CoCalc -- ivanti

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/scanner/ivanti/ivanti_login.rb
²⁷⁹⁰⁵ views
1
require 'metasploit/framework/credential_collection'
2
require 'metasploit/framework/login_scanner/ivanti_login'
3

4
class MetasploitModule < Msf::Auxiliary
5

6
  include Msf::Exploit::Remote::HttpClient
7
  include Msf::Auxiliary::AuthBrute
8
  include Msf::Auxiliary::Report
9
  include Msf::Auxiliary::Scanner
10
  include Msf::Auxiliary::ReportSummary
11

12
  include Msf::Exploit::Deprecated
13
  moved_from 'auxiliary/scanner/ivanti/login_scanner'
14

15
  def initialize(info = {})
16
    super(
17
      update_info(
18
        info,
19
        'Name' => 'Ivanti Connect Secure HTTP Scanner',
20
        'Description' => %q{
21
          This module will perform authentication scanning against Ivanti Connect Secure.
22
        },
23
        'Author' => ['msutovsky-r7'],
24
        'License' => MSF_LICENSE,
25
        'DefaultOptions' => {
26
          'RPORT' => 443,
27
          'SSL' => true
28
        },
29
        'Notes' => {
30
          'Stability' => [CRASH_SAFE],
31
          'Reliability' => [],
32
          'SideEffects' => [IOC_IN_LOGS, ACCOUNT_LOCKOUTS]
33
        }
34
      )
35
         )
36
    register_options([
37
      OptBool.new('ADMIN', [true, 'Select whether to target the admin login endpoint', false])
38
    ])
39
  end
40

41
  def get_scanner(ip)
42
    cred_collection = Metasploit::Framework::CredentialCollection.new(
43
      blank_passwords: datastore['BLANK_PASSWORDS'],
44
      pass_file: datastore['PASS_FILE'],
45
      password: datastore['PASSWORD'],
46
      user_file: datastore['USER_FILE'],
47
      userpass_file: datastore['USERPASS_FILE'],
48
      username: datastore['USERNAME'],
49
      user_as_pass: datastore['USER_AS_PASS']
50
    )
51
    configuration = configure_http_login_scanner(
52
      host: ip,
53
      port: datastore['RPORT'],
54
      cred_details: cred_collection,
55
      stop_on_success: datastore['STOP_ON_SUCCESS'],
56
      bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
57
      connection_timeout: datastore['HttpClientTimeout'] || 5,
58
      use_admin_endpoint: datastore['ADMIN']
59
    )
60
    return Metasploit::Framework::LoginScanner::Ivanti.new(configuration)
61
  end
62

63
  def process_credential(credential_data)
64
    credential_combo = "#{credential_data[:username]}:#{credential_data[:private_data]}"
65
    case credential_data[:status]
66
    when Metasploit::Model::Login::Status::SUCCESSFUL
67
      print_good "#{credential_data[:address]}:#{credential_data[:port]} - Login Successful: #{credential_combo}"
68
      credential_data[:core] = create_credential(credential_data)
69
      create_credential_login(credential_data)
70
      return { status: :success, credential: credential_data }
71
    else
72
      error_msg = "#{credential_data[:address]}:#{credential_data[:port]} - LOGIN FAILED: #{credential_combo} (#{credential_data[:status]})"
73
      vprint_error error_msg
74
      invalidate_login(credential_data)
75
      return { status: :fail, credential: credential_data }
76
    end
77
  end
78

79
  def run_scanner(scanner)
80
    scanner.scan! do |result|
81
      credential_data = result.to_h
82
      credential_data.merge!(module_fullname: fullname, workspace_id: myworkspace_id)
83
      process_credential(credential_data)
84
    end
85
  end
86

87
  def run_host(ip)
88
    scanner = get_scanner(ip)
89
    run_scanner(scanner)
90
  end
91

92
end
93

94
Product

Resources

Company
