help with autologin plugin

Kinnaird McQuade's Avatar

Kinnaird McQuade

21 Jul, 2014 02:59 AM

Hello,

I am having trouble with logging into my application that I am hosting on a Virtual Machine. I am trying to run arachni on my Kali Linux installation through an internal network that is hosted on a Windows VM.

I have attached screenshots of my autologin plugin configuration and such.

Any help would be VERY VERY appreciated

Here is my log (plugin stuff is at the bottom):

2014-07-20 08:12:47 -0400 --------------------------------------------------------------------------------

ENV:

SSH_AGENT_PID: '3732'
NOKOGIRI_USE_SYSTEM_LIBRARIES: 'true'
GEM_HOME: "/usr/share/arachni/system/gems"
GPG_AGENT_INFO: "/home/user/.cache/keyring-huoDxG/gpg:0:1"
TERM: xterm
SHELL: "/bin/bash"
XDG_SESSION_COOKIE: f5456142780c4d274c52bdf35384c90c-1405852920.68133-1909757440
IRBRC: "/usr/share/arachni/bin/../system/usr/lib/ruby/.irbrc"
WINDOWID: '12582916'
GNOME_KEYRING_CONTROL: "/home/user/.cache/keyring-huoDxG"
MY_RUBY_HOME: "/usr/share/arachni/bin/../system/usr/lib/ruby"
USER: root
LD_LIBRARY_PATH: "/usr/share/arachni/bin/../system/usr/lib"
LS_COLORS: 'rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.axa=00;36:*.oga=00;36:*.spx=00;36:*.xspf=00;36:'
SSH_AUTH_SOCK: "/home/user/.cache/keyring-huoDxG/ssh"
SESSION_MANAGER: local/kali:@/tmp/.ICE-unix/3673,unix/kali:/tmp/.ICE-unix/3673
USERNAME: user
MAIL: "/var/mail/root"
DESKTOP_SESSION: default
PATH: "/usr/share/arachni/system/gems/bin:/usr/share/arachni/bin/../system/../bin:/usr/share/arachni/bin/../system/usr/bin:/usr/share/arachni/bin/../system/gems/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
PWD: "/usr/share/arachni/bin"
ARACHNI_WEBUI_LOGDIR: "/usr/share/arachni/bin/../system/logs/webui"
LANG: en_US.UTF-8
GNOME_KEYRING_PID: '3655'
GDM_LANG: en_US.utf8
ARACHNI_FRAMEWORK_LOGDIR: "/usr/share/arachni/bin/../system/logs/framework"
GDMSESSION: default
HOME: "/root"
SHLVL: '3'
RAILS_ENV: production
GNOME_DESKTOP_SESSION_ID: this-is-deprecated
DYLD_LIBRARY_PATH: "/usr/share/arachni/bin/../system/usr/lib:"
LOGNAME: root
GEM_PATH: "/usr/share/arachni/bin/../system/gems"
DBUS_SESSION_BUS_ADDRESS: unix:abstract=/tmp/dbus-3iUwPJGakm,guid=d20b80e414fb64300f19ee9753cb9cdb
XDG_DATA_DIRS: "/usr/share/gnome:/usr/local/share/:/usr/share/"
WINDOWPATH: '7'
DISPLAY: ":0.0"
RUBYLIB: "/usr/share/arachni/system/gems/gems/bundler-1.5.1/lib:/usr/share/arachni/bin/../system/usr/lib/ruby:/usr/share/arachni/bin/../system/usr/lib/ruby/site_ruby/1.9.1:/usr/share/arachni/bin/../system/usr/lib/ruby/1.9.1:/usr/share/arachni/bin/../system/usr/lib/ruby/1.9.1/i686-linux:/usr/share/arachni/bin/../system/usr/lib/ruby/site_ruby/1.9.1/i686-linux"
RUBY_VERSION: ruby-1.9.3-p448
COLORTERM: gnome-terminal
XAUTHORITY: "/var/run/gdm3/auth-for-user-E9N9d1/database"
RACK_ENV: development
BUNDLE_GEMFILE: "/usr/share/arachni/system/arachni-ui-web/Gemfile"
ORIGINAL_GEM_PATH: "/usr/share/arachni/bin/../system/gems"
BUNDLE_BIN
PATH: "/usr/share/arachni/system/gems/gems/bundler-1.5.1/bin/bundle"

RUBYOPT: "-rbundler/setup"

