From 2d145934dfcfa7984bbc572341de7ec513576420 Mon Sep 17 00:00:00 2001 From: sjanusz-r7 Date: Wed, 27 Nov 2024 16:59:40 +0000 Subject: [PATCH] Address previous TeamCity PR feedback --- lib/metasploit/framework/login_scanner/teamcity.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/metasploit/framework/login_scanner/teamcity.rb b/lib/metasploit/framework/login_scanner/teamcity.rb index 16de66898dc10..2e4dc39305b3b 100644 --- a/lib/metasploit/framework/login_scanner/teamcity.rb +++ b/lib/metasploit/framework/login_scanner/teamcity.rb @@ -209,7 +209,7 @@ def try_login(username, password, public_key, retry_counter = 0) # Currently, those building blocks are not available, so this is the approach I have implemented. timeout = res.body.match(/login only in (?\d+)s/)&.named_captures&.dig('timeout')&.to_i if timeout - framework_module.print_status "User '#{username}' locked out for #{timeout} seconds. Sleeping, and retrying..." + framework_module.print_status "#{framework_module.peer} - User '#{username}:#{password}' locked out for #{timeout} seconds. Sleeping, and retrying..." sleep(timeout + 1) # + 1 as TeamCity is off-by-one when reporting the lockout timer. result = try_login(username, password, public_key, retry_counter + 1) return result @@ -220,7 +220,11 @@ def try_login(username, password, public_key, retry_counter = 0) raise DecryptionError, 'The server failed to decrypt the encrypted password' if res.body.match?('DecryptionFailedException') raise PublicKeyExpiredError, 'The server public key has expired' if res.body.match?('publicKeyExpired') - { status: :success, proof: res } + successful_login_body = %r(^\/favorite\/projects<\/redirect><\/response>$) + return { status: :success, proof: res } if res.body.match?(successful_login_body) + + # Default to incorrect login. + { status: ::Metasploit::Model::Login::Status::INCORRECT, proof: res } end # Send a logout request for the provided user's headers.