CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/lib/metasploit/framework/login_scanner/mysql.rb
Views: 1904
require 'metasploit/framework/tcp/client'1require 'metasploit/framework/login_scanner/base'2require 'metasploit/framework/login_scanner/rex_socket'3require 'rex/proto/mysql/client'45module Metasploit6module Framework7module LoginScanner89# This is the LoginScanner class for dealing with MySQL Database servers.10# It is responsible for taking a single target, and a list of credentials11# and attempting them. It then saves the results.12class MySQL13include Metasploit::Framework::LoginScanner::Base14include Metasploit::Framework::LoginScanner::RexSocket15include Metasploit::Framework::Tcp::Client1617# @returns [Boolean] If a login is successful and this attribute is true - a MySQL::Client instance is used as proof,18# and the socket is not immediately closed19attr_accessor :use_client_as_proof2021DEFAULT_PORT = 330622LIKELY_PORTS = [3306]23LIKELY_SERVICE_NAMES = ['mysql']24PRIVATE_TYPES = [:password]25REALM_KEY = nil2627def attempt_login(credential)28result_options = {29credential: credential,30host: host,31port: port,32protocol: 'tcp',33service_name: 'mysql'34}3536begin37# manage our behind the scenes socket. Close any existing one and open a new one38disconnect if self.sock39connect4041mysql_conn = ::Rex::Proto::MySQL::Client.connect(host, credential.public, credential.private, '', port, io: self.sock)4243rescue ::SystemCallError, Rex::ConnectionError => e44result_options.merge!({45status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT,46proof: e47})48rescue Rex::Proto::MySQL::Client::ClientError => e49result_options.merge!({50status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT,51proof: e52})53rescue Rex::Proto::MySQL::Client::HostNotPrivileged => e54result_options.merge!({55status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT,56proof: e57})58rescue Rex::Proto::MySQL::Client::AccessDeniedError => e59result_options.merge!({60status: Metasploit::Model::Login::Status::INCORRECT,61proof: e62})63rescue Rex::Proto::MySQL::Client::HostIsBlocked => e64result_options.merge!({65status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT,66proof: e67})68end6970if mysql_conn71result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL7273# This module no long owns the socket, return it as proof so the calling context can perform additional operations74# Additionally assign values to nil to avoid closing the socket etc automatically75if use_client_as_proof76result_options[:proof] = mysql_conn77result_options[:connection] = self.sock78self.sock = nil79else80mysql_conn.close81end82end8384::Metasploit::Framework::LoginScanner::Result.new(result_options)85end8687# This method sets the sane defaults for things88# like timeouts and TCP evasion options89def set_sane_defaults90self.connection_timeout ||= 3091self.port ||= DEFAULT_PORT92self.max_send_size ||= 093self.send_delay ||= 094end9596end9798end99end100end101102103