CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/lib/metasploit/framework/login_scanner/caidao.rb
Views: 1904
require 'metasploit/framework/login_scanner/http'12module Metasploit3module Framework4module LoginScanner56# Chinese Caidao login scanner7class Caidao < HTTP8# Inherit LIKELY_PORTS, LIKELY_SERVICE_NAMES, and REALM_KEY from HTTP9DEFAULT_PORT = 8010PRIVATE_TYPES = [ :password ]11LOGIN_STATUS = Metasploit::Model::Login::Status # Shorter name1213# Checks if the target is Caidao Backdoor. The login module should call this.14#15# @return [Boolean] TrueClass if target is Caidao, otherwise FalseClass16def check_setup17@flag ||= Rex::Text.rand_text_alphanumeric(4)18@lmark ||= Rex::Text.rand_text_alphanumeric(4)19@rmark ||= Rex::Text.rand_text_alphanumeric(4)2021case uri22when /php$/mi23@payload = "$_=\"#{@flag}\";echo \"#{@lmark}\".$_.\"#{@rmark}\";"24return true25when /asp$/mi26@payload = 'execute("response.write(""'27@payload << "#{@lmark}"28@payload << '""):response.write(""'29@payload << "#{@flag}"30@payload << '""):response.write(""'31@payload << "#{@rmark}"32@payload << '""):response.end")'33return true34when /aspx$/mi35@payload = "Response.Write(\"#{@lmark}\");"36@payload << "Response.Write(\"#{@flag}\");"37@payload << "Response.Write(\"#{@rmark}\")"38return true39end40false41end4243def set_sane_defaults44self.method = "POST" if self.method.nil?45super46end4748# Actually doing the login. Called by #attempt_login49#50# @param username [String] The username to try51# @param password [String] The password to try52# @return [Hash]53# * :status [Metasploit::Model::Login::Status]54# * :proof [String] the HTTP response body55def try_login(username, password)56res = send_request(57'method' => method,58'uri' => uri,59'data' => "#{password}=#{@payload}"60)6162unless res63return { :status => LOGIN_STATUS::UNABLE_TO_CONNECT, :proof => res.to_s }64end6566if res && res.code == 200 && res.body.to_s.include?("#{@lmark}#{@flag}#{@rmark}")67return { :status => Metasploit::Model::Login::Status::SUCCESSFUL, :proof => res.to_s }68end6970{ :status => Metasploit::Model::Login::Status::INCORRECT, :proof => res.to_s }71end7273# Attempts to login to Caidao Backdoor. This is called first.74#75# @param credential [Metasploit::Framework::Credential] The credential object76# @return [Result] A Result object indicating success or failure77def attempt_login(credential)78result_opts = {79credential: credential,80status: Metasploit::Model::Login::Status::INCORRECT,81proof: nil,82host: host,83port: port,84protocol: 'tcp'85}8687if ssl88result_opts[:service_name] = 'https'89else90result_opts[:service_name] = 'http'91end9293begin94result_opts.merge!(try_login(credential.public, credential.private))95rescue ::Rex::ConnectionError => e96result_opts.merge!(status: LOGIN_STATUS::UNABLE_TO_CONNECT, proof: e.message)97end98Result.new(result_opts)99end100end101end102end103end104105106