CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/scanner/acpp/login.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'metasploit/framework/credential_collection'6require 'metasploit/framework/login_scanner/acpp'78class MetasploitModule < Msf::Auxiliary9include Msf::Exploit::Remote::Tcp10include Msf::Auxiliary::Scanner11include Msf::Auxiliary::Report12include Msf::Auxiliary::AuthBrute1314def initialize15super(16'Name' => 'Apple Airport ACPP Authentication Scanner',17'Description' => %q(18This module attempts to authenticate to an Apple Airport using its19proprietary and largely undocumented protocol known only as ACPP.20),21'Author' =>22[23'Jon Hart <jon_hart[at]rapid7.com>'24],25'References' =>26[27%w(CVE 2003-0270) # Fixed XOR key used to encrypt password28],29'License' => MSF_LICENSE30)3132register_options(33[34Opt::RPORT(Rex::Proto::ACPP::DEFAULT_PORT)35])3637deregister_options(38# there is no username, so remove all of these options39'DB_ALL_USERS',40'DB_ALL_CREDS',41'DB_SKIP_EXISTING',42'USERNAME',43'USERPASS_FILE',44'USER_FILE',45'USER_AS_PASS'46)4748register_autofilter_ports([Rex::Proto::ACPP::DEFAULT_PORT])49end5051def run_host(ip)52vprint_status("#{ip}:#{rport} - Starting ACPP login sweep")5354cred_collection = Metasploit::Framework::PrivateCredentialCollection.new(55blank_passwords: datastore['BLANK_PASSWORDS'],56pass_file: datastore['PASS_FILE'],57password: datastore['PASSWORD']58)59cred_collection = prepend_db_passwords(cred_collection)6061scanner = Metasploit::Framework::LoginScanner::ACPP.new(62configure_login_scanner(63host: ip,64port: rport,65proxies: datastore['PROXIES'],66cred_details: cred_collection,67stop_on_success: datastore['STOP_ON_SUCCESS'],68bruteforce_speed: datastore['BRUTEFORCE_SPEED'],69connection_timeout: datastore['ConnectTimeout'],70max_send_size: datastore['TCP::max_send_size'],71send_delay: datastore['TCP::send_delay'],72framework: framework,73framework_module: self,74ssl: datastore['SSL'],75ssl_version: datastore['SSLVersion'],76ssl_verify_mode: datastore['SSLVerifyMode'],77ssl_cipher: datastore['SSLCipher'],78local_port: datastore['CPORT'],79local_host: datastore['CHOST']80)81)8283scanner.scan! do |result|84credential_data = result.to_h85credential_data.merge!(86module_fullname: fullname,87workspace_id: myworkspace_id88)89password = result.credential.private90if result.success?91credential_core = create_credential(credential_data)92credential_data[:core] = credential_core93create_credential_login(credential_data)94print_good("#{ip}:#{rport} - ACPP Login Successful: #{password}")95report_vuln(96host: ip,97port: rport,98proto: 'tcp',99name: 'Fixed XOR key used to encrypt passwords',100info: "Successful authentication with '#{password}'",101refs: references102)103else104invalidate_login(credential_data)105vprint_error("#{ip}:#{rport} - ACPP LOGIN FAILED: #{password} (#{result.status}: #{result.proof})")106end107end108end109end110111112