infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Constpocalypse

bug/bundler_fix
James Lee 2014-07-03 18:49:46 -05:00
parent b7a55d402d
commit 311f43f1e4
No known key found for this signature in database
GPG Key ID: 2D6094C7CEA0A321
19 changed files with 123 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/metasploit/framework/login_scanner.rb
View File

@ -6,16 +6,25 @@ module Metasploit
# LoginScanners are the classes that provide functionality for testing
# authentication against various different protocols and mechanisms.
module LoginScanner
# Make sure Base is loaded before any of the others
require 'metasploit/framework/login_scanner/base'
# Gather a list of LoginScanner classes that can potentially be
# used for a give `service`.
#
# @note This
# @param service [Mdm::Service,#port,#name]
# @return [Array<Class>]
def self.classes_for_service(service)
unless @required
# Make sure we've required all the scanner classes
dir = File.expand_path("../login_scanner/", __FILE__)
Dir.entries(dir).each do |f|
f = File.join(dir, f)
require f if File.file?(f)
end
@required = true
end
def self.classes_for_service(service)
self.constants.map{|sym| const_get(sym)}.select do |const|
next unless const.kind_of?(Class)

7
lib/metasploit/framework/login_scanner/afp.rb
View File

@ -15,6 +15,11 @@ module Metasploit
include Metasploit::Framework::Tcp::Client
include Metasploit::Framework::AFP::Client
DEFAULT_PORT = 548
LIKELY_PORTS = [ DEFAULT_PORT ]
LIKELY_SERVICE_NAMES = [ "afp" ]
PRIVATE_TYPES = [ :password ]
# @!attribute login_timeout
# @return [Integer] Number of seconds to wait before giving up
attr_accessor :login_timeout
@ -33,7 +38,7 @@ module Metasploit
end
def set_sane_defaults
self.port = 548 if self.port.nil?
self.port = DEFAULT_PORT if self.port.nil?
self.max_send_size = 0 if self.max_send_size.nil?
self.send_delay = 0 if self.send_delay.nil?
end

4
lib/metasploit/framework/login_scanner/axis2.rb
View File

@ -9,6 +9,10 @@ module Metasploit
class Axis2 < HTTP
DEFAULT_PORT = 8080
# Inherit LIKELY_PORTS and LIKELY_SERVICE_NAMES from HTTP
CAN_GET_SESSION = true
PRIVATE_TYPES = [ :password ]
# (see Base#attempt_login)
def attempt_login(credential)

7
lib/metasploit/framework/login_scanner/db2.rb
View File

@ -13,6 +13,12 @@ module Metasploit
include Metasploit::Framework::LoginScanner::RexSocket
include Metasploit::Framework::Tcp::Client
DEFAULT_PORT = 50000
LIKELY_PORTS = [ DEFAULT_PORT ]
# @todo XXX
LIKELY_SERVICE_NAMES = [ ]
PRIVATE_TYPES = [ :password ]
# @see Base#attempt_login
def attempt_login(credential)
result_options = {
@ -88,6 +94,7 @@ module Metasploit
# This method sets the sane defaults for things
# like timeouts and TCP evasion options
def set_sane_defaults
self.port ||= DEFAULT_PORT
self.max_send_size ||= 0
self.send_delay ||= 0
self.ssl ||= false

6
lib/metasploit/framework/login_scanner/ftp.rb
View File

@ -14,6 +14,11 @@ module Metasploit
include Metasploit::Framework::LoginScanner::RexSocket
include Metasploit::Framework::Ftp::Client
DEFAULT_PORT = 21
LIKELY_PORTS = [ DEFAULT_PORT, 2121 ]
LIKELY_SERVICE_NAMES = [ 'ftp' ]
PRIVATE_TYPES = [ :password ]
# @!attribute ftp_timeout
# @return [Fixnum] The timeout in seconds to wait for a response to an FTP command
attr_accessor :ftp_timeout
@ -56,6 +61,7 @@ module Metasploit
# This method sets the sane defaults for things
# like timeouts and TCP evasion options
def set_sane_defaults
self.port = DEFAULT_PORT if self.port.nil?
self.max_send_size = 0 if self.max_send_size.nil?
self.send_delay = 0 if self.send_delay.nil?
self.ftp_timeout = 16 if self.ftp_timeout.nil?

