CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1

2
require 'metasploit/framework/login_scanner/http'
3

4
module Metasploit
5
  module Framework
6
    module LoginScanner
7

8
      # HP System Management login scanner tested on v6.3.1.24 upto v7.2.1.3 and 7.4
9
      class Smh < HTTP
10

11
        DEFAULT_PORT  = 4848
12
        PRIVATE_TYPES = [ :password ]
13
        CAN_GET_SESSION = true
14

15

16
        # (see Base#attempt_login)
17
        def attempt_login(credential)
18
          result_opts = {
19
            credential: credential
20
          }
21

22
          req_opts = {
23
            'method' => 'POST',
24
            'uri'    => uri,
25
            'vars_post' => {
26
              'redirecturl'         => '',
27
              'redirectquerystring' => '',
28
              'user'                => credential.public,
29
              'password'            => credential.private
30
            }
31
          }
32

33
          res = nil
34

35
          begin
36
            res = send_request(req_opts)
37

38
          rescue ::Rex::ConnectionError, Errno::ECONNREFUSED, ::EOFError, ::Timeout::Error => e
39
            result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
40
            return Result.new(result_opts)
41
          end
42

43
          if res && res.headers['CpqElm-Login'].to_s =~ /success/
44
            result_opts.merge!(status: Metasploit::Model::Login::Status::SUCCESSFUL)
45
          else
46
            result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT)
47
          end
48

49
          Result.new(result_opts)
50
        end
51

52
      end
53
    end
54
  end
55
end
56

57