Browse Source

Fix bug in owa_login if AUTH_TIME is set to false

ticofoo 1 month ago
parent
commit
cfd41c49ec
1 changed files with 8 additions and 3 deletions
  1. 8
    3
      modules/auxiliary/scanner/http/owa_login.rb

+ 8
- 3
modules/auxiliary/scanner/http/owa_login.rb View File

@@ -193,6 +193,8 @@ class MetasploitModule < Msf::Auxiliary
193 193
         'data'     => data
194 194
       })
195 195
 
196
+      # define elapsed_time even if AUTH_TIME is set to "false", because it is used in all of the following print* messages
197
+      elapsed_time = 0
196 198
       if datastore['AUTH_TIME']
197 199
         elapsed_time = Time.now - start_time
198 200
       end
@@ -253,7 +255,8 @@ class MetasploitModule < Msf::Auxiliary
253 255
         headers['Cookie'] = 'PBack=0;' << res.get_cookies
254 256
       else
255 257
         # Login didn't work. no point in going on, however, check if valid domain account by response time.
256
-        if elapsed_time <= 1
258
+        # Added check for default value (0), since elapsed_time is not measured if AUTH_TIME is set to "false"
259
+        if (elapsed_time > 0) && (elapsed_time <= 1)
257 260
           unless user =~ /@\w+\.\w+/
258 261
             report_cred(
259 262
               ip: res.peerinfo['addr'],
@@ -301,7 +304,8 @@ class MetasploitModule < Msf::Auxiliary
301 304
     end
302 305
 
303 306
     if res.redirect?
304
-      if elapsed_time <= 1
307
+      # Added check for default value (0), since elapsed_time is not measured if AUTH_TIME is set to "false"
308
+      if (elapsed_time > 0) && (elapsed_time <= 1)
305 309
         unless user =~ /@\w+\.\w+/
306 310
           report_cred(
307 311
             ip: res.peerinfo['addr'],
@@ -329,7 +333,8 @@ class MetasploitModule < Msf::Auxiliary
329 333
       )
330 334
       return :next_user
331 335
     else
332
-      if elapsed_time <= 1
336
+      # Added check for default value (0), since elapsed_time is not measured if AUTH_TIME is set to "false"
337
+      if (elapsed_time > 0) && (elapsed_time <= 1)
333 338
         unless user =~ /@\w+\.\w+/
334 339
           report_cred(
335 340
             ip: res.peerinfo['addr'],

Loading…
Cancel
Save