CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/lib/metasploit/framework/login_scanner/postgres.rb
Views: 1904
require 'metasploit/framework/login_scanner/base'1require 'postgres_msf'23module Metasploit4module Framework5module LoginScanner67# This is the LoginScanner class for dealing with PostgreSQL database servers.8# It is responsible for taking a single target, and a list of credentials9# and attempting them. It then saves the results.10class Postgres11include Metasploit::Framework::LoginScanner::Base1213# @returns [Boolean] If a login is successful and this attribute is true - a Msf::Db::PostgresPR::Connection instance is used as proof,14# and the socket is not immediately closed15attr_accessor :use_client_as_proof1617DEFAULT_PORT = 543218DEFAULT_REALM = 'template1'19LIKELY_PORTS = [ DEFAULT_PORT ]20LIKELY_SERVICE_NAMES = [ 'postgres' ]21PRIVATE_TYPES = [ :password ]22REALM_KEY = Metasploit::Model::Realm::Key::POSTGRESQL_DATABASE2324# This method attempts a single login with a single credential against the target25# @param credential [Credential] The credential object to attempt to login with26# @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object27def attempt_login(credential)28result_options = {29credential: credential,30host: host,31port: port,32protocol: 'tcp',33service_name: 'postgres'34}3536db_name = credential.realm || 'template1'3738if ::Rex::Socket.is_ipv6?(host)39uri = "tcp://[#{host}]:#{port}"40else41uri = "tcp://#{host}:#{port}"42end4344pg_conn = nil4546begin47pg_conn = Msf::Db::PostgresPR::Connection.new(db_name,credential.public,credential.private,uri,proxies)48rescue ::RuntimeError => e49case e.to_s.split("\t")[1]50when "C3D000"51result_options.merge!({52status: Metasploit::Model::Login::Status::INCORRECT,53proof: "C3D000, Creds were good but database was bad"54})55when "C28000", "C28P01"56result_options.merge!({57status: Metasploit::Model::Login::Status::INCORRECT,58proof: "Invalid username or password"59})60else61result_options.merge!({62status: Metasploit::Model::Login::Status::INCORRECT,63proof: e.message64})65end66rescue Rex::ConnectionError, Rex::ConnectionProxyError, Errno::ECONNRESET, Errno::EINTR, Errno::ENOTCONN, Rex::TimeoutError, EOFError, Timeout::Error => e67result_options.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)68rescue Msf::Db::PostgresPR::AuthenticationMethodMismatch => e69result_options.merge!({70status: Metasploit::Model::Login::Status::INCORRECT,71proof: e.message72})73end7475if pg_conn76result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL7778# This module no longer owns the socket so return it as proof so the calling context can perform additional operations79# Additionally assign values to nil to avoid closing the socket etc automatically80if use_client_as_proof81result_options[:proof] = pg_conn82result_options[:connection] = pg_conn.conn83else84pg_conn.close85end86else87result_options[:status] = Metasploit::Model::Login::Status::INCORRECT88end8990::Metasploit::Framework::LoginScanner::Result.new(result_options)91end92end9394def set_sane_defaults95self.connection_timeout ||= 3096self.port ||= DEFAULT_PORT97end9899end100end101end102103104