metasploit-framework/modules/auxiliary/scanner/postgres/postgres_version.rb

##
# $Id$
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#   http://metasploit.com/
##

require 'msf/core'


class Metasploit3 < Msf::Auxiliary

	include Msf::Exploit::Remote::Postgres
	include Msf::Auxiliary::Scanner
	include Msf::Auxiliary::Report

	# Creates an instance of this module.
	def initialize(info = {})
		super(update_info(info,
			'Name'           => 'PostgreSQL Version Probe',
			'Description'    => %q{
				Enumerates the verion of PostgreSQL servers.
			},
			'Author'         => [ 'todb' ],
			'License'        => MSF_LICENSE,
			'References'     =>
				[
					[ 'URL', 'http://www.postgresql.org' ]
				],
			'Version'        => '$Revision$' # 2009-02-05
		))

		register_options([ ], self.class) # None needed.

		deregister_options('SQL', 'RETURN_ROWSET')
	end

	# Loops through each host in turn. Note the current IP address is both
	# ip and datastore['RHOST']
	def run_host(ip)
		user = datastore['USERNAME']
		pass = postgres_password
		do_fingerprint(user,pass,datastore['DATABASE'])
	end

	# Alias for RHOST
	def rhost
		datastore['RHOST']
	end

	# Alias for RPORT
	def rport
		datastore['RPORT']
	end

	def do_fingerprint(user=nil,pass=nil,database=nil)
		begin
			msg = "#{rhost}:#{rport} Postgres -"
			password = pass || postgres_password
			vprint_status("#{msg} Trying username:'#{user}' with password:'#{password}' against #{rhost}:#{rport} on database '#{database}'")
			result = postgres_fingerprint(
				:db => database,
				:username => user,
				:password => password
			)
			if result[:auth]
				vprint_good "#{rhost}:#{rport} Postgres - Logged in to '#{database}' with '#{user}':'#{password}'"
				print_status "#{rhost}:#{rport} Postgres - Version #{result[:auth]} (Post-Auth)"
			elsif result[:preauth]
				print_status "#{rhost}:#{rport} Postgres - Version #{result[:preauth]} (Pre-Auth)"
			else # It's something we don't know yet
				vprint_status "#{rhost}:#{rport} Postgres - Authentication Error Fingerprint: #{result[:unknown]}"
				print_status "#{rhost}:#{rport} Postgres - Version Unknown (Pre-Auth)"
			end

			# Reporting

			report_service(
				:host => rhost,
				:port => rport,
				:name => "postgres",
				:info => result.values.first
			)

			if self.postgres_conn
				report_auth_info(
					:host => rhost,
					:port => rport,
					:sname => "postgres",
					:user => user,
					:pass => password,
					:active => true
				)
			end

			if result[:unknown]
				report_note(
					:host => rhost,
					:proto => 'tcp',
					:sname => 'postgres',
					:port => rport,
					:ntype => 'postgresql.fingerprint',
					:data => "Unknown Pre-Auth fingerprint: #{result[:unknown]}"
				)
			end

			# Logout

			postgres_logout

		rescue Rex::ConnectionError
			vprint_error "#{rhost}:#{rport} Connection Error: #{$!}"
			return :done
		end

	end

end
Fixes #811 by implementing an enumerator for PostgreSQL. git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-05 15:20:59 +00:00			`##`
			`# $Id$`
			`##`

			`##`
			`# This file is part of the Metasploit Framework and may be subject to`
			`# redistribution and commercial restrictions. Please see the Metasploit`
Fix up the boilerplate comment to use a better url 2012-02-21 01:40:50 +00:00			`# web site for more information on licensing and terms of use.`
			`# http://metasploit.com/`
Fixes #811 by implementing an enumerator for PostgreSQL. git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-05 15:20:59 +00:00			`##`

			`require 'msf/core'`


			`class Metasploit3 < Msf::Auxiliary`

			`include Msf::Exploit::Remote::Postgres`
			`include Msf::Auxiliary::Scanner`
			`include Msf::Auxiliary::Report`
Fix typo in title. Thanks ragecyr! git-svn-id: file:///home/svn/framework3/trunk@8961 4d416f70-5f16-0410-b530-b9f4589650da 2010-03-30 17:57:22 +00:00
Fixes #811 by implementing an enumerator for PostgreSQL. git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-05 15:20:59 +00:00			`# Creates an instance of this module.`
			`def initialize(info = {})`
			`super(update_info(info,`
Fix typo in title. Thanks ragecyr! git-svn-id: file:///home/svn/framework3/trunk@8961 4d416f70-5f16-0410-b530-b9f4589650da 2010-03-30 17:57:22 +00:00			`'Name' => 'PostgreSQL Version Probe',`
Fixes #811 by implementing an enumerator for PostgreSQL. git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-05 15:20:59 +00:00			`'Description' => %q{`
			`Enumerates the verion of PostgreSQL servers.`
			`},`
			`'Author' => [ 'todb' ],`
			`'License' => MSF_LICENSE,`
			`'References' =>`
			`[`
Fix URL reference git-svn-id: file:///home/svn/framework3/trunk@13329 4d416f70-5f16-0410-b530-b9f4589650da 2011-07-24 19:36:37 +00:00			`[ 'URL', 'http://www.postgresql.org' ]`
Fixes #811 by implementing an enumerator for PostgreSQL. git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-05 15:20:59 +00:00			`],`
			`'Version' => '$Revision$' # 2009-02-05`
			`))`

