New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
added infovista module #1962
added infovista module #1962
Conversation
I don't know why msftidy doesn't like Unicode, but if I had to guess, it's because not everyone is using Unicode. |
Is that string the best way to fingerprint the application? |
@wvu-r7 That's the title string when application is first accessed, pre-authentication. Hence, I used it for fingerprinting. msftidy flags the unicode but the module runs good though. |
begin | ||
res = send_request_cgi( | ||
{ | ||
'uri' => '/VPortal/mgtconsole/CheckPassword.jsp', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@juushya has shared data via email for verification. While verification there is something which doesn't fit match the code. According to the data capture, the POST login authentication requests go against /VPortal/Connect.jsp, and not against /VPortal/mgtconsole/CheckPassword.jsp. @juushya could you confirm if it is fine?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jvazquez-r7 It is fine. Normally, the auth req first actually goes to /VPortal/Connect.jsp which then forwards it to CheckPassword.jsp. I chose to test the login against the CheckPassword.jsp directly. If the login is valid, a 302 to AdminFrame.jsp is received, if not, then 302 to Login.jsp.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see, we should need data capture which verifies this behavior.
@jvazquez-r7 emailed the capture to you. 👍 |
yeah! last capture looks good, proceeding with final testing cleanup and hopefully merging in a while :) thanks @juushya !! |
Module working verified thanks to @juushya data captures. Thanks! Final cleanup to the module before merging can be found here: 3cd94f5 (fake environment) Test after cleanup:
|
Added new aux module to enum & brute force InfoVista VistaPortal application.