CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6

7
class MetasploitModule < Msf::Auxiliary
8
  include Msf::Exploit::Remote::Tcp
9
  include Msf::Auxiliary::Report
10
  include Msf::Auxiliary::AuthBrute
11
  include Msf::Auxiliary::Scanner
12

13
  def initialize(info = {})
14
    super(update_info(info,
15
      'Name'          => 'Metasploit RPC Interface Login Utility',
16
      'Description'   => %q{
17
        This module simply attempts to login to a
18
        Metasploit RPC interface using a specific
19
        user/pass.
20
      },
21
      'Author'        => [ 'Vlatko Kosturjak <kost[at]linux.hr>' ],
22
      'License'       => MSF_LICENSE
23
    ))
24

25
    register_options(
26
      [
27
        Opt::RPORT(55553),
28
        OptString.new('USERNAME', [true, "A specific username to authenticate as. Default is msf", "msf"]),
29
        OptBool.new('BLANK_PASSWORDS', [false, "Try blank passwords for all users", false]),
30
        OptBool.new('SSL', [ true, "Negotiate SSL for outgoing connections", true])
31
      ])
32

33
    register_autofilter_ports([3790])
34
  end
35

36
  def run_host(ip)
37
    begin
38
      @rpc = Msf::RPC::Client.new(
39
        :host => rhost,
40
        :port => rport,
41
        :ssl  => ssl
42
      )
43
    rescue ::Interrupt
44
      raise $!
45
    rescue => e
46
      vprint_error("Cannot create RPC client : #{e}")
47
      return
48
    end
49

50
    each_user_pass do |user, pass|
51
      do_login(user, pass)
52
    end
53
  end
54

55
  def report_cred(opts)
56
    service_data = {
57
      address: opts[:ip],
58
      port: opts[:port],
59
      service_name: opts[:service_name],
60
      protocol: 'tcp',
61
      workspace_id: myworkspace_id
62
    }
63

64
    credential_data = {
65
      origin_type: :service,
66
      module_fullname: fullname,
67
      username: opts[:user],
68
      private_data: opts[:password],
69
      private_type: :password
70
    }.merge(service_data)
71

72
    login_data = {
73
      last_attempted_at: Time.now,
74
      core: create_credential(credential_data),
75
      status: Metasploit::Model::Login::Status::SUCCESSFUL,
76
      proof: opts[:proof]
77
    }.merge(service_data)
78

79
    create_credential_login(login_data)
80
  end
81

82
  def do_login(user = 'msf', pass = 'msf')
83
    vprint_status("Trying username:'#{user}' with password:'#{pass}'")
84
    begin
85
      res = @rpc.login(user, pass)
86
      if res
87
        print_good("SUCCESSFUL LOGIN. '#{user}' : '#{pass}'")
88
        report_cred(
89
          ip: rhost,
90
          port: rport,
91
          service_name: 'msf-rpc',
92
          user: user,
93
          password: pass
94
        )
95
        return :next_user
96
      end
97
    rescue Rex::ConnectionRefused => e
98
      print_error("Connection refused : #{e}")
99
      return :abort
100
    rescue => e
101
      vprint_status("#{peer} - Bad login")
102
      return :skip_pass
103
    end
104
  ensure
105
    @rpc.close
106
  end
107
end
108

109