			`register_options([ ], self.class) # None needed.`

			`deregister_options('SQL', 'RETURN_ROWSET')`
			`end`

			`# Loops through each host in turn. Note the current IP address is both`
			`# ip and datastore['RHOST']`
			`def run_host(ip)`
			`user = datastore['USERNAME']`
			`pass = postgres_password`
Clean up some incosistent verbosity Modules should use `vprint_*` instead of `print... if datastore["VERBOSE"]` or similar constructs 2012-03-06 19:01:20 +00:00			`do_fingerprint(user,pass,datastore['DATABASE'])`
Fixes #811 by implementing an enumerator for PostgreSQL. git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-05 15:20:59 +00:00			`end`

			`# Alias for RHOST`
			`def rhost`
			`datastore['RHOST']`
			`end`

Fix typo in title. Thanks ragecyr! git-svn-id: file:///home/svn/framework3/trunk@8961 4d416f70-5f16-0410-b530-b9f4589650da 2010-03-30 17:57:22 +00:00			`# Alias for RPORT`
Fixes #811 by implementing an enumerator for PostgreSQL. git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-05 15:20:59 +00:00			`def rport`
			`datastore['RPORT']`
			`end`

Clean up some incosistent verbosity Modules should use `vprint_*` instead of `print... if datastore["VERBOSE"]` or similar constructs 2012-03-06 19:01:20 +00:00			`def do_fingerprint(user=nil,pass=nil,database=nil)`
Fixes #811 by implementing an enumerator for PostgreSQL. git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-05 15:20:59 +00:00			`begin`
Indentation fixes (wrapping everything in a begin;rescue;end, didn't want to obfuscate that with the last change). git-svn-id: file:///home/svn/framework3/trunk@8522 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-16 18:09:51 +00:00			`msg = "#{rhost}:#{rport} Postgres -"`
			`password = pass \|\| postgres_password`
Clean up some incosistent verbosity Modules should use `vprint_*` instead of `print... if datastore["VERBOSE"]` or similar constructs 2012-03-06 19:01:20 +00:00			`vprint_status("#{msg} Trying username:'#{user}' with password:'#{password}' against #{rhost}:#{rport} on database '#{database}'")`
Indentation fixes (wrapping everything in a begin;rescue;end, didn't want to obfuscate that with the last change). git-svn-id: file:///home/svn/framework3/trunk@8522 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-16 18:09:51 +00:00			`result = postgres_fingerprint(`
			`:db => database,`
			`:username => user,`
			`:password => password`
Fixes #811 by implementing an enumerator for PostgreSQL. git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-05 15:20:59 +00:00			`)`
Indentation fixes (wrapping everything in a begin;rescue;end, didn't want to obfuscate that with the last change). git-svn-id: file:///home/svn/framework3/trunk@8522 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-16 18:09:51 +00:00			`if result[:auth]`
Clean up some incosistent verbosity Modules should use `vprint_*` instead of `print... if datastore["VERBOSE"]` or similar constructs 2012-03-06 19:01:20 +00:00			`vprint_good "#{rhost}:#{rport} Postgres - Logged in to '#{database}' with '#{user}':'#{password}'"`
Making postgres_version more subdued in its successful fingerprint reporting with print_status instead of print_good, since other fingerprinting modules use print_status for the most part. git-svn-id: file:///home/svn/framework3/trunk@10313 4d416f70-5f16-0410-b530-b9f4589650da 2010-09-14 14:43:56 +00:00			`print_status "#{rhost}:#{rport} Postgres - Version #{result[:auth]} (Post-Auth)"`
Indentation fixes (wrapping everything in a begin;rescue;end, didn't want to obfuscate that with the last change). git-svn-id: file:///home/svn/framework3/trunk@8522 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-16 18:09:51 +00:00			`elsif result[:preauth]`
Making postgres_version more subdued in its successful fingerprint reporting with print_status instead of print_good, since other fingerprinting modules use print_status for the most part. git-svn-id: file:///home/svn/framework3/trunk@10313 4d416f70-5f16-0410-b530-b9f4589650da 2010-09-14 14:43:56 +00:00			`print_status "#{rhost}:#{rport} Postgres - Version #{result[:preauth]} (Pre-Auth)"`
Indentation fixes (wrapping everything in a begin;rescue;end, didn't want to obfuscate that with the last change). git-svn-id: file:///home/svn/framework3/trunk@8522 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-16 18:09:51 +00:00			`else # It's something we don't know yet`
These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE'] 2012-01-30 19:08:35 +00:00			`vprint_status "#{rhost}:#{rport} Postgres - Authentication Error Fingerprint: #{result[:unknown]}"`
Making postgres_version more subdued in its successful fingerprint reporting with print_status instead of print_good, since other fingerprinting modules use print_status for the most part. git-svn-id: file:///home/svn/framework3/trunk@10313 4d416f70-5f16-0410-b530-b9f4589650da 2010-09-14 14:43:56 +00:00			`print_status "#{rhost}:#{rport} Postgres - Version Unknown (Pre-Auth)"`
Indentation fixes (wrapping everything in a begin;rescue;end, didn't want to obfuscate that with the last change). git-svn-id: file:///home/svn/framework3/trunk@8522 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-16 18:09:51 +00:00			`end`

