Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
require 'metasploit/framework/credential_collection'
7
require 'metasploit/framework/login_scanner/amqp'
8

9
class MetasploitModule < Msf::Auxiliary
10
  include Msf::Auxiliary::AuthBrute
11
  include Msf::Auxiliary::Scanner
12
  include Msf::Auxiliary::Report
13

14
  # Creates an instance of this module.
15
  def initialize(info = {})
16
    super(
17
      update_info(
18
        info,
19
        'Name' => 'AMQP 0-9-1 Login Check Scanner',
20
        'Description' => %q{
21
          This module will test AMQP logins on a range of machines and
22
          report successful logins.  If you have loaded a database plugin
23
          and connected to a database this module will record successful
24
          logins and hosts so you can track your access.
25
        },
26
        'Author' => [ 'Spencer McIntyre' ],
27
        'License' => MSF_LICENSE,
28
        'References' => [
29
          [ 'URL', 'https://www.rabbitmq.com/amqp-0-9-1-reference.html' ]
30
        ],
31
        'Notes' => {
32
          'Stability' => [],
33
          'Reliability' => [],
34
          'SideEffects' => []
35
        }
36
      )
37
    )
38

39
    register_options(
40
      [
41
        Opt::RPORT(5671)
42
      ]
43
    )
44

45
    register_advanced_options(
46
      [
47
        OptBool.new('SSL', [ true, 'Negotiate SSL/TLS for outgoing connections', true ]),
48
        Opt::SSLVersion
49
      ]
50
    )
51
  end
52

53
  def run_host(ip)
54
    cred_collection = build_credential_collection(
55
      username: datastore['USERNAME'],
56
      password: datastore['PASSWORD']
57
    )
58

59
    scanner = Metasploit::Framework::LoginScanner::AMQP.new(
60
      host: ip,
61
      port: datastore['RPORT'],
62
      cred_details: cred_collection,
63
      stop_on_success: datastore['STOP_ON_SUCCESS'],
64
      bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
65
      framework: framework,
66
      framework_module: self,
67
      ssl: datastore['SSL'],
68
      ssl_version: datastore['SSLVersion']
69
    )
70

71
    scanner.scan! do |result|
72
      credential_data = result.to_h
73
      credential_data.merge!(
74
        module_fullname: fullname,
75
        workspace_id: myworkspace_id
76
      )
77
      if result.success?
78
        credential_core = create_credential(credential_data)
79
        credential_data[:core] = credential_core
80
        create_credential_login(credential_data)
81

82
        print_good "#{ip}:#{datastore['RPORT']} - Login Successful: #{result.credential}"
83
      else
84
        invalidate_login(credential_data)
85
        vprint_error "#{ip}:#{datastore['RPORT']} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
86
      end
87
    end
88
  end
89
end
90

91