CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/scanner/http/advantech_webaccess_login.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'metasploit/framework/login_scanner/advantech_webaccess'6require 'metasploit/framework/credential_collection'78class MetasploitModule < Msf::Auxiliary9include Msf::Exploit::Remote::HttpClient10include Msf::Auxiliary::AuthBrute11include Msf::Auxiliary::Report12include Msf::Auxiliary::Scanner1314def initialize(info={})15super(update_info(info,16'Name' => 'Advantech WebAccess Login',17'Description' => %q{18This module will attempt to authenticate to Advantech WebAccess.19},20'Author' => [ 'sinn3r' ],21'License' => MSF_LICENSE,22'DefaultOptions' =>23{24'RPORT' => 8025}26))2728register_options(29[30OptString.new('TARGETURI', [true, 'The base path to Advantech WebAccess', '/']),31OptBool.new('TRYDEFAULT', [false, 'Try the default credential admin:[empty]', false])32])33end343536def scanner(ip)37@scanner ||= lambda {38cred_collection = build_credential_collection(39username: datastore['USERNAME'],40password: datastore['PASSWORD']41)4243if datastore['TRYDEFAULT']44print_status("Default credential admin:[empty] added to the credential queue for testing.")45cred_collection.add_public('admin')46cred_collection.add_private('')47end4849return Metasploit::Framework::LoginScanner::AdvantechWebAccess.new(50configure_http_login_scanner(51host: ip,52port: datastore['RPORT'],53cred_details: cred_collection,54stop_on_success: datastore['STOP_ON_SUCCESS'],55bruteforce_speed: datastore['BRUTEFORCE_SPEED'],56connection_timeout: 5,57http_username: datastore['HttpUsername'],58http_password: datastore['HttpPassword'],59uri: target_uri.path60))61}.call62end636465def report_good_cred(ip, port, result)66service_data = {67address: ip,68port: port,69service_name: 'http',70protocol: 'tcp',71workspace_id: myworkspace_id72}7374credential_data = {75module_fullname: self.fullname,76origin_type: :service,77private_data: result.credential.private,78private_type: :password,79username: result.credential.public,80}.merge(service_data)8182login_data = {83core: create_credential(credential_data),84last_attempted_at: DateTime.now,85status: result.status,86proof: result.proof87}.merge(service_data)8889create_credential_login(login_data)90end919293def report_bad_cred(ip, rport, result)94invalidate_login(95address: ip,96port: rport,97protocol: 'tcp',98public: result.credential.public,99private: result.credential.private,100realm_key: result.credential.realm_key,101realm_value: result.credential.realm,102status: result.status,103proof: result.proof104)105end106107def bruteforce(ip)108scanner(ip).scan! do |result|109case result.status110when Metasploit::Model::Login::Status::SUCCESSFUL111print_brute(:level => :good, :ip => ip, :msg => "Success: '#{result.credential}'")112report_good_cred(ip, rport, result)113when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT114vprint_brute(:level => :verror, :ip => ip, :msg => result.proof)115report_bad_cred(ip, rport, result)116when Metasploit::Model::Login::Status::INCORRECT117vprint_brute(:level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'")118report_bad_cred(ip, rport, result)119end120end121end122123def run_host(ip)124unless scanner(ip).check_setup125print_brute(:level => :error, :ip => ip, :msg => 'Target is not Advantech WebAccess')126return127end128129bruteforce(ip)130end131end132133134