CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/auxiliary/scanner/http/appletv_login.md
Views: 1904
Vulnerable Application
This module attempts to authenticate to an AppleTV service with the username, 'AirPlay'. The device has two different access control modes: OnScreen and Password. The difference between the two is the password in OnScreen mode is numeric-only and four digits long, which means when this option is enabled, the module will make sure to cover all of them - from 0000 to 9999. The Password mode is more complex, therefore the usual online bruteforce strategies apply.
Verification Steps
Start msfconsole
Do:
use auxiliary/scanner/http/appletv_login
Do: set the passwords via the
password
option, or pass a list of passwords via thepass_file
option. Pass a user list viauser_list
.Do:
run
Hopefully you see something like this:
Options
BLANK_PASSWORD
Set to true
if an additional login attempt should be made with an empty password for every user.
BRUTEFORCE_SPEED
How fast to bruteforce, from 0 to 5
Onscreen
Enable if AppleTV is using the Onscreen access control
PASSWORD
A specific password to authenticate with
PASS_FILE
File containing passwords, one per line
STOP_ON_SUCCESS
Stop guessing when a credential works for a host
THREADS
The number of concurrent threads (max one per host)
USERPASS_FILE
File containing users and passwords separated by space, one pair per line
USER_FILE
File containing usernames, one per line
VERBOSE
Whether to print output for all attempts
VHOST
HTTP server virtual host