1
lib/metasploit/framework/login_scanner/http.rb
View File

@ -14,6 +14,7 @@ module Metasploit
LIKELY_PORTS = [ 80, 443, 8000, 8080 ]
LIKELY_SERVICE_NAMES = [ 'http', 'https' ]
PRIVATE_TYPES = [ :password ]
DEFAULT_PORT = 80
DEFAULT_SSL_PORT = 443

8
lib/metasploit/framework/login_scanner/mssql.rb
View File

@ -16,6 +16,13 @@ module Metasploit
include Metasploit::Framework::LoginScanner::NTLM
include Metasploit::Framework::MSSQL::Client
# Lifted from lib/msf/core/exploit/mssql.rb
LIKELY_PORTS = [ 1433, 1434, 1435, 14330, 2533, 9152, 2638 ]
LIKELY_SERVICE_NAMES = [ 'ms-sql-s', 'ms-sql2000', 'sybase' ]
PRIVATE_TYPES = [ :password, :ntlm_hash ]
DEFUAULT_PORT = 1433
# @!attribute windows_authentication
# @return [Boolean] Whether to use Windows Authentication instead of SQL Server Auth.
attr_accessor :windows_authentication
@ -44,6 +51,7 @@ module Metasploit
private
def set_sane_defaults
self.port = DEFAULT_PORT self.port.nil?
self.max_send_size = 0 if self.max_send_size.nil?
self.send_delay = 0 if self.send_delay.nil?
self.send_lm = true if self.send_lm.nil?

6
lib/metasploit/framework/login_scanner/mysql.rb
View File

@ -15,6 +15,11 @@ module Metasploit
include Metasploit::Framework::LoginScanner::RexSocket
include Metasploit::Framework::Tcp::Client
DEFAULT_PORT = 3306
LIKELY_PORTS = [ 3306 ]
LIKELY_SERVICE_NAMES = [ 'mysql' ]
PRIVATE_TYPES = [ :password ]
def attempt_login(credential)
result_options = {
credential: credential
@ -72,6 +77,7 @@ module Metasploit
# This method sets the sane defaults for things
# like timeouts and TCP evasion options
def set_sane_defaults
self.port = DEFAULT_PORT self.port.nil?
self.max_send_size = 0 if self.max_send_size.nil?
self.send_delay = 0 if self.send_delay.nil?
end

7
lib/metasploit/framework/login_scanner/pop3.rb
View File

@ -14,6 +14,11 @@ module Metasploit
include Metasploit::Framework::LoginScanner::RexSocket
include Metasploit::Framework::Tcp::Client
DEFAULT_PORT = 110
LIKELY_PORTS = [ 110, 995 ]
LIKELY_SERVICE_NAMES = [ 'pop3', 'pop3s' ]
PRIVATE_TYPES = [ :password ]
# This method attempts a single login with a single credential against the target
# @param credential [Credential] The credential object to attempt to login with
# @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object
@ -62,9 +67,9 @@ module Metasploit
# (see Base#set_sane_defaults)
def set_sane_defaults
self.port = DEFAULT_PORT if self.port.nil?
self.max_send_size ||= 0
self.send_delay ||= 0
self.port ||= 110
end
end

10
lib/metasploit/framework/login_scanner/postgres.rb
View File

@ -11,6 +11,12 @@ module Metasploit
class Postgres
include Metasploit::Framework::LoginScanner::Base
DEFAULT_PORT = 5432
LIKELY_PORTS = [ DEFAULT_PORT ]
LIKELY_SERVICE_NAMES = [ 'postgres' ]
PRIVATE_TYPES = [ :password ]
# This method attempts a single login with a single credential against the target
# @param credential [Credential] The credential object to attmpt to login with
# @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object
@ -62,6 +68,10 @@ module Metasploit
end
end
def set_sane_defaults
self.port = DEFAULT_PORT if self.port.nil?
end
end
end
end

2
lib/metasploit/framework/login_scanner/smb.rb
View File

@ -17,8 +17,10 @@ module Metasploit
include Metasploit::Framework::LoginScanner::RexSocket
include Metasploit::Framework::LoginScanner::NTLM
CAN_GET_SESSION = true
LIKELY_PORTS = [ 139, 445 ]
LIKELY_SERVICE_NAMES = [ "smb" ]
PRIVATE_TYPES = [ :password, :ntlm_hash ]
module StatusCodes
CORRECT_CREDENTIAL_STATUS_CODES = [

6
lib/metasploit/framework/login_scanner/snmp.rb
View File

@ -11,6 +11,11 @@ module Metasploit
class SNMP
include Metasploit::Framework::LoginScanner::Base
DEFAULT_PORT = 161
LIKELY_PORTS = [ 161, 162 ]
LIKELY_SERVICE_NAMES = [ 'snmp' ]
PRIVATE_TYPES = [ :password ]
# This method attempts a single login with a single credential against the target
# @param credential [Credential] The credential object to attmpt to login with
# @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object
@ -72,6 +77,7 @@ module Metasploit
# if the user did not set it.
def set_sane_defaults
self.connection_timeout = 2 if self.connection_timeout.nil?
self.port = DEFAULT_PORT if self.port.nil?
end
# This method takes an snmp client and tests whether

7
lib/metasploit/framework/login_scanner/ssh.rb
View File

@ -15,6 +15,12 @@ module Metasploit
# CONSTANTS
#
CAN_GET_SESSION = true
DEFAULT_PORT = 22
LIKELY_PORTS = [ DEFAULT_PORT ]
LIKELY_SERVICE_NAMES = [ 'ssh' ]
PRIVATE_TYPES = [ :password ]
VERBOSITIES = [
:debug,
:info,
@ -105,6 +111,7 @@ module Metasploit
def set_sane_defaults
self.connection_timeout = 30 if self.connection_timeout.nil?
self.port = DEFAULT_PORT if self.port.nil?
self.verbosity = :fatal if self.verbosity.nil?
end