			`# Reporting`

			`report_service(`
Fixes #811 by implementing an enumerator for PostgreSQL. git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-05 15:20:59 +00:00			`:host => rhost,`
			`:port => rport,`
Indentation fixes (wrapping everything in a begin;rescue;end, didn't want to obfuscate that with the last change). git-svn-id: file:///home/svn/framework3/trunk@8522 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-16 18:09:51 +00:00			`:name => "postgres",`
			`:info => result.values.first`
Fixes #811 by implementing an enumerator for PostgreSQL. git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-05 15:20:59 +00:00			`)`

Indentation fixes (wrapping everything in a begin;rescue;end, didn't want to obfuscate that with the last change). git-svn-id: file:///home/svn/framework3/trunk@8522 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-16 18:09:51 +00:00			`if self.postgres_conn`
			`report_auth_info(`
			`:host => rhost,`
Fixes #2412. Adds a creds table, modifies the db_report_auth API, adds the db_creds and db_add_cred commands. git-svn-id: file:///home/svn/framework3/trunk@10034 4d416f70-5f16-0410-b530-b9f4589650da 2010-08-18 00:58:20 +00:00			`:port => rport,`
			`:sname => "postgres",`
Indentation fixes (wrapping everything in a begin;rescue;end, didn't want to obfuscate that with the last change). git-svn-id: file:///home/svn/framework3/trunk@8522 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-16 18:09:51 +00:00			`:user => user,`
			`:pass => password,`
Fixes #2412. Adds a creds table, modifies the db_report_auth API, adds the db_creds and db_add_cred commands. git-svn-id: file:///home/svn/framework3/trunk@10034 4d416f70-5f16-0410-b530-b9f4589650da 2010-08-18 00:58:20 +00:00			`:active => true`
Indentation fixes (wrapping everything in a begin;rescue;end, didn't want to obfuscate that with the last change). git-svn-id: file:///home/svn/framework3/trunk@8522 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-16 18:09:51 +00:00			`)`
			`end`

			`if result[:unknown]`
			`report_note(`
			`:host => rhost,`
Fixes #3655. Subbed out all the :proto's that were really :snames for all the note reporting. This was getting caught anyway in most cases, but it's better to have the modules themselves actually be correct for future copy-pasters. git-svn-id: file:///home/svn/framework3/trunk@11707 4d416f70-5f16-0410-b530-b9f4589650da 2011-02-04 01:54:32 +00:00			`:proto => 'tcp',`
style compliance fixes, naughty naughty git-svn-id: file:///home/svn/framework3/trunk@11796 4d416f70-5f16-0410-b530-b9f4589650da 2011-02-22 20:49:44 +00:00			`:sname => 'postgres',`
Indentation fixes (wrapping everything in a begin;rescue;end, didn't want to obfuscate that with the last change). git-svn-id: file:///home/svn/framework3/trunk@8522 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-16 18:09:51 +00:00			`:port => rport,`
Add the missing note type git-svn-id: file:///home/svn/framework3/trunk@12840 4d416f70-5f16-0410-b530-b9f4589650da 2011-06-03 00:49:45 +00:00			`:ntype => 'postgresql.fingerprint',`
Indentation fixes (wrapping everything in a begin;rescue;end, didn't want to obfuscate that with the last change). git-svn-id: file:///home/svn/framework3/trunk@8522 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-16 18:09:51 +00:00			`:data => "Unknown Pre-Auth fingerprint: #{result[:unknown]}"`
			`)`
			`end`

			`# Logout`

			`postgres_logout`
Fixes #811 by implementing an enumerator for PostgreSQL. git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-05 15:20:59 +00:00
Fixes #808. Removes the pre-connect test from login and version. git-svn-id: file:///home/svn/framework3/trunk@8521 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-16 18:05:51 +00:00			`rescue Rex::ConnectionError`
These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE'] 2012-01-30 19:08:35 +00:00			`vprint_error "#{rhost}:#{rport} Connection Error: #{$!}"`
Fixes #808. Removes the pre-connect test from login and version. git-svn-id: file:///home/svn/framework3/trunk@8521 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-16 18:05:51 +00:00			`return :done`
			`end`

Fixes #811 by implementing an enumerator for PostgreSQL. git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-05 15:20:59 +00:00			`end`

			`end`