CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
require 'metasploit/framework/login_scanner/base'
2
require 'metasploit/framework/login_scanner/rex_socket'
3
require 'metasploit/framework/tcp/client'
4

5
module Metasploit
6
  module Framework
7
    module LoginScanner
8

9
      # This is the LoginScanner class for dealing with POP3.
10
      # It is responsible for taking a single target, and a list of credentials
11
      # and attempting them. It then saves the results.
12
      class POP3
13
        include Metasploit::Framework::LoginScanner::Base
14
        include Metasploit::Framework::LoginScanner::RexSocket
15
        include Metasploit::Framework::Tcp::Client
16

17
        DEFAULT_PORT         = 110
18
        LIKELY_PORTS         = [ 110, 995 ]
19
        LIKELY_SERVICE_NAMES = [ 'pop3', 'pop3s' ]
20
        PRIVATE_TYPES        = [ :password ]
21
        REALM_KEY            = nil
22

23
        # This method attempts a single login with a single credential against the target
24
        # @param credential [Credential] The credential object to attempt to login with
25
        # @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object
26
        def attempt_login(credential)
27
          result_options = {
28
            credential: credential,
29
            status: Metasploit::Model::Login::Status::INCORRECT,
30
            host: host,
31
            port: port,
32
            protocol: 'tcp',
33
            service_name: 'pop3'
34
          }
35

36
          disconnect if self.sock
37

38
          begin
39
            connect
40
            select([sock],nil,nil,0.4)
41

42
            # Check to see if we received an OK?
43
            result_options[:proof] = sock.get_once
44
            if result_options[:proof] && result_options[:proof][/^\+OK.*/]
45
              # If we received an OK we should send the USER
46
              sock.put("USER #{credential.public}\r\n")
47
              result_options[:proof] = sock.get_once
48

49
              if result_options[:proof] && result_options[:proof][/^\+OK.*/]
50
                # If we got an OK after the username we can send the PASS
51
                sock.put("PASS #{credential.private}\r\n")
52
                # Dovecot has a failed-auth penalty system that maxes at
53
                # sleeping for 15 seconds before sending responses to the
54
                # PASS command, so bump the timeout to 16.
55
                result_options[:proof] = sock.get_once(-1, 16)
56

57
                if result_options[:proof] && result_options[:proof][/^\+OK.*/]
58
                  # if the pass gives an OK, were good to go
59
                  result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL
60
                end
61
              end
62
            end
63

64
          rescue Rex::ConnectionError, EOFError, Timeout::Error, Errno::EPIPE => e
65
            result_options.merge!(
66
              proof: e,
67
              status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
68
            )
69
          end
70

71
          disconnect if self.sock
72

73
          Result.new(result_options)
74
        end
75

76
        private
77

78
        # (see Base#set_sane_defaults)
79
        def set_sane_defaults
80
          self.connection_timeout ||= 30
81
          self.port               ||= DEFAULT_PORT
82
          self.max_send_size      ||= 0
83
          self.send_delay         ||= 0
84
        end
85

86
      end
87

88
    end
89
  end
90
end
91

92

93