7
lib/metasploit/framework/login_scanner/ssh_key.rb
View File

@ -16,6 +16,12 @@ module Metasploit
# CONSTANTS
#
CAN_GET_SESSION = true
DEFAULT_PORT = 22
LIKELY_PORTS = [ DEFAULT_PORT ]
LIKELY_SERVICE_NAMES = [ 'ssh' ]
PRIVATE_TYPES = [ :ssh_key ]
VERBOSITIES = [
:debug,
:info,
@ -110,6 +116,7 @@ module Metasploit
end
def set_sane_defaults
self.port = DEFAULT_PORT if self.port.nil?
self.connection_timeout = 30 if self.connection_timeout.nil?
self.verbosity = :fatal if self.verbosity.nil?
end

7
lib/metasploit/framework/login_scanner/telnet.rb
View File

@ -13,6 +13,12 @@ module Metasploit
include Metasploit::Framework::LoginScanner::RexSocket
include Metasploit::Framework::Telnet::Client
CAN_GET_SESSION = true
DEFAULT_PORT = 23
LIKELY_PORTS = [ DEFAULT_PORT ]
LIKELY_SERVICE_NAMES = [ 'telnet' ]
PRIVATE_TYPES = [ :password ]
# @!attribute verbosity
# The timeout to wait for the telnet banner.
#
@ -90,6 +96,7 @@ module Metasploit
# like timeouts and TCP evasion options
def set_sane_defaults
self.max_send_size ||= 0
self.port ||= DEFAULT_PORT
self.send_delay ||= 0
self.banner_timeout ||= 25
self.telnet_timeout ||= 10

2
lib/metasploit/framework/login_scanner/tomcat.rb
View File

@ -8,7 +8,9 @@ module Metasploit
# Tomcat Manager login scanner
class Tomcat < HTTP
CAN_GET_SESSION = true
DEFAULT_PORT = 8180
PRIVATE_TYPES = [ :password ]
# (see Base#set_sane_defaults)
def set_sane_defaults

5
lib/metasploit/framework/login_scanner/vnc.rb
View File

@ -19,6 +19,10 @@ module Metasploit
# CONSTANTS
#
LIKELY_PORTS = (5900..5910).to_a
LIKELY_SERVICE_NAMES = [ 'vnc' ]
PRIVATE_TYPES = [ :password ]
# Error indicating retry should occur for UltraVNC
ULTRA_VNC_RETRY_ERROR = 'connection has been rejected'
# Error indicating retry should occur for VNC 4 Server
@ -85,6 +89,7 @@ module Metasploit
# This method sets the sane defaults for things
# like timeouts and TCP evasion options
def set_sane_defaults
self.port ||= 5900
self.max_send_size ||= 0
self.send_delay ||= 0
end

4
lib/metasploit/framework/login_scanner/winrm.rb
View File

@ -19,6 +19,8 @@ module Metasploit
# that before v1.1, the default was 443
DEFAULT_SSL_PORT = 5986
PRIVATE_TYPES = [ :password ]
validates :method, inclusion: { in: ["POST"] }
# (see Base#set_sane_defaults)
@ -30,7 +32,7 @@ module Metasploit
end
# The method *must* be "POST", so don't let the user change it
# @raise [RuntimeError]
# @raise [RuntimeError] Unconditionally
def method=(_)
raise RuntimeError, "Method must be POST for WinRM"
end

7
spec/lib/metasploit/framework/login_scanner_spec.rb
View File

@ -1,5 +1,8 @@
require 'spec_helper'
require 'metasploit/framework/login_scanner'
require 'metasploit/framework/login_scanner/http'
require 'metasploit/framework/login_scanner/smb'
require 'metasploit/framework/login_scanner/vnc'
describe Metasploit::Framework::LoginScanner do
@ -27,6 +30,7 @@ describe Metasploit::Framework::LoginScanner do
it { should include Metasploit::Framework::LoginScanner::SMB }
it { should_not include Metasploit::Framework::LoginScanner::HTTP }
it { should_not include Metasploit::Framework::LoginScanner::VNC }
end
end
@ -35,6 +39,7 @@ describe Metasploit::Framework::LoginScanner do
it { should include Metasploit::Framework::LoginScanner::HTTP }
it { should_not include Metasploit::Framework::LoginScanner::SMB }
it { should_not include Metasploit::Framework::LoginScanner::VNC }
end
[ 80, 8080, 8000, 443 ].each do |foo|
@ -42,6 +47,8 @@ describe Metasploit::Framework::LoginScanner do
let(:port) { foo }
it { should include Metasploit::Framework::LoginScanner::HTTP }
it { should include Metasploit::Framework::LoginScanner::Axis2 }
it { should include Metasploit::Framework::LoginScanner::Tomcat }
it { should_not include Metasploit::Framework::LoginScanner::SMB }
end
end