From 74d376e387d12d7e94c70ecba0fc1f12e3510b4c Mon Sep 17 00:00:00 2001 From: David Maloney Date: Tue, 10 Jun 2014 13:43:07 -0500 Subject: [PATCH] refactor db2_auth module you know what it is --- modules/auxiliary/scanner/db2/db2_auth.rb | 104 ++++++++++++++-------- 1 file changed, 66 insertions(+), 38 deletions(-) diff --git a/modules/auxiliary/scanner/db2/db2_auth.rb b/modules/auxiliary/scanner/db2/db2_auth.rb index 0ba46d6973..2052f5c851 100644 --- a/modules/auxiliary/scanner/db2/db2_auth.rb +++ b/modules/auxiliary/scanner/db2/db2_auth.rb @@ -5,7 +5,8 @@ require 'msf/core' - +require 'metasploit/framework/credential_collection' +require 'metasploit/framework/login_scanner/db2' class Metasploit3 < Msf::Auxiliary @@ -40,44 +41,71 @@ class Metasploit3 < Msf::Auxiliary end def run_host(ip) - each_user_pass { |user, pass| - do_login(user,pass,datastore['DATABASE']) + cred_collection = Metasploit::Framework::CredentialCollection.new( + blank_passwords: datastore['BLANK_PASSWORDS'], + pass_file: datastore['PASS_FILE'], + password: datastore['PASSWORD'], + user_file: datastore['USER_FILE'], + userpass_file: datastore['USERPASS_FILE'], + username: datastore['USERNAME'], + user_as_pass: datastore['USER_AS_PASS'], + realm: datastore['DATABASE'] + ) + + scanner = Metasploit::Framework::LoginScanner::DB2.new( + host: ip, + port: rport, + proxies: datastore['PROXIES'], + cred_details: cred_collection, + stop_on_success: datastore['STOP_ON_SUCCESS'], + connection_timeout: 30 + ) + + service_data = { + address: ip, + port: rport, + service_name: 'db2', + protocol: 'tcp', + workspace_id: myworkspace_id } + + scanner.scan! do |result| + if result.success? + credential_data = { + module_fullname: self.fullname, + origin_type: :service, + private_data: result.credential.private, + private_type: :password, + realm_key: Metasploit::Credential::Realm::Key::DB2_DATABASE, + realm_value: result.credential.realm, + username: result.credential.public + } + credential_data.merge!(service_data) + + credential_core = create_credential(credential_data) + + login_data = { + core: credential_core, + last_attempted_at: DateTime.now, + status: Metasploit::Credential::Login::Status::SUCCESSFUL + } + login_data.merge!(service_data) + + create_credential_login(login_data) + print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}" + else + invalidate_login( + address: ip, + port: rport, + protocol: 'tcp', + public: result.credential.public, + private: result.credential.private, + realm_key: Metasploit::Credential::Realm::Key::DB2_DATABASE, + realm_value: result.credential.realm, + status: result.status) + print_status "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})" + end + end end - def do_login(user=nil,pass=nil,db=nil) - datastore['USERNAME'] = user - datastore['PASSWORD'] = pass - vprint_status("#{rhost}:#{rport} - DB2 - Trying username:'#{user}' with password:'#{pass}'") - - begin - info = db2_check_login - rescue ::Rex::ConnectionError - vprint_error("#{rhost}:#{rport} : Unable to attempt authentication") - return :abort - rescue ::Rex::Proto::DRDA::RespError => e - vprint_error("#{rhost}:#{rport} : Error in connecting to DB2 instance: #{e}") - return :abort - end - - disconnect - - if info[:db_login_success] - print_good("#{rhost}:#{rport} - DB2 - successful login for '#{user}' : '#{pass}' against database '#{db}'") - # Report credentials - report_auth_info( - :host => rhost, - :port => rport, - :sname => "db2", - :user => "#{db}/#{user}", - :pass => pass, - :active => true - ) - return :next_user - else - vprint_error("#{rhost}:#{rport} - DB2 - failed login for '#{user}' : '#{pass}' against database '#{db}'") - return :fail - end - - end end