CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/scanner/lotus/lotus_domino_version.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::HttpClient7include Msf::Auxiliary::Scanner8include Msf::Auxiliary::Report910def initialize11super(12'Name' => 'Lotus Domino Version',13'Description' => 'Several checks to determine Lotus Domino Server Version.',14'Author' => ['CG'],15'License' => MSF_LICENSE16)17register_options(18[19OptString.new('PATH', [ true, "path", '/']),20] )21end2223def run_host(ip)2425path = datastore['PATH']26check1 = [27'iNotes/Forms5.nsf',28'iNotes/Forms6.nsf',29'iNotes/Forms7.nsf',30]3132check2 = [33'help/readme.nsf?OpenAbout'34]35check3 = [36'download/filesets/l_LOTUS_SCRIPT.inf',37'download/filesets/n_LOTUS_SCRIPT.inf',38'download/filesets/l_SEARCH.inf',39'download/filesets/n_SEARCH.inf',40]4142currentversion = []43baseversion = []4445begin4647check1.each do | check |4849res = send_request_raw({50'uri' => normalize_uri(path, check),51'method' => 'GET'52}, 10)5354if (res.nil?)55print_error("no response for #{ip}:#{rport} #{check}")56elsif (res.code == 200 and res.body)57# string we are regexing: <!-- Domino Release 7.0.3FP1 (Windows NT/Intel) -->58if match = res.body.match(/\<!-- Domino Release(.*) --\>/);59server1 = $160report_note(61:host => ip,62:proto => 'tcp',63:sname => (ssl ? "https" : "http"),64:port => rport,65:type => 'lotusdomino.version.current',66:data => server1.strip67)68if currentversion.empty? then69currentversion << server1.strip70elsif server1.strip == currentversion.last then71''72else server1.strip != currentversion.last73print_error("Different current version values") #this shouldnt happen,but just in case74currentversion << ' : ' + server1.strip75end76else77''78end79elsif80if (res.code and res.headers['Location'])81print_error("#{ip}:#{rport} #{res.code} Redirect to #{res.headers['Location']}")82else83''84end85else86''87end88end89if currentversion.length == 0 then90''91else92print_good("#{ip}:#{rport} Lotus Domino Current Version: #{currentversion}")93end9495check2.each do | check |9697res = send_request_raw({98'uri' => normalize_uri(path, check),99'method' => 'GET'100}, 10)101102if (res.nil?)103print_error("no response for #{ip}:#{rport} #{check}")104elsif (res.code == 200 and res.body)105# string we are regexing: <title>IBM Lotus Notes/Domino 6.5.6 Release Notes</title>106if match = res.body.match(/\<title\>(.*)Lotus Notes\/Domino (.*) Release Notes\<\/title\>/);107server2 = $2108print_good("#{ip}:#{rport} Lotus Domino Release Notes Version: " + $2)109report_note(110:host => ip,111:proto => 'tcp',112:sname => (ssl ? "https" : "http"),113:port => rport,114:type => 'lotusdomino.version.releasenotes',115:data => server2.strip116)117else118''119end120elsif121if (res.code and res.headers['Location'])122print_error("#{ip}:#{rport} #{res.code} Redirect to #{res.headers['Location']}")123else124''125end126else127''128end129end130131check3.each do | check |132133res = send_request_raw({134'uri' => normalize_uri(path, check),135'method' => 'GET'136}, 10)137138if (res.nil?)139print_error("no response for #{ip}:#{rport} #{check}")140elsif (res.code == 200 and res.body and res.body.index('TotalFileSize') and res.body.index('FileCount'))141# string we are regexing: # Regex Version=8.5.1.0142if match = res.body.match(/Version=(.*)/);143server3 = $1144report_note(145:host => ip,146:proto => 'tcp',147:sname => (ssl ? "https" : "http"),148:port => rport,149:type => 'lotusdomino.version.base',150:data => server3.strip151)152if baseversion.empty? then153baseversion << server3.strip154elsif server3.strip == baseversion.last then155''156else server3.strip != baseversion.last #this shouldnt happen,but just in case157print_error("Different base version values")158baseversion << ' : ' + server3.strip159end160else161''162end163elsif164if (res.code and res.headers['Location'])165print_error("#{ip}:#{rport} #{res.code} Redirect to #{res.headers['Location']}")166else167''168end169else170''171end172end173if baseversion.length == 0 then174''175else176print_good("#{ip}:#{rport} Lotus Domino Base Install Version: #{baseversion}")177end178end179rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout180rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, Resolv::ResolvError, EOFError, Errno::ECONNABORTED, Errno::ECONNREFUSED, Errno::EHOSTUNREACH =>e181print_error(e.message)182end183end184185186