skip admin brute

veo · Dec 30, 2021 · fa86ac0 · fa86ac0
1 parent 003a804
commit fa86ac0
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 1 deletion.
diff --git a/brute/admin_brute.go b/brute/admin_brute.go
@@ -9,6 +9,8 @@ import (
 	"strings"
 )
 
+var SkipAdminBrute bool
+
 func getinput(inputurl string) (usernamekey string, passwordkey string, loginurl string, ismd5 bool) {
 	usernamekey = "username"
 	passwordkey = "password"
@@ -71,6 +73,9 @@ func getinput(inputurl string) (usernamekey string, passwordkey string, loginurl
 }
 
 func Admin_brute(u string) (username string, password string, loginurl string) {
+	if SkipAdminBrute {
+		return "", "", ""
+	}
 	usernamekey, passwordkey, loginurl, ismd5 := getinput(u)
 	var (
 		adminfalsedata        = fmt.Sprintf("%s=admin&%s=Qweasd123admin", usernamekey, passwordkey)

diff --git a/pkg/naabu/runner/options.go b/pkg/naabu/runner/options.go
@@ -23,7 +23,9 @@ type Options struct {
 	ExcludeCDN        bool // Excludes ip of knows CDN ranges for full port scan
 	Nmap              bool // Invoke nmap detailed scan on results
 	InterfacesList    bool // InterfacesList show interfaces list
+	SkipAdminBrute    bool
 	Proxy             string
+	LocalJndiAddress  string
 	CeyeApi           string
 	CeyeDomain        string
 	Retries           int    // Retries is the number of retries for the port
@@ -88,6 +90,8 @@ func ParseOptions() *Options {
 
 	createGroup(flagSet, "config", "Configuration",
 		flagSet.StringVar(&options.Proxy, "proxy", "", "HTTP Proxy, eg (http://127.0.0.1:8080|socks5://127.0.0.1:1080)"),
+		flagSet.BoolVar(&options.SkipAdminBrute, "skip-admin-brute", false, "Skip brute admin password"),
+		flagSet.StringVar(&options.LocalJndiAddress, "local-jndi", "", "Local Jndi Server and Port (eg: 8.8.8.8:1234)"),
 		flagSet.StringVar(&options.CeyeApi, "ceyeapi", "", "ceye.io api key"),
 		flagSet.StringVar(&options.CeyeDomain, "ceyedomain", "", "ceye.io subdomain"),
 		flagSet.BoolVar(&options.ScanAllIPS, "scan-all-ips", false, "Scan all the ips"),

diff --git a/pocs_go/tomcat/CVE_2020_1938.go b/pocs_go/tomcat/CVE_2020_1938.go
@@ -174,7 +174,7 @@ func makePayload(host string, port int16) []byte {
 	ajp_msg_append_int8(&payloadBuffer, 2)
 	ajp_msg_append_int8(&payloadBuffer, 2)
 	ajp_msg_append_string(&payloadBuffer, "HTTP/1.1") //protocol
-	ajp_msg_append_string(&payloadBuffer, "/vscan")   //req_uri
+	ajp_msg_append_string(&payloadBuffer, "/vtest")   //req_uri
 	ajp_msg_append_string(&payloadBuffer, host)       //remote_addr (client)
 	ajp_msg_append_string(&payloadBuffer, "")         //remote_host (client)
 	ajp_msg_append_string(&payloadBuffer, host)       //server_name (server)