From 1129e443c2340096a22b2a6f5d0766dab76d710e Mon Sep 17 00:00:00 2001
From: "Imran E. Dawoodjee" <imrandawoodjee.infosec@gmail.com>
Date: Tue, 9 Apr 2024 16:02:46 +0800
Subject: [PATCH 1/2] Modularise the Softing login lib file

---
 .../framework/login_scanner/softing_sis.rb    | 42 ++++++++++++++-----
 1 file changed, 31 insertions(+), 11 deletions(-)

diff --git a/lib/metasploit/framework/login_scanner/softing_sis.rb b/lib/metasploit/framework/login_scanner/softing_sis.rb
index 001ed91df782..4dc16400ea2c 100644
--- a/lib/metasploit/framework/login_scanner/softing_sis.rb
+++ b/lib/metasploit/framework/login_scanner/softing_sis.rb
@@ -34,17 +34,11 @@ def check_setup
           false
         end
 
-        # the actual login method, called by #attempt_login
+        # get the authentication token
         #
-        # @param user [String] The username to try
-        # @param pass [String] The password to try
-        # @return [Hash]
-        #   * status [Metasploit::Model::Login::Status]
-        #   * proof [String] the HTTP response body
-        def do_login(user, pass)
-          # prep the data needed for login
-          protocol = ssl ? 'https' : 'http'
-          # attempt to get an authentication token
+        # @param user [String] The username
+        # @return [String] The authentication token
+        def get_auth_token(user)
           auth_token_uri = normalize_uri("#{uri}/runtime/core/user/#{user}/authentication-token")
 
           # send the request to get an authentication token
@@ -79,9 +73,35 @@ def do_login(user, pass)
             return { status: LOGIN_STATUS::INCORRECT, proof: auth_res.body.to_s }
           end
 
+          auth_token
+        end
+
+        # generate a signature from the authentication token, username, and password
+        #
+        # @param auth_token [String] The authentication token retrieved by calling get_auth_token
+        # @param user [String] The username
+        # @param pass [String] The password
+        # @return [String] A hexadecimal string representation of the signature
+        def generate_signature(auth_token, user, pass)
+          Digest::MD5.hexdigest(auth_token + pass + auth_token + user + auth_token)
+        end
+
+        # the actual login method, called by #attempt_login
+        #
+        # @param user [String] The username to try
+        # @param pass [String] The password to try
+        # @return [Hash]
+        #   * status [Metasploit::Model::Login::Status]
+        #   * proof [String] the HTTP response body
+        def do_login(user, pass)
+          # prep the data needed for login
+          protocol = ssl ? 'https' : 'http'
+          # attempt to get an authentication token
+          auth_token = get_auth_token(user)
+
           login_uri = normalize_uri("#{uri}/runtime/core/user/#{user}/authentication")
           # calculate signature to use when logging in
-          signature = Digest::MD5.hexdigest(auth_token + pass + auth_token + user + auth_token)
+          signature = generate_signature(auth_token, user, pass)
           # GET parameters for login
           vars_get = {
             'Signature' => signature,

From 402614180983bd514ce57f6fa6297ea0347538b8 Mon Sep 17 00:00:00 2001
From: "Imran E. Dawoodjee" <imrandawoodjee.infosec@gmail.com>
Date: Fri, 12 Apr 2024 07:14:34 +0800
Subject: [PATCH 2/2] Change how `#get_auth_token` returns

---
 .../framework/login_scanner/softing_sis.rb       | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/lib/metasploit/framework/login_scanner/softing_sis.rb b/lib/metasploit/framework/login_scanner/softing_sis.rb
index 4dc16400ea2c..f2b096f77dc3 100644
--- a/lib/metasploit/framework/login_scanner/softing_sis.rb
+++ b/lib/metasploit/framework/login_scanner/softing_sis.rb
@@ -37,7 +37,9 @@ def check_setup
         # get the authentication token
         #
         # @param user [String] The username
-        # @return [String] The authentication token
+        # @return [Hash]
+        #   * status [Metasploit::Model::Login::Status]
+        #   * proof [String] the authentication token 
         def get_auth_token(user)
           auth_token_uri = normalize_uri("#{uri}/runtime/core/user/#{user}/authentication-token")
 
@@ -73,7 +75,7 @@ def get_auth_token(user)
             return { status: LOGIN_STATUS::INCORRECT, proof: auth_res.body.to_s }
           end
 
-          auth_token
+          { status: LOGIN_STATUS::SUCCESSFUL, proof: auth_token }
         end
 
         # generate a signature from the authentication token, username, and password
@@ -97,8 +99,16 @@ def do_login(user, pass)
           # prep the data needed for login
           protocol = ssl ? 'https' : 'http'
           # attempt to get an authentication token
-          auth_token = get_auth_token(user)
+          auth_token_res = get_auth_token(user)
+          # get_auth_token always returns a hash - check that status is SUCCESSFUL
+          # if not, just return as it is
+          unless auth_token_res[:status] == LOGIN_STATUS::SUCCESSFUL
+            return auth_token_res
+          end
 
+          # extract the authentication token from the hash
+          auth_token = auth_token_res[:proof]
+          
           login_uri = normalize_uri("#{uri}/runtime/core/user/#{user}/authentication")
           # calculate signature to use when logging in
           signature = generate_signature(auth_token, user, pass)