## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::Postgres include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report # Creates an instance of this module. def initialize(info = {}) super(update_info(info, 'Name' => 'PostgreSQL Version Probe', 'Description' => %q{ Enumerates the verion of PostgreSQL servers. }, 'Author' => [ 'todb' ], 'License' => MSF_LICENSE, 'References' => [ [ 'URL', 'http://www.postgresql.org' ] ], 'Version' => '$Revision$' # 2009-02-05 )) register_options([ ], self.class) # None needed. deregister_options('SQL', 'RETURN_ROWSET') end # Loops through each host in turn. Note the current IP address is both # ip and datastore['RHOST'] def run_host(ip) user = datastore['USERNAME'] pass = postgres_password do_fingerprint(user,pass,datastore['DATABASE']) end # Alias for RHOST def rhost datastore['RHOST'] end # Alias for RPORT def rport datastore['RPORT'] end def do_fingerprint(user=nil,pass=nil,database=nil) begin msg = "#{rhost}:#{rport} Postgres -" password = pass || postgres_password vprint_status("#{msg} Trying username:'#{user}' with password:'#{password}' against #{rhost}:#{rport} on database '#{database}'") result = postgres_fingerprint( :db => database, :username => user, :password => password ) if result[:auth] vprint_good "#{rhost}:#{rport} Postgres - Logged in to '#{database}' with '#{user}':'#{password}'" print_status "#{rhost}:#{rport} Postgres - Version #{result[:auth]} (Post-Auth)" elsif result[:preauth] print_status "#{rhost}:#{rport} Postgres - Version #{result[:preauth]} (Pre-Auth)" else # It's something we don't know yet vprint_status "#{rhost}:#{rport} Postgres - Authentication Error Fingerprint: #{result[:unknown]}" print_status "#{rhost}:#{rport} Postgres - Version Unknown (Pre-Auth)" end # Reporting report_service( :host => rhost, :port => rport, :name => "postgres", :info => result.values.first ) if self.postgres_conn report_auth_info( :host => rhost, :port => rport, :sname => "postgres", :user => user, :pass => password, :active => true ) end if result[:unknown] report_note( :host => rhost, :proto => 'tcp', :sname => 'postgres', :port => rport, :ntype => 'postgresql.fingerprint', :data => "Unknown Pre-Auth fingerprint: #{result[:unknown]}" ) end # Logout postgres_logout rescue Rex::ConnectionError vprint_error "#{rhost}:#{rport} Connection Error: #{$!}" return :done end end end