infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #25 from rapid7/feature/MSP-9673/axis2-login-scanner 

Add axis2 login scanner
bug/bundler_fix
dmaloney-r7 2014-05-29 11:22:22 -05:00
parent dcc4d25f15 572e4f2bdf
commit e669324366
3 changed files with 92 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
lib/metasploit/framework/login_scanner/axis2.rb Normal file
View File

@ -0,0 +1,55 @@
require 'metasploit/framework/login_scanner/http'
module Metasploit
module Framework
module LoginScanner
# Tomcat Manager login scanner
class Axis2 < HTTP
DEFAULT_PORT = 8080
# (see Base#attempt_login)
def attempt_login(credential)
http_client = Rex::Proto::Http::Client.new(
host, port, {}, ssl, ssl_version
)
begin
http_client.connect
body = "userName=#{Rex::Text.uri_encode(credential.public)}&password=#{Rex::Text.uri_encode(credential.private)}&submit=+Login+"
request = http_client.request_cgi(
'uri' => uri,
'method' => "POST",
'data' => body,
)
response = http_client.send_recv(request)
end
if response && response.code == 200 && response.body.include?("upload")
Result.new(status: :success, credential: credential, proof: response)
else
Result.new(status: :failed, credential: credential, proof: response)
end
end
# (see Base#set_sane_defaults)
def set_sane_defaults
self.uri = "/axis2/axis2-admin/login" if self.uri.nil?
@method = "POST".freeze
super
end
# The method *must* be "POST", so don't let the user change it
# @raise [RuntimeError]
def method=(_)
raise RuntimeError, "Method must be POST for Axis2"
end
end
end
end
end

30
modules/auxiliary/scanner/http/axis_login.rb
View File

@ -17,10 +17,12 @@ class Metasploit3 < Msf::Auxiliary
def initialize def initialize
super( super(
'Name' => 'Apache Axis2 v1.4.1 Brute Force Utility', 'Name' => 'Apache Axis2 Brute Force Utility',
'Description' => %q{This module attempts to login to an Apache Axis2 v1.4.1 'Description' => %q{
instance using username and password combindations indicated by the USER_FILE, This module attempts to login to an Apache Axis2 instance using
PASS_FILE, and USERPASS_FILE options. username and password combindations indicated by the USER_FILE,
PASS_FILE, and USERPASS_FILE options. It has been verified to
work on at least versions 1.4.1 and 1.6.2.
}, },
'Author' => 'Author' =>
[ [
@ -35,9 +37,9 @@ class Metasploit3 < Msf::Auxiliary
'License' => MSF_LICENSE 'License' => MSF_LICENSE
) )
register_options( register_options( [
[ Opt::RPORT(8080), Opt::RPORT(8080),
OptString.new('URI', [false, 'Path to the Apache Axis Administration page', '/axis2/axis2-admin/login']), OptString.new('URI', [false, 'Path to the Apache Axis Administration page', '/axis2/axis2-admin/login']),
], self.class) ], self.class)
end end
@ -49,10 +51,10 @@ class Metasploit3 < Msf::Auxiliary
print_status("Verifying login exists at #{target_url}") print_status("Verifying login exists at #{target_url}")
begin begin
res = send_request_cgi({ send_request_cgi({
'method' => 'GET', 'method' => 'GET',
'uri' => datastore['URI'] 'uri' => datastore['URI']
}, 20) }, 20)
rescue rescue
print_error("The Axis2 login page does not exist at #{target_url}") print_error("The Axis2 login page does not exist at #{target_url}")
return return
@ -77,12 +79,12 @@ class Metasploit3 < Msf::Auxiliary
'data' => post_data, 'data' => post_data,
}, 20) }, 20)
if (res and res.code == 200 and res.body.to_s.match(/upload/) != nil) if res && res.code == 200 && res.body.to_s.match(/upload/) != nil
print_good("#{target_url} - Apache Axis - SUCCESSFUL login for '#{user}' : '#{pass}'") print_good("#{target_url} - Apache Axis - SUCCESSFUL login for '#{user}' : '#{pass}'")
report_auth_info( report_auth_info(
:host => rhost, :host => rhost,
:port => rport, :port => rport,
:sname => (ssl ? 'https' : 'http'), :sname => (ssl ? 'https' : 'http'),
:user => user, :user => user,
:pass => pass, :pass => pass,
:proof => "WEBAPP=\"Apache Axis\", VHOST=#{vhost}", :proof => "WEBAPP=\"Apache Axis\", VHOST=#{vhost}",
@ -91,7 +93,7 @@ class Metasploit3 < Msf::Auxiliary
:active => true :active => true
) )
elsif(res and res.code == 200) elsif res && res.code == 200
vprint_error("#{target_url} - Apache Axis - Failed to login as '#{user}'") vprint_error("#{target_url} - Apache Axis - Failed to login as '#{user}'")
else else
vprint_error("#{target_url} - Apache Axis - Unable to authenticate.") vprint_error("#{target_url} - Apache Axis - Unable to authenticate.")

21
spec/lib/metasploit/framework/login_scanner/axis2_spec.rb Normal file
View File

@ -0,0 +1,21 @@
require 'spec_helper'
require 'metasploit/framework/login_scanner/winrm'
describe Metasploit::Framework::LoginScanner::WinRM do
it_behaves_like 'Metasploit::Framework::LoginScanner::Base'
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
it_behaves_like 'Metasploit::Framework::LoginScanner::HTTP'
context "#method=" do
subject(:scanner) { described_class.new }
it "should raise, warning that the :method can't be changed" do
expect { scanner.method = "GET" }.to raise_error(RuntimeError)
expect(scanner.method).to eq("POST")
end
end
end