infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #75 from rapid7/feature/MSP-9692/afp_login 

MSP-9692 #land
bug/bundler_fix
Samuel Huckins 2014-06-13 10:51:26 -05:00
parent f452652f54 539f30e720
commit fa8c9bc4f3
1 changed files with 58 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
modules/auxiliary/scanner/afp/afp_login.rb
View File

@ -5,6 +5,8 @@
require 'msf/core' require 'msf/core'
require 'openssl' require 'openssl'
require 'metasploit/framework/credential_collection'
require 'metasploit/framework/login_scanner/afp'
class Metasploit3 < Msf::Auxiliary class Metasploit3 < Msf::Auxiliary
@ -41,83 +43,70 @@ class Metasploit3 < Msf::Auxiliary
def run_host(ip) def run_host(ip)
print_status("Scanning IP: #{ip.to_s}") print_status("Scanning IP: #{ip.to_s}")
begin
connect cred_collection = Metasploit::Framework::CredentialCollection.new(
info = get_info # get_info drops connection blank_passwords: datastore['BLANK_PASSWORDS'],
raise "Unsupported AFP version" unless info[:uams].include?("DHCAST128") pass_file: datastore['PASS_FILE'],
password: datastore['PASSWORD'],
user_file: datastore['USER_FILE'],
userpass_file: datastore['USERPASS_FILE'],
username: datastore['USERNAME'],
user_as_pass: datastore['USER_AS_PASS'],
)
if datastore['CHECK_GUEST'] && info[:uams].include?("No User Authent") scanner = Metasploit::Framework::LoginScanner::AFP.new(
connect host: ip,
open_session port: rport,
do_guest_login proxies: datastore['PROXIES'],
close_session cred_details: cred_collection,
end stop_on_success: datastore['STOP_ON_SUCCESS'],
connection_timeout: 30
)
each_user_pass do |user, pass| service_data = {
if user == '' address: ip,
return :skip_user # check guest login once per host port: rport,
end service_name: 'afp',
protocol: 'tcp',
workspace_id: myworkspace_id
}
vprint_status("Trying to login as '#{user}' with password '#{pass}'") scanner.scan! do |result|
connect if result.success?
open_session credential_data = {
status = do_login(user, pass) module_fullname: self.fullname,
close_session # close_session drops connection origin_type: :service,
private_data: result.credential.private,
private_type: :password,
username: result.credential.public
}
credential_data.merge!(service_data)
status credential_core = create_credential(credential_data)
end
rescue ::Timeout::Error
raise $!
rescue ::Interrupt
raise $!
rescue ::Rex::ConnectionError, ::IOError, ::Errno::ECONNRESET, ::Errno::ENOPROTOOPT
rescue ::Exception
print_error("#{rhost}:#{rport} #{$!.class} #{$!}")
ensure
close_session if sock
disconnect
end
end
def do_login(user, pass) login_data = {
status = login(user, pass) core: credential_core,
last_attempted_at: DateTime.now,
status: Metasploit::Credential::Login::Status::SUCCESSFUL
}
login_data.merge!(service_data)
if status == true create_credential_login(login_data)
status = :next_user print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}"
print_good("#{rhost} - SUCCESSFUL LOGIN '#{user}' : '#{pass}'") else
report_auth_info({ invalidate_login(
:host => rhost, address: ip,
:port => rport, port: rport,
:sname => 'afp', protocol: 'tcp',
:user => user, public: result.credential.public,
:pass => pass, private: result.credential.private,
:source_type => 'user_supplied', realm_key: nil,
:active => true realm_value: nil,
}) status: result.status)
end print_status "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
return status
end
def do_guest_login
status = login('', '')
if status
status = :next_user
print_good("#{rhost} Supports Guest logins")
if datastore['RECORD_GUEST']
report_auth_info(
:host => rhost,
:port => rport,
:sname => 'atp',
:user => '',
:pass => '',
:type => "Guest Login",
:source_type => "user_supplied",
:active => true
)
end end
end end
return status
end end
end end