Cleanup. Sanity check in setup. vprint

2024-10-29 18:07:27 +01:00 · 2014-10-22 10:36:24 -07:00 · 2014-10-22 10:36:24 -07:00 · ce8a9941ea
commit ce8a9941ea
parent ee3dd3a2ac
2 changed files with 25 additions and 17 deletions
--- a/lib/metasploit/framework/login_scanner/mybook_live.rb
+++ b/lib/metasploit/framework/login_scanner/mybook_live.rb
@ -33,14 +33,14 @@ module Metasploit
            result_opts[:service_name] = 'http'
          end
          begin
-            body = "data%5BLogin%5D%5Bowner_name%5D=admin&data%5BLogin%5D%5Bowner_passwd%5D=#{Rex::Text.uri_encode(credential.private)}"
+            body = "data[Login][owner_name]=admin&data[Login][owner_passwd]=#{credential.private}"
            cli = Rex::Proto::Http::Client.new(host, port, {}, ssl, ssl_version)
            cli.connect
-            req = cli.request_cgi({
+            req = cli.request_cgi(
              'method' => 'POST',
              'uri' => '/UI/login',
-              'data' => body
-            })
+              'data' => Rex::Text.uri_encode(body)
+            )
            res = cli.send_recv(req)
            if res && res.code == 302 && res.headers['location'] && res.headers['location'].include?('UI')
              result_opts.merge!(status: Metasploit::Model::Login::Status::SUCCESSFUL, proof: res.headers)
--- a/modules/auxiliary/scanner/http/mybook_live_login.rb
+++ b/modules/auxiliary/scanner/http/mybook_live_login.rb
@ -32,6 +32,14 @@ class Metasploit3 < Msf::Auxiliary
    deregister_options('RHOST', 'USERNAME', 'USER_FILE', 'USER_AS_PASS', 'DB_ALL_USERS')
  end

+  def setup
+    # They must select at least blank passwords, provide a pass file or a password
+    one_required = %w(BLANK_PASSWORDS PASS_FILE PASSWORD)
+    unless one_required.any? { |o| datastore[o] }
+      fail_with(Failure::BadConfig, "Invalid options: One of #{one_required.join(', ')} must be set")
+    end
+  end
+
  def run_host(ip)
    cred_collection = Metasploit::Framework::CredentialCollection.new(
      blank_passwords: datastore['BLANK_PASSWORDS'],
@ -70,7 +78,7 @@ class Metasploit3 < Msf::Auxiliary
        print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}"
      else
        invalidate_login(credential_data)
-        print_status "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status})"
+        vprint_status "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status})"
      end
    end
  end