CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Auxiliary::Report
8
  include Msf::Auxiliary::Scanner
9
  include Msf::Exploit::Remote::AFP
10

11
  def initialize(info={})
12
    super(update_info(info,
13
      'Name'         => 'Apple Filing Protocol Info Enumerator',
14
      'Description'  => %q{
15
        This module fetches AFP server information, including server name,
16
        network address, supported AFP versions, signature, machine type,
17
        and server flags.
18
      },
19
      'References'     =>
20
        [
21
          [ 'URL', 'https://web.archive.org/web/20130309051753/https://developer.apple.com/library/mac/#documentation/Networking/Reference/AFP_Reference/Reference/reference.html' ]
22
        ],
23
      'Author'       => [ 'Gregory Man <man.gregory[at]gmail.com>' ],
24
      'License'      => MSF_LICENSE
25
    ))
26
  end
27

28
  def run_host(ip)
29
    print_status("AFP #{ip} Scanning...")
30
    begin
31
      connect
32
      response = get_info
33
      report(response)
34
    rescue ::Timeout::Error
35
    rescue ::Interrupt
36
      raise $!
37
    rescue ::Rex::ConnectionError, ::IOError, ::Errno::ECONNRESET, ::Errno::ENOPROTOOPT
38
    rescue ::Exception
39
      raise $!
40
      print_error("AFP #{rhost}:#{rport} #{$!.class} #{$!}")
41
    ensure
42
      disconnect
43
    end
44
  end
45

46
  def report(response)
47
    report_info = "AFP #{rhost}:#{rport} Server Name: #{response[:server_name]} \n" +
48
    "AFP #{rhost}:#{rport}  Server Flags: \n" +
49
    format_flags_report(response[:server_flags]) +
50
    "AFP #{rhost}:#{rport}  Machine Type: #{response[:machine_type]} \n" +
51
    "AFP #{rhost}:#{rport}  AFP Versions: #{response[:versions].join(', ')} \n" +
52
    "AFP #{rhost}:#{rport}  UAMs: #{response[:uams].join(', ')}\n" +
53
    "AFP #{rhost}:#{rport}  Server Signature: #{response[:signature]}\n" +
54
    "AFP #{rhost}:#{rport}  Server Network Address: \n" +
55
    format_addresses_report(response[:network_addresses]) +
56
    "AFP #{rhost}:#{rport}   UTF8 Server Name: #{response[:utf8_server_name]}"
57

58

59
    lines = "AFP #{rhost}:#{rport}:#{rport} AFP:\n#{report_info}"
60

61
    lines.split(/\n/).each do |line|
62
      print_status(line)
63
    end
64

65
    report_note(:host => datastore['RHOST'],
66
      :proto => 'tcp',
67
      :port => datastore['RPORT'],
68
      :type => 'afp_server_info',
69
      :data => response)
70

71
      report_service(
72
        :host => datastore['RHOST'],
73
        :port => datastore['RPORT'],
74
        :proto => 'tcp',
75
        :name => "afp",
76
        :info => "AFP name: #{response[:utf8_server_name]}, Versions: #{response[:versions].join(', ')}"
77
      )
78

79
  end
80

81
  def format_flags_report(parsed_flags)
82
    report = ''
83
    parsed_flags.each do |flag, val|
84
      report << "AFP #{rhost}:#{rport}     *  #{flag}: #{val.to_s} \n"
85
    end
86
    return report
87
  end
88

89
  def format_addresses_report(parsed_network_addresses)
90
    report = ''
91
    parsed_network_addresses.each do |val|
92
      report << "AFP #{rhost}:#{rport}     *  #{val.to_s} \n"
93
    end
94
    return report
95
  end
96
end
97

98