refactor db2_auth module

you know what it is
bug/bundler_fix
David Maloney 2014-06-10 13:43:07 -05:00
parent 6b52da2901
commit 74d376e387
No known key found for this signature in database
GPG Key ID: DEDBA9DC3A913DB2
1 changed files with 66 additions and 38 deletions

View File

@ -5,7 +5,8 @@
require 'msf/core'
require 'metasploit/framework/credential_collection'
require 'metasploit/framework/login_scanner/db2'
class Metasploit3 < Msf::Auxiliary
@ -40,44 +41,71 @@ class Metasploit3 < Msf::Auxiliary
end
def run_host(ip)
each_user_pass { |user, pass|
do_login(user,pass,datastore['DATABASE'])
}
end
def do_login(user=nil,pass=nil,db=nil)
datastore['USERNAME'] = user
datastore['PASSWORD'] = pass
vprint_status("#{rhost}:#{rport} - DB2 - Trying username:'#{user}' with password:'#{pass}'")
begin
info = db2_check_login
rescue ::Rex::ConnectionError
vprint_error("#{rhost}:#{rport} : Unable to attempt authentication")
return :abort
rescue ::Rex::Proto::DRDA::RespError => e
vprint_error("#{rhost}:#{rport} : Error in connecting to DB2 instance: #{e}")
return :abort
end
disconnect
if info[:db_login_success]
print_good("#{rhost}:#{rport} - DB2 - successful login for '#{user}' : '#{pass}' against database '#{db}'")
# Report credentials
report_auth_info(
:host => rhost,
:port => rport,
:sname => "db2",
:user => "#{db}/#{user}",
:pass => pass,
:active => true
cred_collection = Metasploit::Framework::CredentialCollection.new(
blank_passwords: datastore['BLANK_PASSWORDS'],
pass_file: datastore['PASS_FILE'],
password: datastore['PASSWORD'],
user_file: datastore['USER_FILE'],
userpass_file: datastore['USERPASS_FILE'],
username: datastore['USERNAME'],
user_as_pass: datastore['USER_AS_PASS'],
realm: datastore['DATABASE']
)
return :next_user
scanner = Metasploit::Framework::LoginScanner::DB2.new(
host: ip,
port: rport,
proxies: datastore['PROXIES'],
cred_details: cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
connection_timeout: 30
)
service_data = {
address: ip,
port: rport,
service_name: 'db2',
protocol: 'tcp',
workspace_id: myworkspace_id
}
scanner.scan! do |result|
if result.success?
credential_data = {
module_fullname: self.fullname,
origin_type: :service,
private_data: result.credential.private,
private_type: :password,
realm_key: Metasploit::Credential::Realm::Key::DB2_DATABASE,
realm_value: result.credential.realm,
username: result.credential.public
}
credential_data.merge!(service_data)
credential_core = create_credential(credential_data)
login_data = {
core: credential_core,
last_attempted_at: DateTime.now,
status: Metasploit::Credential::Login::Status::SUCCESSFUL
}
login_data.merge!(service_data)
create_credential_login(login_data)
print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}"
else
vprint_error("#{rhost}:#{rport} - DB2 - failed login for '#{user}' : '#{pass}' against database '#{db}'")
return :fail
invalidate_login(
address: ip,
port: rport,
protocol: 'tcp',
public: result.credential.public,
private: result.credential.private,
realm_key: Metasploit::Credential::Realm::Key::DB2_DATABASE,
realm_value: result.credential.realm,
status: result.status)
print_status "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
end
end
end
end
end