CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/lib/metasploit/framework/login_scanner/gitlab.rb
Views: 1904
require 'metasploit/framework/login_scanner/http'12module Metasploit3module Framework4module LoginScanner5# GitLab login scanner6class GitLab < HTTP7# Inherit LIKELY_PORTS,LIKELY_SERVICE_NAMES, and REALM_KEY from HTTP8CAN_GET_SESSION = false9DEFAULT_PORT = 8010PRIVATE_TYPES = [ :password ]1112# (see Base#set_sane_defaults)13def set_sane_defaults14self.uri = '/users/sign_in' if uri.nil?15self.method = 'POST' if method.nil?1617super18end1920def attempt_login(credential)21result_opts = {22credential: credential,23host: host,24port: port,25protocol: 'tcp',26service_name: ssl ? 'https' : 'http'27}28begin29# Get a valid session cookie and authenticity_token for the next step30res = send_request(31'method' => 'GET',32'cookie' => 'request_method=GET',33'uri' => uri34)3536if res.body.include? 'user[email]'37user_field = 'user[email]'38elsif res.body.include? 'user[login]'39user_field = 'user[login]'40else41fail RuntimeError, 'Not a valid GitLab login page'42end4344local_session_cookie = res.get_cookies.scan(/(_gitlab_session=[A-Za-z0-9%-]+)/).flatten[0]45auth_token = res.body.scan(/<input name="authenticity_token" type="hidden" value="(.*?)"/).flatten[0]4647# New versions of GitLab use an alternative scheme48# Try it, if the old one was not successful49auth_token = res.body.scan(/<input type="hidden" name="authenticity_token" value="(.*?)"/).flatten[0] unless auth_token5051fail RuntimeError, 'Unable to get Session Cookie' unless local_session_cookie52fail RuntimeError, 'Unable to get Authentication Token' unless auth_token5354# Perform the actual login55res = send_request(56'method' => 'POST',57'cookie' => local_session_cookie,58'uri' => uri,59'vars_post' =>60{61'utf8' => "\xE2\x9C\x93",62'authenticity_token' => auth_token,63"#{user_field}" => credential.public,64'user[password]' => credential.private,65'user[remember_me]' => 066}67)6869if res && res.code == 30270result_opts.merge!(status: Metasploit::Model::Login::Status::SUCCESSFUL, proof: res.headers)71else72result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: res)73end74rescue ::EOFError, Errno::ETIMEDOUT ,Errno::ECONNRESET, Rex::ConnectionError, OpenSSL::SSL::SSLError, ::Timeout::Error => e75result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)76end77Result.new(result_opts)78end79end80end81end82end838485