Closed 0xInfection closed 1 year ago
First of all thank you for the tool!
I've been playing around with this tool for sometime and apparently the ews module results in false positives due to the flawed logic inside it.
ews
if resp.status_code != 401: data_response['result'] = "success" data_response['output'] = f"[+] SUCCESS: {username}:{password}" data_response['valid_user'] = True elif resp.status_code == 500: data_response['output'] = f"[*] POTENTIAL: Found credentials, but server returned 500: {username}:{password}" data_response['result'] = "potential" data_response['valid_user'] = True elif resp.status_code == 504: data_response['output'] = f"[*] POTENTIAL: Found credentials, but server returned 504: {username}:{password}" data_response['result'] = "potential" data_response['valid_user'] = True else: data_response['result'] = "failure" data_response['output'] = f"[-] FAILURE: {username}:{password}"
The first condition of the if statement apparently would not allow checking for the remaining elif since 500 != 401 (if resp.status_code is 500).
if
elif
500 != 401
resp.status_code
500
Hence it would always result in a SUCCESS message.
SUCCESS
MR'ing within 10.
0xInfection
commented
1 year ago 0xInfection
commented
1 year ago
First of all thank you for the tool!
I've been playing around with this tool for sometime and apparently the
ewsmodule results in false positives due to the flawed logic inside it.The first condition of the
ifstatement apparently would not allow checking for the remainingelifsince500 != 401(ifresp.status_codeis500).Hence it would always result in a
SUCCESSmessage.