OPTIONS:
--- !ruby/object:Arachni::Options dir:
root: "/usr/share/arachni/system/gems/gems/arachni-0.4.6/" gfx: "/usr/share/arachni/system/gems/gems/arachni-0.4.6/gfx/" conf: "/usr/share/arachni/system/gems/gems/arachni-0.4.6/conf/" logs: "/usr/share/arachni/bin/../system/logs/framework/" data: "/usr/share/arachni/system/gems/gems/arachni-0.4.6/data/" modules: "/usr/share/arachni/system/gems/gems/arachni-0.4.6/modules/" reports: "/usr/share/arachni/system/gems/gems/arachni-0.4.6/reports/" plugins: "/usr/share/arachni/system/gems/gems/arachni-0.4.6/plugins/" rpcd_handlers: "/usr/share/arachni/system/gems/gems/arachni-0.4.6/rpcd_handlers/" path_extractors: "/usr/share/arachni/system/gems/gems/arachni-0.4.6/path_extractors/" fingerprinters: "/usr/share/arachni/system/gems/gems/arachni-0.4.6/fingerprinters/" lib: "/usr/share/arachni/system/gems/gems/arachni-0.4.6/lib/arachni/" support: "/usr/share/arachni/system/gems/gems/arachni-0.4.6/lib/arachni/support/" mixins: "/usr/share/arachni/system/gems/gems/arachni-0.4.6/lib/arachni/mixins/" arachni: "/usr/share/arachni/system/gems/gems/arachni-0.4.6/lib/arachni" user_agent: Arachni/v0.4.6
http_timeout: 50000
datastore:
:token: a61a293f1fb2a91b471d3599df3154fcbfb226f839a70911727da43e86890b76 redundant: {}
grid_mode:
https_only: false
obey_robots_txt: false
fuzz_methods: true
audit_cookies_extensively: true
exclude_binaries: false
auto_redundant:
depth_limit:
link_count_limit:
redirect_limit: 20
lsmod: []
lsrep: []
http_req_limit: 20
http_queue_size: 500
http_username: [email blocked]
http_password: '1234'
mods:
- file_inclusion - path_traversal - rfi - source_code_disclosure - allowed_methods - backdoors - backup_files - captcha - common_directories - common_files - credit_card - cvs_svn_users - directory_listing - emails - form_upload - htaccess_limit - html_objects - http_only_cookies - http_put - insecure_cookies - interesting_responses - localstart_asp - mixed_resource - password_autocomplete - private_ip - ssn - unencrypted_password_forms - webdav - x_forwarded_for_access_restriction_bypass - xst reports: {}
exclude: []
exclude_pages: []
exclude_cookies: []
exclude_vectors: []
include: []
lsplug: []
plugins:
autologin: url: http://192.168.85.130:8080/dukes-store/admin/index.xhtml params: "(username=[email blocked]&password=1234)" check: Log Out rpc_instance_port_range:
- 1025 - 65535 load_profile: []
restrict_paths: []
extend_paths: []
custom_headers: {}
min_pages_per_instance: 30
max_slaves: 10
no_fingerprinting: false
platforms: []
spawns: 0
rpc_address: localhost
rpc_port: 48371
audit_links: true
audit_forms: true
audit_cookies: true
audit_headers: true
follow_subdomains: true
login_check_url: http://192.168.85.130:8080/dukes-store/admin/
login_check_pattern: Log Out
url: http://192.168.85.130:8080/dukes-store/
start_datetime: 2014-07-20 08:12:44.292427287 -04:00
delta_time: 3.352789849
cookies:
- !ruby/object:Arachni::Element::Cookie raw: name: JSESSIONID value: 6cf616a147568682b40185f015d4 version: 0 port: discard: comment_url: expires: max_age: comment: secure: path: "/dukes-store" domain: 192.168.85.130 httponly: true url: http://192.168.85.130:8080/dukes-store/admin/index.xhtml hash: -709506641 opts: {} action: http://192.168.85.130:8080/dukes-store/admin/index.xhtml method: get auditable: JSESSIONID: 6cf616a147568682b40185f015d4 orig: JSESSIONID: 6cf616a147568682b40185f015d4

auditor:

[2014-07-20 08:12:47 -0400] AutoLogin: Could not find a form suiting the provided params at: http://192.168.85.130:8080/dukes-store/admin/index.xhtml

  1. Support Staff 1 Posted by Tasos Laskos on 05 Aug, 2014 01:43 PM

    Tasos Laskos's Avatar

    Hi there, apologies for the very late reply, your post got picked up by the portal's spam filter for some reason.

    As for your issue, I see that you've enclosed the form parameters in parenthesis, that's not necessary and is probably the issue.

    Let me know hot it worked.

    Cheers

  2. Tasos Laskos closed this discussion on 05 Nov, 2014 04:06 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac