Skip to content

Commit

Permalink
Missed the HTTPUSERNAME fix
Browse files Browse the repository at this point in the history
  • Loading branch information
@wchen-r7
wchen-r7 committed May 27, 2016
1 parent 61f9cc3 commit 14adcce
Show file tree
Hide file tree
Showing 69 changed files with 121 additions and 121 deletions.
2 changes: 1 addition & 1 deletion modules/auxiliary/admin/appletv/appletv_display_image.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ def initialize(info = {})
[
['URL', 'http://nto.github.io/AirPlay.html']
],
'DefaultOptions' => { 'HTTPUSERNAME' => 'AirPlay' },
'DefaultOptions' => { 'HttpUsername' => 'AirPlay' },
'License' => MSF_LICENSE
))

Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/admin/http/openbravo_xxe.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ def run
users = send_request_raw({
'method' => 'GET',
'uri' => normalize_uri(datastore['TARGETURI'], "/ws/dal/#{datastore["ENDPOINT"]}"),
'authorization' => basic_auth(datastore['HTTPUSERNAME'], datastore['HttpPassword'])
'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword'])
}, 60)

if !users or users.code != 200
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/buffalo_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ def run_host(ip)
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 10,
http_username: datastore['HTTPUSERNAME'],
http_username: datastore['HttpUsername'],
http_password: datastore['HttpPassword']
)
)
Expand Down
4 changes: 2 additions & 2 deletions modules/auxiliary/scanner/http/caidao_bruteforce_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ def initialize(info = {})
], self.class)

# caidao does not have an username, there's only password
deregister_options('HTTPUSERNAME', 'HttpPassword', 'USERNAME', 'USER_AS_PASS', 'USERPASS_FILE', 'USER_FILE', 'DB_ALL_USERS')
deregister_options('HttpUsername', 'HttpPassword', 'USERNAME', 'USER_AS_PASS', 'USERPASS_FILE', 'USER_FILE', 'DB_ALL_USERS')
end

def scanner(ip)
Expand All @@ -62,7 +62,7 @@ def scanner(ip)
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 5,
http_username: datastore['HTTPUSERNAME'],
http_username: datastore['HttpUsername'],
http_password: datastore['HttpPassword']
))
}.call
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/chef_webui_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ def init_loginscanner(ip)
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 5,
http_username: datastore['HTTPUSERNAME'],
http_username: datastore['HttpUsername'],
http_password: datastore['HttpPassword']
)
)
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/dlink_dir_615h_http_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ def initialize
File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt") ]),
], self.class)

deregister_options('HTTPUSERNAME', 'HttpPassword')
deregister_options('HttpUsername', 'HttpPassword')
end

def target_url
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/dlink_dir_session_cgi_http_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ def initialize
File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt") ]),
], self.class)

deregister_options('HTTPUSERNAME', 'HttpPassword')
deregister_options('HttpUsername', 'HttpPassword')
end

def target_url
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/etherpad_duo_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ def initialize(info={})
'License' => MSF_LICENSE
))

deregister_options('HTTPUSERNAME', 'HttpPassword')
deregister_options('HttpUsername', 'HttpPassword')
end

def run_host(ip)
Expand Down
4 changes: 2 additions & 2 deletions modules/auxiliary/scanner/http/gitlab_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ def initialize
register_options(
[
Opt::RPORT(80),
OptString.new('HTTPUSERNAME', [ true, 'The username to test', 'root' ]),
OptString.new('HttpUsername', [ true, 'The username to test', 'root' ]),
OptString.new('HttpPassword', [ true, 'The password to test', '5iveL!fe' ]),
OptString.new('TARGETURI', [true, 'The path to GitLab', '/'])
], self.class)
Expand Down Expand Up @@ -61,7 +61,7 @@ def run_host(ip)
password: datastore['HttpPassword'],
user_file: datastore['USER_FILE'],
userpass_file: datastore['USERPASS_FILE'],
username: datastore['HTTPUSERNAME'],
username: datastore['HttpUsername'],
user_as_pass: datastore['USER_AS_PASS']
)

Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/glassfish_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ def init_loginscanner(ip)
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 5,
http_username: datastore['HTTPUSERNAME'],
http_username: datastore['HttpUsername'],
http_password: datastore['HttpPassword']
)
)
Expand Down
4 changes: 2 additions & 2 deletions modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ def init_loginscanner(ip)
password: datastore['HttpPassword'],
user_file: datastore['USER_FILE'],
userpass_file: datastore['USERPASS_FILE'],
username: datastore['HTTPUSERNAME'],
username: datastore['HttpUsername'],
user_as_pass: datastore['USER_AS_PASS']
)

Expand All @@ -88,7 +88,7 @@ def init_loginscanner(ip)
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 5,
http_username: datastore['HTTPUSERNAME'],
http_username: datastore['HttpUsername'],
http_password: datastore['HttpPassword']
)
)
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/http_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ def run_host(ip)
password: datastore['HttpPassword'],
user_file: datastore['USER_FILE'],
userpass_file: datastore['USERPASS_FILE'],
username: datastore['HTTPUSERNAME'],
username: datastore['HttpUsername'],
user_as_pass: datastore['USER_AS_PASS'],
)

Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/http_traversal.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ def ini_request(uri)
req['uri'] = this_path
req['headers'] = {'Cookie'=>datastore['COOKIE']} if not datastore['COOKIE'].empty?
req['data'] = data if not data.empty?
req['authorization'] = basic_auth(datastore['HTTPUSERNAME'], datastore['HttpPassword'])
req['authorization'] = basic_auth(datastore['HttpUsername'], datastore['HttpPassword'])

return req
end
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/ipboard_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ def run_host(ip)
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 5,
http_username: datastore['HTTPUSERNAME'],
http_username: datastore['HttpUsername'],
http_password: datastore['HttpPassword']
)
)
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/jenkins_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ def run_host(ip)
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 10,
http_username: datastore['HTTPUSERNAME'],
http_username: datastore['HttpUsername'],
http_password: datastore['HttpPassword']
)
)
Expand Down
4 changes: 2 additions & 2 deletions modules/auxiliary/scanner/http/linksys_e1500_traversal.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ def initialize
[
OptPath.new('SENSITIVE_FILES', [ true, "File containing senstive files, one per line",
File.join(Msf::Config.data_directory, "wordlists", "sensitive_files.txt") ]),
OptString.new('HTTPUSERNAME',[ true, 'User to login with', 'admin']),
OptString.new('HttpUsername',[ true, 'User to login with', 'admin']),
OptString.new('HttpPassword',[ true, 'Password to login with', 'password']),

], self.class)
Expand Down Expand Up @@ -91,7 +91,7 @@ def find_files(file,user,pass)
end

def run_host(ip)
user = datastore['HTTPUSERNAME']
user = datastore['HttpUsername']
pass = datastore['HttpPassword']

vprint_status("#{rhost}:#{rport} - Trying to login with #{user} / #{pass}")
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/manageengine_desktop_central_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ def init(ip)
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 5,
http_username: datastore['HTTPUSERNAME'],
http_username: datastore['HttpUsername'],
http_password: datastore['HttpPassword']
)
)
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/mybook_live_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ def run_host(ip)
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 10,
http_username: datastore['HTTPUSERNAME'],
http_username: datastore['HttpUsername'],
http_password: datastore['HttpPassword']
)
)
Expand Down
4 changes: 2 additions & 2 deletions modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ def initialize
[
OptPath.new('FILELIST', [ true, "File containing sensitive files, one per line",
File.join(Msf::Config.data_directory, "wordlists", "sensitive_files.txt") ]),
OptString.new('HTTPUSERNAME',[ true, 'User to login with', 'service']),
OptString.new('HttpUsername',[ true, 'User to login with', 'service']),
OptString.new('HttpPassword',[ true, 'Password to login with', 'service'])
], self.class)
end
Expand Down Expand Up @@ -82,7 +82,7 @@ def find_files(file,user,pass)
end

def run_host(ip)
user = datastore['HTTPUSERNAME']
user = datastore['HttpUsername']
pass = datastore['HttpPassword']

vprint_status("Trying to login with #{user} / #{pass}")
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/pocketpad_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ def initialize(info={})
'License' => MSF_LICENSE
))

deregister_options('HTTPUSERNAME', 'HttpPassword')
deregister_options('HttpUsername', 'HttpPassword')
end

def run_host(ip)
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/radware_appdirector_enum.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ def initialize(info={})
OptString.new('PASSWORD', [true, "A specific password to authenticate with, deault 'radware'", "radware"])
], self.class)

deregister_options('HTTPUSERNAME', 'HttpPassword')
deregister_options('HttpUsername', 'HttpPassword')
end

def run_host(ip)
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/symantec_web_gateway_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ def scanner(ip)
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 5,
http_username: datastore['HTTPUSERNAME'],
http_username: datastore['HttpUsername'],
http_password: datastore['HttpPassword']
))
}.call
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/tomcat_mgr_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ def run_host(ip)
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 10,
http_username: datastore['HTTPUSERNAME'],
http_username: datastore['HttpUsername'],
http_password: datastore['HttpPassword']
)
)
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/wordpress_multicall_creds.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ def run_host(ip)
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 5,
http_username: datastore['HTTPUSERNAME'],
http_username: datastore['HttpUsername'],
http_password: datastore['HttpPassword']
)
)
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/wordpress_xmlrpc_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ def run_host(ip)
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 5,
http_username: datastore['HTTPUSERNAME'],
http_username: datastore['HttpUsername'],
http_password: datastore['HttpPassword']
)
)
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/zabbix_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ def init_loginscanner(ip)
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 5,
http_username: datastore['HTTPUSERNAME'],
http_username: datastore['HttpUsername'],
http_password: datastore['HttpPassword']
)
)
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/nessus/nessus_rest_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ def initialize(info={})
OptString.new('TARGETURI', [ true, 'The path to the Nessus server login API', '/session']),
], self.class)

deregister_options('HTTPUSERNAME', 'HttpPassword')
deregister_options('HttpUsername', 'HttpPassword')
end


Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ def initialize
], self.class)
register_autofilter_ports([ 50013 ])

deregister_options('HTTPUSERNAME', 'HttpPassword')
deregister_options('HttpUsername', 'HttpPassword')
end

def run_host(rhost)
Expand Down
12 changes: 6 additions & 6 deletions modules/auxiliary/scanner/sap/sap_smb_relay.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ module can be used.
register_options([
Opt::RPORT(8000),
OptString.new('CLIENT', [true, 'SAP client', '001']),
OptString.new('HTTPUSERNAME', [false, 'Username (Ex SAP*)']),
OptString.new('HttpUsername', [false, 'Username (Ex SAP*)']),
OptString.new('HttpPassword', [false, 'Password (Ex 06071992)']),
OptAddress.new('LHOST', [true, 'Server IP or hostname of the SMB Capture system']),
OptEnum.new('ABUSE', [true, 'SMB Relay abuse to use', "MMR",
Expand All @@ -69,7 +69,7 @@ module can be used.
end

def valid_credentials?
if datastore['HTTPUSERNAME'].blank?
if datastore['HttpUsername'].blank?
return false
end

Expand Down Expand Up @@ -98,7 +98,7 @@ def run_xmla
res = send_request_raw({
'uri' => '/sap/bw/xml/soap/xmla?sap-client=' + datastore['CLIENT'] + '&sap-language=EN',
'method' => 'POST',
'authorization' => basic_auth(datastore['HTTPUSERNAME'], datastore['HttpPassword']),
'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']),
'data' => data,
'ctype' => 'text/xml; charset=UTF-8',
'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT']
Expand All @@ -118,7 +118,7 @@ def run_mmr
begin
smb_uri = "\\\\#{datastore['LHOST']}\\#{Rex::Text.rand_text_alpha_lower(7)}.#{Rex::Text.rand_text_alpha_lower(3)}"

if datastore['HTTPUSERNAME'].empty?
if datastore['HttpUsername'].empty?
vprint_status("#{rhost}:#{rport} - Sending unauthenticated request for #{smb_uri}")
res = send_request_cgi({
'uri' => '/mmr/MMR',
Expand All @@ -137,7 +137,7 @@ def run_mmr
res = send_request_cgi({
'uri' => '/mmr/MMR',
'method' => 'GET',
'authorization' => basic_auth(datastore['HTTPUSERNAME'], datastore['HttpPassword']),
'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']),
'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'],
'ctype' => 'text/xml; charset=UTF-8',
'vars_get' => {
Expand Down Expand Up @@ -169,7 +169,7 @@ def send_soap_rfc_request(data, smb_uri)
'uri' => '/sap/bc/soap/rfc',
'method' => 'POST',
'data' => data,
'authorization' => basic_auth(datastore['HTTPUSERNAME'], datastore['HttpPassword']),
'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']),
'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'],
'ctype' => 'text/xml; charset=UTF-8',
'headers' => {
Expand Down
4 changes: 2 additions & 2 deletions modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ def initialize
register_options([
Opt::RPORT(8000),
OptString.new('CLIENT', [true, 'SAP client', '001']),
OptString.new('HTTPUSERNAME', [true, 'Username', 'SAP*']),
OptString.new('HttpUsername', [true, 'Username', 'SAP*']),
OptString.new('HttpPassword', [true, 'Password', '06071992']),
OptString.new('BAPI_FIRST',[true,'First name','John']),
OptString.new('BAPI_LAST',[true,'Last name','Doe']),
Expand Down Expand Up @@ -103,7 +103,7 @@ def run_host(ip)
'data' => data,
'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}",
'ctype' => 'text/xml; charset=UTF-8',
'authorization' => basic_auth(datastore['HTTPUSERNAME'], datastore['HttpPassword']),
'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']),
'headers' => {
'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
},
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ def initialize
File.join(Msf::Config.data_directory, "wordlists", "sap_default.txt") ])
], self.class)

deregister_options('HTTPUSERNAME', 'HttpPassword')
deregister_options('HttpUsername', 'HttpPassword')
end

def run_host(rhost)
Expand Down
4 changes: 2 additions & 2 deletions modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ def initialize
register_options(
[
OptString.new('CLIENT', [true, 'SAP Client', '001']),
OptString.new('HTTPUSERNAME', [true, 'Username', 'SAP*']),
OptString.new('HttpUsername', [true, 'Username', 'SAP*']),
OptString.new('HttpPassword', [true, 'Password', '06071992']),
OptEnum.new('OS', [true, 'Target OS', "linux", ['linux','windows']]),
OptString.new('CMD', [true, 'Command to run', "id"])
Expand Down Expand Up @@ -98,7 +98,7 @@ def exec_command(ip,data)
'data' => data,
'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}",
'ctype' => 'text/xml; charset=UTF-8',
'authorization' => basic_auth(datastore['HTTPUSERNAME'], datastore['HttpPassword']),
'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']),
'headers' => {
'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
},
Expand Down
Loading

0 comments on commit 14adcce

Please sign in to comment.