CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/lib/metasploit/framework/login_scanner/buffalo.rb
Views: 1904
require 'metasploit/framework/login_scanner/http'1require 'json'23module Metasploit4module Framework5module LoginScanner67# Buffalo Linkstation NAS login scanner8class Buffalo < HTTP910# Inherit LIKELY_PORTS,LIKELY_SERVICE_NAMES, and REALM_KEY from HTTP11CAN_GET_SESSION = true12DEFAULT_PORT = 8013PRIVATE_TYPES = [ :password ]1415# (see Base#set_sane_defaults)16def set_sane_defaults17self.uri = "/dynamic.pl" if self.uri.nil?18self.method = "POST" if self.method.nil?1920super21end2223def attempt_login(credential)24result_opts = {25credential: credential,26host: host,27port: port,28protocol: 'tcp'29}30if ssl31result_opts[:service_name] = 'https'32else33result_opts[:service_name] = 'http'34end35begin36res = send_request({37'method'=>'POST',38'uri'=>'/dynamic.pl',39'vars_post'=> {40'bufaction'=>'verifyLogin',41'user' => credential.public,42'password'=>credential.private43}44})4546body = JSON.parse(res.body)47if res && body.has_key?('success') && body['success']48result_opts.merge!(status: Metasploit::Model::Login::Status::SUCCESSFUL, proof: res.body)49else50result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: res)51end52rescue ::JSON::ParserError53result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: res.body)54rescue ::EOFError, Errno::ETIMEDOUT, Rex::ConnectionError, ::Timeout::Error55result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT)56end57Result.new(result_opts)58end59end60end61end62end636465