Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/metasploit/framework/login_scanner/octopusdeploy.rb
71808 views
1
require 'metasploit/framework/login_scanner/http'

2
require 'json'

3


4
module Metasploit

5
  module Framework

6
    module LoginScanner

7


8
      # Octopus Deploy login scanner

9
      class OctopusDeploy < HTTP

10


11
        # Inherit LIKELY_PORTS,LIKELY_SERVICE_NAMES, and REALM_KEY from HTTP

12
        CAN_GET_SESSION = true

13
        DEFAULT_PORT    = 80

14
        PRIVATE_TYPES   = [ :password ]

15


16
        # (see Base#set_sane_defaults)

17
        def set_sane_defaults

18
          uri = '/api/users/login' if uri.nil?

19
          method = 'POST' if method.nil?

20


21
          super

22
        end

23


24
        def attempt_login(credential)

25
          result_opts = {

26
            credential: credential,

27
            **service_as_result(service_opts)

28
          }

29
          begin

30
            json_post_data = JSON.pretty_generate({ Username: credential.public, Password: credential.private })

31
            res = send_request({

32
              'method' => 'POST',

33
              'uri' => uri,

34
              'ctype' => 'application/json',

35
              'data' => json_post_data

36
            })

37


38
            body = JSON.parse(res.body)

39
            if res && res.code == 200 && body.key?('IsActive') && body['IsActive']

40
              result_opts.merge!(status: Metasploit::Model::Login::Status::SUCCESSFUL, proof: res.body)

41
            else

42
              result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: res)

43
            end

44
          rescue ::JSON::ParserError

45
            result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: res.body)

46
          rescue ::EOFError, Errno::ETIMEDOUT, Rex::ConnectionError, ::Timeout::Error

47
            result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT)

48
          end

49
          Result.new(result_opts)

50
        end

51


52
        def service_opts

53
          build_service_opts('octopusdeploy')

54
        end

55
      end

56
    end

57
  end

58
end

59


60