -12,6 +12,8 @@ def initialize(info = {})
|
|||||||
super
|
super
|
||||||
|
|
||||||
register_options([
|
register_options([
|
||||||
|
OptString.new('USERNAME', [ false, 'A specific username to authenticate as' ]),
|
||||||
|
OptString.new('PASSWORD', [ false, 'A specific password to authenticate with' ]),
|
||||||
OptPath.new('USER_FILE', [ false, "File containing usernames, one per line" ]),
|
OptPath.new('USER_FILE', [ false, "File containing usernames, one per line" ]),
|
||||||
OptPath.new('PASS_FILE', [ false, "File containing passwords, one per line" ]),
|
OptPath.new('PASS_FILE', [ false, "File containing passwords, one per line" ]),
|
||||||
OptPath.new('USERPASS_FILE', [ false, "File containing users and passwords separated by space, one pair per line" ]),
|
OptPath.new('USERPASS_FILE', [ false, "File containing users and passwords separated by space, one pair per line" ]),
|
||||||
@ -37,11 +39,25 @@ def each_user_pass(&block)
|
|||||||
credentials = extract_word_pair(datastore['USERPASS_FILE'])
|
credentials = extract_word_pair(datastore['USERPASS_FILE'])
|
||||||
users = extract_words(datastore['USER_FILE'])
|
users = extract_words(datastore['USER_FILE'])
|
||||||
passwords = extract_words(datastore['PASS_FILE'])
|
passwords = extract_words(datastore['PASS_FILE'])
|
||||||
|
|
||||||
|
if datastore['USERNAME']
|
||||||
|
users << datastore['USERNAME']
|
||||||
|
end
|
||||||
|
|
||||||
|
if datastore['PASSWORD']
|
||||||
|
passwords << datastore['PASSWORD']
|
||||||
|
end
|
||||||
|
|
||||||
if datastore['BLANK_PASSWORDS']
|
if datastore['BLANK_PASSWORDS']
|
||||||
credentials = gen_blank_passwords(users,credentials) + credentials
|
credentials = gen_blank_passwords(users,credentials) + credentials
|
||||||
end
|
end
|
||||||
credentials.concat(combine_users_and_passwords(users,passwords))
|
credentials.concat(combine_users_and_passwords(users,passwords))
|
||||||
credentials = just_uniq_passwords(credentials) if @strip_usernames
|
credentials = just_uniq_passwords(credentials) if @strip_usernames
|
||||||
|
|
||||||
|
if datastore['USERNAME']
|
||||||
|
credentials.unshift( [datastore['USERNAME'], datastore['PASSWORD'].to_s] )
|
||||||
|
end
|
||||||
|
|
||||||
credentials.each do |u,p|
|
credentials.each do |u,p|
|
||||||
fq_user = "%s:%s:%s" % [datastore['RHOST'], datastore['RPORT'], u]
|
fq_user = "%s:%s:%s" % [datastore['RHOST'], datastore['RPORT'], u]
|
||||||
userpass_sleep_interval unless @@credentials_tried.empty?
|
userpass_sleep_interval unless @@credentials_tried.empty?
|
||||||
|
@ -37,8 +37,6 @@ class Metasploit3 < Msf::Auxiliary
|
|||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
Opt::RPORT(80),
|
Opt::RPORT(80),
|
||||||
OptString.new('USERNAME', [ false, 'The username to authenticate as' ]),
|
|
||||||
OptString.new('PASSWORD', [ false, 'The password for the specified username' ]),
|
|
||||||
OptPath.new('USERPASS_FILE', [ false, "File containing users and passwords separated by space, one pair per line",
|
OptPath.new('USERPASS_FILE', [ false, "File containing users and passwords separated by space, one pair per line",
|
||||||
File.join(Msf::Config.install_root, "data", "wordlists", "http_default_userpass.txt") ]),
|
File.join(Msf::Config.install_root, "data", "wordlists", "http_default_userpass.txt") ]),
|
||||||
OptPath.new('USER_FILE', [ false, "File containing users, one pair per line",
|
OptPath.new('USER_FILE', [ false, "File containing users, one pair per line",
|
||||||
|
@ -45,9 +45,6 @@ class Metasploit3 < Msf::Auxiliary
|
|||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
Opt::RPORT(8080),
|
Opt::RPORT(8080),
|
||||||
OptBool.new('VERBOSE', [ true, 'Verbose output', false]),
|
|
||||||
OptString.new('USERNAME', [ false, 'The username to authenticate as' ]),
|
|
||||||
OptString.new('PASSWORD', [ false, 'The password for the specified username' ]),
|
|
||||||
OptPath.new('USERPASS_FILE', [ false, "File containing users and passwords separated by space, one pair per line",
|
OptPath.new('USERPASS_FILE', [ false, "File containing users and passwords separated by space, one pair per line",
|
||||||
File.join(Msf::Config.install_root, "data", "wordlists", "tomcat_mgr_default_userpass.txt") ]),
|
File.join(Msf::Config.install_root, "data", "wordlists", "tomcat_mgr_default_userpass.txt") ]),
|
||||||
OptPath.new('USER_FILE', [ false, "File containing users, one pair per line",
|
OptPath.new('USER_FILE', [ false, "File containing users, one pair per line",
|
||||||
@ -127,3 +124,4 @@ class Metasploit3 < Msf::Auxiliary
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -39,8 +39,6 @@ class Metasploit3 < Msf::Auxiliary
|
|||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptString.new('USERNAME', [ false, 'The username to authenticate as' ]),
|
|
||||||
OptString.new('PASSWORD', [ false, 'The password for the specified username' ]),
|
|
||||||
Opt::RPORT(22)
|
Opt::RPORT(22)
|
||||||
], self.class
|
], self.class
|
||||||
)
|
)
|
||||||
|
Loading…
Reference in New Issue
Block a user