Add pop3/imap4 scanners

git-svn-id: file:///home/svn/framework3/trunk@8664 4d416f70-5f16-0410-b530-b9f4589650da
unstable
HD Moore 2010-02-26 19:06:26 +00:00
parent 5a89952606
commit 304a238d3e
4 changed files with 92 additions and 13 deletions

View File

@ -11,7 +11,7 @@ require 'msf/core/exploit/tcp'
module Exploit::Remote::Imap
include Exploit::Remote::Tcp
#
# Creates an instance of an IMAP exploit module.
#
@ -34,21 +34,17 @@ module Exploit::Remote::Imap
# message is read in and stored in the 'banner' attribute.
#
def connect(global = true)
print_status("Connecting to IMAP server #{rhost}:#{rport}...")
fd = super
# Wait for a banner to arrive...
self.banner = fd.get_once
print_status("Connected to target IMAP server.")
# Wait for a banner to arrive...
self.banner = fd.get_once(-1, 30)
# Return the file descriptor to the caller
fd
end
#
# Connect and login to the remote IMAP server using the credentials
# Connect and login to the remote IMAP server using the credentials
# that have been supplied in the exploit options.
#
def connect_login(global = true)
@ -62,7 +58,7 @@ module Exploit::Remote::Imap
print_status("Authenticating as #{user} with password #{pass}...")
res = raw_send_recv("a001 LOGIN #{user} #{pass}\r\n")
if (res !~ /^a001 OK/)
print_status("Authentication failed")
return false
@ -80,7 +76,7 @@ module Exploit::Remote::Imap
nsock.get_once
end
##
#
# Wrappers for getters
@ -111,4 +107,5 @@ protected
end
end
end

View File

@ -0,0 +1,39 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Imap
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Report
def initialize
super(
'Name' => 'IMAP4 Banner Grabber',
'Version' => '$Revision$',
'Description' => 'IMAP4 Banner Grabber',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
end
def run_host(ip)
begin
res = connect
banner_sanitized = banner.to_s.gsub(/[\x00-\x19\x7f-\xff]/) { |s| "\\x%02x" % s[0,1].unpack("C")[0] }
print_status("#{ip}:#{rport} IMAP #{banner_sanitized}")
report_service(:host => rhost, :port => rport, :name => "imap", :info => banner)
rescue ::Rex::ConnectionError
rescue ::Exception => e
print_error("#{rhost}:#{rport} #{e} #{e.backtrace}")
end
end
end

View File

@ -0,0 +1,43 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Report
def initialize
super(
'Name' => 'POP3 Banner Grabber',
'Version' => '$Revision$',
'Description' => 'POP3 Banner Grabber',
'Author' => 'hdm',
'License' => MSF_LICENSE
)
register_options([
Opt::RPORT(110)
], self.class)
end
def run_host(ip)
begin
res = connect
banner = sock.get_once(-1, 30)
banner_sanitized = banner.to_s.gsub(/[\x00-\x19\x7f-\xff]/) { |s| "\\x%02x" % s[0,1].unpack("C")[0] }
print_status("#{ip}:#{rport} POP3 #{banner_sanitized}")
report_service(:host => rhost, :port => rport, :name => "pop3", :info => banner)
rescue ::Rex::ConnectionError
rescue ::Exception => e
print_error("#{rhost}:#{rport} #{e} #{e.backtrace}")
end
end
end

View File

@ -16,7 +16,7 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'SMTP Banner Grabber',
'Version' => '',
'Version' => '$Revision$',
'Description' => 'SMTP Banner Grabber',
'References' =>
[