CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/http/buildmaster_login.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::HttpClient

8
  include Msf::Auxiliary::AuthBrute

9
  include Msf::Auxiliary::Report

10
  include Msf::Auxiliary::Scanner

11


12
  def initialize(info = {})

13
    super(update_info(info,

14
      'Name'        => 'Inedo BuildMaster Login Scanner',

15
      'Description' => %{

16
          This module will attempt to authenticate to BuildMaster. There is a default user 'Admin'

17
          which has the default password 'Admin'.

18
      },

19
      'Author'         => [ 'James Otten <jamesotten1[at]gmail.com>' ],

20
      'License'        => MSF_LICENSE,

21
      'DefaultOptions' => { 'VERBOSE' => true })

22
    )

23


24
    register_options(

25
      [

26
        Opt::RPORT(81),

27
        OptString.new('USERNAME', [false, 'Username to authenticate as', 'Admin']),

28
        OptString.new('PASSWORD', [false, 'Password to authenticate with', 'Admin'])

29
      ]

30
    )

31
  end

32


33
  def run_host(ip)

34
    return unless buildmaster?

35


36
    each_user_pass do |user, pass|

37
      do_login(user, pass)

38
    end

39
  end

40


41
  def buildmaster?

42
    begin

43
      res = send_request_cgi('uri' => '/log-in')

44
    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE

45
      print_error("#{peer} - HTTP Connection Failed")

46
      return false

47
    end

48


49
    if res && res.code == 200 && res.body.include?('BuildMaster_Version')

50
      version = res.body.scan(%r{<span id="BuildMaster_Version">(.*)</span>}).flatten.first

51
      print_good("#{peer} - Identified BuildMaster #{version}")

52
      return true

53
    else

54
      print_error("#{peer} - Application does not appear to be BuildMaster")

55
      return false

56
    end

57
  end

58


59
  def login_succeeded?(res)

60
    if res && res.code == 200

61
      body = JSON.parse(res.body)

62
      return body.key?('succeeded') && body['succeeded']

63
    end

64
    false

65
  rescue

66
    false

67
  end

68


69
  def do_login(user, pass)

70
    print_status("#{peer} - Trying username:#{user.inspect} with password:#{pass.inspect}")

71
    begin

72
      res = send_request_cgi(

73
        {

74
          'uri' => '/0x44/BuildMaster.Web.WebApplication/Inedo.BuildMaster.Web.WebApplication.Pages.LogInPage/LogIn',

75
          'method' => 'POST',

76
          'headers' => { 'Content-Type' => 'application/x-www-form-urlencoded' },

77
          'vars_post' =>

78
            {

79
              'userName' => user,

80
              'password' => pass

81
            }

82
        }

83
      )

84
    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE

85
      vprint_error("#{peer} - HTTP Connection Failed...")

86
      return :abort

87
    end

88


89
    if login_succeeded?(res)

90
      print_good("SUCCESSFUL LOGIN - #{peer} - #{user.inspect}:#{pass.inspect}")

91
      store_valid_credential(user: user, private: pass)

92
    else

93
      print_error("FAILED LOGIN - #{peer} - #{user.inspect}:#{pass.inspect}")

94
    end

95
  end

96
end

97


98