## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report def initialize super( 'Name' => 'Lotus Domino Version', 'Description' => 'Several checks to determine Lotus Domino Server Version.', 'Author' => ['CG'], 'License' => MSF_LICENSE ) register_options( [ OptString.new('PATH', [ true, "path", '/']), ] ) end def run_host(ip) path = normalize_uri(datastore['PATH']) check1 = [ 'iNotes/Forms5.nsf', 'iNotes/Forms6.nsf', 'iNotes/Forms7.nsf', ] check2 = [ 'help/readme.nsf?OpenAbout' ] check3 = [ 'download/filesets/l_LOTUS_SCRIPT.inf', 'download/filesets/n_LOTUS_SCRIPT.inf', 'download/filesets/l_SEARCH.inf', 'download/filesets/n_SEARCH.inf', ] currentversion = [] baseversion = [] begin check1.each do | check | res = send_request_raw({ 'uri' => path+check, 'method' => 'GET', }, 10) if (res.nil?) print_error("no response for #{ip}:#{rport} #{check}") elsif (res.code == 200 and res.body) #string we are regexing: if match = res.body.match(/\