CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
require 'metasploit/framework/login_scanner/http'
2

3
module Metasploit
4
  module Framework
5
    module LoginScanner
6

7
      # IP Board login scanner
8
      class IPBoard < HTTP
9

10
        # @!attribute http_username
11
        # @return [String]
12
        attr_accessor :http_username
13

14
        # @!attribute http_password
15
        # @return [String]
16
        attr_accessor :http_password
17

18
        # (see Base#attempt_login)
19
        def attempt_login(credential)
20
          result_opts = {
21
              credential: credential,
22
              host: host,
23
              port: port,
24
              protocol: 'tcp'
25
          }
26
          if ssl
27
            result_opts[:service_name] = 'https'
28
          else
29
            result_opts[:service_name] = 'http'
30
          end
31

32
          begin
33

34
            nonce_response = send_request({
35
                'uri' => uri,
36
                'method'  => 'GET'
37
            })
38

39
            if nonce_response.body =~ /name='auth_key'\s+value='.*?((?:[a-z0-9]*))'/i
40
              server_nonce = $1
41

42
              if uri.end_with? '/'
43
                base_uri = uri.gsub(/\/$/, '')
44
              else
45
                base_uri = uri
46
              end
47

48
              auth_uri = "#{base_uri}/index.php"
49

50
              response = send_request({
51
                'uri' => auth_uri,
52
                'method'  => 'POST',
53
                'vars_get' => {
54
                  'app'     => 'core',
55
                  'module'  => 'global',
56
                  'section' => 'login',
57
                  'do'      => 'process'
58
                },
59
                'vars_post'      => {
60
                  'auth_key'     => server_nonce,
61
                  'ips_username' => credential.public,
62
                  'ips_password' => credential.private
63
                }
64
              })
65

66
              if response && response.get_cookies.include?('ipsconnect') && response.get_cookies.include?('coppa')
67
                result_opts.merge!(status: Metasploit::Model::Login::Status::SUCCESSFUL, proof: response)
68
              else
69
                result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: response)
70
              end
71

72
            else
73
              result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: "Server nonce not present, potentially not an IP Board install or bad URI.")
74
            end
75
          rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
76
            result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
77
          end
78

79
          Result.new(result_opts)
80

81
        end
82

83

84
        # (see Base#set_sane_defaults)
85
        def set_sane_defaults
86
          self.uri = "/forum/" if self.uri.nil?
87
          @method = "POST".freeze
88

89
          super
90
        end
91

92
        # The method *must* be "POST", so don't let the user change it
93
        # @raise [RuntimeError]
94
        def method=(_)
95
          raise RuntimeError, "Method must be POST for IPBoard"
96
        end
97

98
      end
99
    end
100
  end
101
end
102

103

104