CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
require 'metasploit/framework/login_scanner/base'
2
require 'metasploit/framework/login_scanner/rex_socket'
3
require 'rex/proto/amqp'
4

5
module Metasploit
6
  module Framework
7
    module LoginScanner
8

9
      class AMQP
10
        include Metasploit::Framework::LoginScanner::Base
11
        include Metasploit::Framework::LoginScanner::RexSocket
12

13
        DEFAULT_PORT         = 5671
14
        LIKELY_PORTS         = [ DEFAULT_PORT, 5672 ]
15
        LIKELY_SERVICE_NAMES = [ 'amqp', 'amqps' ]
16
        PRIVATE_TYPES        = [ :password ]
17
        REALM_KEY           = nil
18

19
        # (see Base#attempt_login)
20
        def attempt_login(credential)
21
          result_options = {
22
              credential: credential
23
          }
24

25
          begin
26
            result_options.merge!(connect_login(credential.public, credential.private))
27
          rescue Rex::Proto::Amqp::Error::NegotiationError => e
28
            result_options[:status] = Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
29
            result_options[:proof] = e.message
30
          rescue Rex::Proto::Amqp::Error::AmqpError
31
            result_options[:status] = Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
32
          rescue ::EOFError, Errno::ECONNRESET, Rex::ConnectionError, Rex::ConnectionTimeout, ::Timeout::Error
33
            result_options[:status] = Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
34
          end
35

36
          result = ::Metasploit::Framework::LoginScanner::Result.new(result_options)
37
          result.host         = host
38
          result.port         = port
39
          result.protocol     = 'tcp'
40
          result.service_name = "amqp#{ssl ? 's' : ''}"
41
          result
42
        end
43

44
        private
45

46
        def connect_login(username, password)
47
          result = {}
48
          amqp_client = Rex::Proto::Amqp::Version091::Client.new(
49
            host,
50
            port: port,
51
            context: { 'Msf' => framework, 'MsfExploit' => framework_module },
52
            ssl: ssl,
53
            ssl_version: ssl_version
54
          )
55
          amqp_client.connect(connection_timeout)
56
          amqp_client.send_protocol_header
57
          amqp_client.connection_start(username, password)
58
          resp = amqp_client.recv_frame
59

60
          unless resp.is_a?(Rex::Proto::Amqp::Version091::Frames::AmqpVersion091MethodFrame)
61
            raise Rex::Proto::Amqp::Error::UnexpectedReplyError.new(resp)
62
          end
63

64
          if resp.class_id == Rex::Proto::Amqp::Version091::Frames::MethodArguments::AmqpVersion091ConnectionClose::CLASS_ID && \
65
              resp.method_id == Rex::Proto::Amqp::Version091::Frames::MethodArguments::AmqpVersion091ConnectionClose::METHOD_ID
66
            result[:status] = Metasploit::Model::Login::Status::INCORRECT
67
            result[:proof] = resp.arguments.reply_text
68
            return result
69
          end
70

71
          unless resp.class_id == Rex::Proto::Amqp::Version091::Frames::MethodArguments::AmqpVersion091ConnectionTune::CLASS_ID && \
72
              resp.method_id == Rex::Proto::Amqp::Version091::Frames::MethodArguments::AmqpVersion091ConnectionTune::METHOD_ID
73
            raise Rex::Proto::Amqp::Error::UnexpectedReplyError.new(resp)
74
          end
75

76
          result[:status] = Metasploit::Model::Login::Status::SUCCESSFUL
77
          result
78
        ensure
79
          amqp_client.close
80
        end
81

82
        def set_sane_defaults
83
          self.connection_timeout ||= 30
84
          self.port               ||= DEFAULT_PORT
85
        end
86
      end
87
    end
88
  end
89
end
90

91