CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/scanner/ftp/ftp_login.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'metasploit/framework/credential_collection'6require 'metasploit/framework/login_scanner/ftp'78class MetasploitModule < Msf::Auxiliary9include Msf::Exploit::Remote::Ftp10include Msf::Auxiliary::Scanner11include Msf::Auxiliary::Report12include Msf::Auxiliary::AuthBrute1314def proto15'ftp'16end1718def initialize19super(20'Name' => 'FTP Authentication Scanner',21'Description' => %q{22This module will test FTP logins on a range of machines and23report successful logins. If you have loaded a database plugin24and connected to a database this module will record successful25logins and hosts so you can track your access.26},27'Author' => 'todb',28'References' =>29[30[ 'CVE', '1999-0502'] # Weak password31],32'License' => MSF_LICENSE,33'DefaultOptions' => {34'ConnectTimeout' => 3035}36)3738register_options(39[40Opt::Proxies,41Opt::RPORT(21),42OptBool.new('RECORD_GUEST', [ false, "Record anonymous/guest logins to the database", false])43])4445register_advanced_options(46[47OptBool.new('SINGLE_SESSION', [ false, 'Disconnect after every login attempt', false]),48]49)5051deregister_options('FTPUSER','FTPPASS') # Can use these, but should use 'username' and 'password'52@accepts_all_logins = {}53end545556def run_host(ip)57print_status("#{ip}:#{rport} - Starting FTP login sweep")5859cred_collection = build_credential_collection(60username: datastore['USERNAME'],61password: datastore['PASSWORD'],62prepended_creds: anonymous_creds63)6465scanner = Metasploit::Framework::LoginScanner::FTP.new(66configure_login_scanner(67host: ip,68port: rport,69proxies: datastore['PROXIES'],70cred_details: cred_collection,71stop_on_success: datastore['STOP_ON_SUCCESS'],72bruteforce_speed: datastore['BRUTEFORCE_SPEED'],73max_send_size: datastore['TCP::max_send_size'],74send_delay: datastore['TCP::send_delay'],75connection_timeout: datastore['ConnectTimeout'],76ftp_timeout: datastore['FTPTimeout'],77framework: framework,78framework_module: self,79ssl: datastore['SSL'],80ssl_version: datastore['SSLVersion'],81ssl_verify_mode: datastore['SSLVerifyMode'],82ssl_cipher: datastore['SSLCipher'],83local_port: datastore['CPORT'],84local_host: datastore['CHOST']85)86)8788scanner.scan! do |result|89credential_data = result.to_h90credential_data.merge!(91module_fullname: self.fullname,92workspace_id: myworkspace_id93)94if result.success?95credential_data[:private_type] = :password96credential_core = create_credential(credential_data)97credential_data[:core] = credential_core98create_credential_login(credential_data)99100print_good "#{ip}:#{rport} - Login Successful: #{result.credential}"101else102invalidate_login(credential_data)103vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"104end105end106107end108109110# Always check for anonymous access by pretending to be a browser.111def anonymous_creds112anon_creds = [ ]113if datastore['RECORD_GUEST']114['IEUser@', 'User@', '[email protected]', '[email protected]' ].each do |password|115anon_creds << Metasploit::Framework::Credential.new(public: 'anonymous', private: password)116end117end118anon_creds119end120121def test_ftp_access(user,scanner)122dir = Rex::Text.rand_text_alpha(8)123write_check = scanner.send_cmd(['MKD', dir], true)124if write_check and write_check =~ /^2/125scanner.send_cmd(['RMD',dir], true)126print_status("#{rhost}:#{rport} - User '#{user}' has READ/WRITE access")127return 'Read/Write'128else129print_status("#{rhost}:#{rport} - User '#{user}' has READ access")130return 'Read-only'131end132end133134135end136137138