Class: Metasploit::Framework::LoginScanner::Axis2

Inherits:
HTTP
  • Object
show all
Defined in:
lib/metasploit/framework/login_scanner/axis2.rb

Overview

Tomcat Manager login scanner

Constant Summary collapse

DEFAULT_PORT = 
8080
CAN_GET_SESSION =

Inherit LIKELY_PORTS,LIKELY_SERVICE_NAMES, and REALM_KEY from HTTP

true
PRIVATE_TYPES = 
[ :password ]

Constants inherited from HTTP

HTTP::AUTHORIZATION_HEADER, HTTP::DEFAULT_HTTP_NOT_AUTHED_CODES, HTTP::DEFAULT_HTTP_SUCCESS_CODES, HTTP::DEFAULT_REALM, HTTP::DEFAULT_SSL_PORT, HTTP::LIKELY_PORTS, HTTP::LIKELY_SERVICE_NAMES, HTTP::REALM_KEY

Instance Attribute Summary

Attributes inherited from HTTP

#digest_auth_iis, #evade_header_folding, #evade_method_random_case, #evade_method_random_invalid, #evade_method_random_valid, #evade_pad_fake_headers, #evade_pad_fake_headers_count, #evade_pad_get_params, #evade_pad_get_params_count, #evade_pad_method_uri_count, #evade_pad_method_uri_type, #evade_pad_post_params, #evade_pad_post_params_count, #evade_pad_uri_version_count, #evade_pad_uri_version_type, #evade_shuffle_get_params, #evade_shuffle_post_params, #evade_uri_dir_fake_relative, #evade_uri_dir_self_reference, #evade_uri_encode_mode, #evade_uri_fake_end, #evade_uri_fake_params_start, #evade_uri_full_url, #evade_uri_use_backslashes, #evade_version_random_invalid, #evade_version_random_valid, #http_password, #http_success_codes, #http_username, #keep_connection_alive, #kerberos_authenticator_factory, #method, #ntlm_domain, #ntlm_send_lm, #ntlm_send_ntlm, #ntlm_send_spn, #ntlm_use_lm_key, #ntlm_use_ntlmv2, #ntlm_use_ntlmv2_session, #uri, #user_agent, #vhost

Instance Method Summary collapse

Methods inherited from HTTP

#authentication_required?, #check_setup, #send_request

Instance Method Details

#attempt_login(credential) ⇒ Object

[View source] [View on GitHub]

18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/metasploit/framework/login_scanner/axis2.rb', line 18

def (credential)
  result_opts = {
      credential: credential,
      host: host,
      port: port,
      protocol: 'tcp'
  }
  if ssl
    result_opts[:service_name] = 'https'
  else
    result_opts[:service_name] = 'http'
  end

  begin
    # Refactor to access Metasploit::Framework::LoginScanner::HTTP#send_request()
    # to send request to the HTTP server and obtain a response
    response = send_request({
      'uri' => uri,
      'method' => 'POST',
      'vars_post' =>
       {
         'userName' => credential.public,
         'password' => credential.private,
         'submit' => '+Login+'
       }
    })

    if response && response.code == 200 && response.body.include?("upload")
      result_opts.merge!(status: Metasploit::Model::Login::Status::SUCCESSFUL, proof: response)
    else
      result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: response)
    end
  rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
    result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
  end

  Result.new(result_opts)

end

#method=(_) ⇒ Object

The method must be “POST”, so don’t let the user change it

Raises:

  • (RuntimeError)
[View source] [View on GitHub]

68
69
70
 
# File 'lib/metasploit/framework/login_scanner/axis2.rb', line 68

def method=(_)
  raise RuntimeError, "Method must be POST for Axis2"
end

#set_sane_defaultsObject

[View source] [View on GitHub]

59
60
61
62
63
64
 
# File 'lib/metasploit/framework/login_scanner/axis2.rb', line 59

def set_sane_defaults
  self.uri = "/axis2/axis2-admin/login" if self.uri.nil?
  @method = "POST".freeze

  super
end