David Maloney
parent
6b52da2901
commit
74d376e387
|
|
@ -5,7 +5,8 @@
|
|||
|
||||
|
||||
require 'msf/core'
|
||||
|
||||
require 'metasploit/framework/credential_collection'
|
||||
require 'metasploit/framework/login_scanner/db2'
|
||||
|
||||
class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
|
|
@ -40,44 +41,71 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def run_host(ip)
|
||||
each_user_pass { |user, pass|
|
||||
do_login(user,pass,datastore['DATABASE'])
|
||||
cred_collection = Metasploit::Framework::CredentialCollection.new(
|
||||
blank_passwords: datastore['BLANK_PASSWORDS'],
|
||||
pass_file: datastore['PASS_FILE'],
|
||||
password: datastore['PASSWORD'],
|
||||
user_file: datastore['USER_FILE'],
|
||||
userpass_file: datastore['USERPASS_FILE'],
|
||||
username: datastore['USERNAME'],
|
||||
user_as_pass: datastore['USER_AS_PASS'],
|
||||
realm: datastore['DATABASE']
|
||||
)
|
||||
|
||||
scanner = Metasploit::Framework::LoginScanner::DB2.new(
|
||||
host: ip,
|
||||
port: rport,
|
||||
proxies: datastore['PROXIES'],
|
||||
cred_details: cred_collection,
|
||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||
connection_timeout: 30
|
||||
)
|
||||
|
||||
service_data = {
|
||||
address: ip,
|
||||
port: rport,
|
||||
service_name: 'db2',
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
scanner.scan! do |result|
|
||||
if result.success?
|
||||
credential_data = {
|
||||
module_fullname: self.fullname,
|
||||
origin_type: :service,
|
||||
private_data: result.credential.private,
|
||||
private_type: :password,
|
||||
realm_key: Metasploit::Credential::Realm::Key::DB2_DATABASE,
|
||||
realm_value: result.credential.realm,
|
||||
username: result.credential.public
|
||||
}
|
||||
credential_data.merge!(service_data)
|
||||
|
||||
credential_core = create_credential(credential_data)
|
||||
|
||||
login_data = {
|
||||
core: credential_core,
|
||||
last_attempted_at: DateTime.now,
|
||||
status: Metasploit::Credential::Login::Status::SUCCESSFUL
|
||||
}
|
||||
login_data.merge!(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}"
|
||||
else
|
||||
invalidate_login(
|
||||
address: ip,
|
||||
port: rport,
|
||||
protocol: 'tcp',
|
||||
public: result.credential.public,
|
||||
private: result.credential.private,
|
||||
realm_key: Metasploit::Credential::Realm::Key::DB2_DATABASE,
|
||||
realm_value: result.credential.realm,
|
||||
status: result.status)
|
||||
print_status "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def do_login(user=nil,pass=nil,db=nil)
|
||||
datastore['USERNAME'] = user
|
||||
datastore['PASSWORD'] = pass
|
||||
vprint_status("#{rhost}:#{rport} - DB2 - Trying username:'#{user}' with password:'#{pass}'")
|
||||
|
||||
begin
|
||||
info = db2_check_login
|
||||
rescue ::Rex::ConnectionError
|
||||
vprint_error("#{rhost}:#{rport} : Unable to attempt authentication")
|
||||
return :abort
|
||||
rescue ::Rex::Proto::DRDA::RespError => e
|
||||
vprint_error("#{rhost}:#{rport} : Error in connecting to DB2 instance: #{e}")
|
||||
return :abort
|
||||
end
|
||||
|
||||
disconnect
|
||||
|
||||
if info[:db_login_success]
|
||||
print_good("#{rhost}:#{rport} - DB2 - successful login for '#{user}' : '#{pass}' against database '#{db}'")
|
||||
# Report credentials
|
||||
report_auth_info(
|
||||
:host => rhost,
|
||||
:port => rport,
|
||||
:sname => "db2",
|
||||
:user => "#{db}/#{user}",
|
||||
:pass => pass,
|
||||
:active => true
|
||||
)
|
||||
return :next_user
|
||||
else
|
||||
vprint_error("#{rhost}:#{rport} - DB2 - failed login for '#{user}' : '#{pass}' against database '#{db}'")
|
||||
return :fail
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue