Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/msf/msf_rpc_login.rb
19593 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::Tcp

8
  include Msf::Auxiliary::Report

9
  include Msf::Auxiliary::AuthBrute

10
  include Msf::Auxiliary::Scanner

11


12
  def initialize(info = {})

13
    super(

14
      update_info(

15
        info,

16
        'Name' => 'Metasploit RPC Interface Login Utility',

17
        'Description' => %q{

18
          This module simply attempts to login to a

19
          Metasploit RPC interface using a specific

20
          user/pass.

21
        },

22
        'Author' => [ 'Vlatko Kosturjak <kost[at]linux.hr>' ],

23
        'License' => MSF_LICENSE,

24
        'Notes' => {

25
          'Reliability' => UNKNOWN_RELIABILITY,

26
          'Stability' => UNKNOWN_STABILITY,

27
          'SideEffects' => UNKNOWN_SIDE_EFFECTS

28
        }

29
      )

30
    )

31


32
    register_options(

33
      [

34
        Opt::RPORT(55553),

35
        OptString.new('USERNAME', [true, "A specific username to authenticate as. Default is msf", "msf"]),

36
        OptBool.new('BLANK_PASSWORDS', [false, "Try blank passwords for all users", false]),

37
        OptBool.new('SSL', [ true, "Negotiate SSL for outgoing connections", true])

38
      ]

39
    )

40


41
    register_autofilter_ports([3790])

42
  end

43


44
  def run_host(ip)

45
    begin

46
      @rpc = Msf::RPC::Client.new(

47
        :host => rhost,

48
        :port => rport,

49
        :ssl => ssl

50
      )

51
    rescue ::Interrupt

52
      raise $!

53
    rescue => e

54
      vprint_error("Cannot create RPC client : #{e}")

55
      return

56
    end

57


58
    each_user_pass do |user, pass|

59
      do_login(user, pass)

60
    end

61
  end

62


63
  def report_cred(opts)

64
    service_data = {

65
      address: opts[:ip],

66
      port: opts[:port],

67
      service_name: opts[:service_name],

68
      protocol: 'tcp',

69
      workspace_id: myworkspace_id

70
    }

71


72
    credential_data = {

73
      origin_type: :service,

74
      module_fullname: fullname,

75
      username: opts[:user],

76
      private_data: opts[:password],

77
      private_type: :password

78
    }.merge(service_data)

79


80
    login_data = {

81
      last_attempted_at: Time.now,

82
      core: create_credential(credential_data),

83
      status: Metasploit::Model::Login::Status::SUCCESSFUL,

84
      proof: opts[:proof]

85
    }.merge(service_data)

86


87
    create_credential_login(login_data)

88
  end

89


90
  def do_login(user = 'msf', pass = 'msf')

91
    vprint_status("Trying username:'#{user}' with password:'#{pass}'")

92
    begin

93
      res = @rpc.login(user, pass)

94
      if res

95
        print_good("SUCCESSFUL LOGIN. '#{user}' : '#{pass}'")

96
        report_cred(

97
          ip: rhost,

98
          port: rport,

99
          service_name: 'msf-rpc',

100
          user: user,

101
          password: pass

102
        )

103
        return :next_user

104
      end

105
    rescue Rex::ConnectionRefused => e

106
      print_error("Connection refused : #{e}")

107
      return :abort

108
    rescue => e

109
      vprint_status("#{peer} - Bad login")

110
      return :skip_pass

111
    end

112
  ensure

113
    @rpc.close

114
  end

115
end

116


117