Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
# -*- coding: binary -*-
2
module Metasploit
3
  module Framework
4
    module Varnish
5
      module Client
6

7
        @@AUTH_REQUIRED_REGEX = /107 \d+\s\s\s\s\s\s\n(\w+)\n\nAuthentication required\./ # 107 auth
8
        @@AUTH_SUCCESS_REGEX = /200 \d+/ # 200 ok
9

10
        def require_auth?
11
          # function returns false if no auth is required, else the challenge string
12
          res = sock.get_once # varnish can give the challenge on connect, so check if we have it already
13
          if res && res =~ @@AUTH_REQUIRED_REGEX
14
            return $1
15
          end
16
          # Cause a login fail to get the challenge. Length is correct, but this has upper chars, subtle diff for debugging
17
          sock.put("auth #{Rex::Text.rand_text_alphanumeric(64)}\n")
18
          res = sock.get_once # grab challenge
19
          if res && res =~ @@AUTH_REQUIRED_REGEX
20
            return $1
21
          end
22
          return false
23
        end
24

25
        def login(pass)
26
          # based on https://www.varnish-cache.org/trac/wiki/CLI
27
          begin
28
            challenge = require_auth?
29
            if !!challenge
30
              response = Digest::SHA256.hexdigest("#{challenge}\n#{pass.strip}\n#{challenge}\n")
31
              sock.put("auth #{response}\n")
32
              res = sock.get_once
33
              if res && res =~ @@AUTH_SUCCESS_REGEX
34
                return true
35
              else
36
                return false
37
              end
38
            else
39
              raise RuntimeError, "No Auth Required"
40
            end
41
          rescue Timeout::Error
42
            raise RuntimeError, "Varnish Login timeout"
43
          end
44
        end
45

46
        def close_session
47
          sock.put('quit')
48
        end
49

50
      end
51
    end
52
  end
53
end
54

55

56