CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/metasploit/framework/login_scanner/advantech_webaccess.rb
Views: 1904
1
require 'metasploit/framework/login_scanner/http'

2


3
module Metasploit

4
  module Framework

5
    module LoginScanner

6


7
      class AdvantechWebAccess < HTTP

8


9
        DEFAULT_PORT  = 80

10
        PRIVATE_TYPES = [ :password ]

11
        LOGIN_STATUS  = Metasploit::Model::Login::Status # Shorter name

12


13
        def check_setup

14
          uri = normalize_uri("#{uri}broadWeb/bwRoot.asp")

15


16
          res = send_request({

17
            'method' => 'GET',

18
            'uri'    => uri

19
          })

20


21
          if res && res.body =~ /Welcome to Advantech WebAccess/i

22
            return true

23
          end

24


25
          false

26
        end

27


28
        def do_login(user, pass)

29
          uri  = normalize_uri("#{uri}broadweb/user/signin.asp")

30


31
          res = send_request({

32
            'method' => 'POST',

33
            'uri'    => uri,

34
            'vars_post' =>

35
              {

36
                'page'     => '/',

37
                'pos'      => '',

38
                'remMe'    => '',

39
                'submit1'  => 'Login',

40
                'username' => user,

41
                'password' => pass

42
              }

43
          })

44


45
          unless res

46
            return {status: LOGIN_STATUS::UNABLE_TO_CONNECT, proof: 'Connection timed out for signin.asp'}

47
          end

48


49
          if res.headers['Location'] && res.headers['Location'] == '/broadweb/bwproj.asp'

50
            return {status: LOGIN_STATUS::SUCCESSFUL, proof: res.body}

51
          end

52


53
          {status: LOGIN_STATUS::INCORRECT, proof: res.body}

54
        end

55


56
        # Attempts to login to Advantech WebAccess.

57
        #

58
        # @param credential [Metasploit::Framework::Credential] The credential object

59
        # @return [Result] A Result object indicating success or failure

60
        def attempt_login(credential)

61
          result_opts = {

62
            credential: credential,

63
            status: Metasploit::Model::Login::Status::INCORRECT,

64
            proof: nil,

65
            host: host,

66
            port: port,

67
            protocol: 'tcp'

68
          }

69


70
          begin

71
            result_opts.merge!(do_login(credential.public, credential.private))

72
          rescue ::Rex::ConnectionError => e

73
            # Something went wrong during login. 'e' knows what's up.

74
            result_opts.merge!(status: LOGIN_STATUS::UNABLE_TO_CONNECT, proof: e.message)

75
          end

76


77
          Result.new(result_opts)

78
        end

79


80
      end

81
    end

82
  end

83
end

84


85