Module: Msf::Exploit::Remote::HTTP::Webmin::Login

Included in:: Msf::Exploit::Remote::HTTP::Webmin

Defined in:: lib/msf/core/exploit/remote/http/webmin/login.rb

Instance Method Summary collapse

#webmin_login(user, pass) ⇒ String^?

performs a webmin login.

Instance Method Details

#webmin_login(user, pass) ⇒ `String`^?

performs a webmin login

Parameters:

user (String) —

Username
pass (String) —

Password

Returns:

(String, nil) —

the session cookies as a single string on successful login, nil otherwise

# File 'lib/msf/core/exploit/remote/http/webmin/login.rb', line 9

def webmin_login(user, pass)
  print_status('Attempting to authenticate with Webmin')
  res = send_request_cgi({
                           'method' => 'POST',
                           'uri' => normalize_uri(datastore['TARGETURI'], 'session_login.cgi'),
                           'cookie' => 'testing=1', # it must be used for "Error - No cookies"
                           'keep_cookies' => true,
                           'vars_post' => {
                             'page' => '',
                             'user' => user,
                             'pass' => pass
                           }
                         })

  if res && res.code == 302 && res.get_cookies =~ /sid=(\w+)/
    print_good("Authentication successful")
    return ::Regexp.last_match(1)
  end

  return nil unless res

  res
end

Module: Msf::Exploit::Remote::HTTP::Webmin::Login

Instance Method Summary collapse

Instance Method Details

#webmin_login(user, pass) ⇒ String?

#webmin_login(user, pass) ⇒ `String`^?