Class: Metasploit::Framework::LoginScanner::DirectAdmin
- Defined in:
- lib/metasploit/framework/login_scanner/directadmin.rb
Constant Summary collapse
- DEFAULT_PORT =
443
- PRIVATE_TYPES =
[ :password ]
Constants inherited from HTTP
HTTP::DEFAULT_HTTP_SUCCESS_CODES, HTTP::DEFAULT_REALM, HTTP::DEFAULT_SSL_PORT, HTTP::LIKELY_PORTS, HTTP::LIKELY_SERVICE_NAMES, HTTP::REALM_KEY
Instance Attribute Summary
Attributes inherited from HTTP
#digest_auth_iis, #evade_header_folding, #evade_method_random_case, #evade_method_random_invalid, #evade_method_random_valid, #evade_pad_fake_headers, #evade_pad_fake_headers_count, #evade_pad_get_params, #evade_pad_get_params_count, #evade_pad_method_uri_count, #evade_pad_method_uri_type, #evade_pad_post_params, #evade_pad_post_params_count, #evade_pad_uri_version_count, #evade_pad_uri_version_type, #evade_shuffle_get_params, #evade_shuffle_post_params, #evade_uri_dir_fake_relative, #evade_uri_dir_self_reference, #evade_uri_encode_mode, #evade_uri_fake_end, #evade_uri_fake_params_start, #evade_uri_full_url, #evade_uri_use_backslashes, #evade_version_random_invalid, #evade_version_random_valid, #http_password, #http_success_codes, #http_username, #keep_connection_alive, #kerberos_authenticator_factory, #method, #ntlm_domain, #ntlm_send_lm, #ntlm_send_ntlm, #ntlm_send_spn, #ntlm_use_lm_key, #ntlm_use_ntlmv2, #ntlm_use_ntlmv2_session, #uri, #user_agent, #vhost
Instance Method Summary collapse
-
#attempt_login(credential) ⇒ Result
Attempts to login to DirectAdmin Web Control Panel.
-
#check_setup ⇒ Boolean
Checks if the target is Direct Admin Web Control Panel.
-
#get_last_sid ⇒ String
Returns the latest sid from DirectAdmin Control Panel.
-
#get_login_state(username, password) ⇒ Hash
Actually doing the login.
Methods inherited from HTTP
Instance Method Details
#attempt_login(credential) ⇒ Result
Attempts to login to DirectAdmin Web Control Panel. This is called first.
95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 |
# File 'lib/metasploit/framework/login_scanner/directadmin.rb', line 95 def attempt_login(credential) result_opts = { credential: credential, status: Metasploit::Model::Login::Status::INCORRECT, proof: nil, host: host, port: port, protocol: 'tcp', service_name: ssl ? 'https' : 'http' } begin result_opts.merge!(get_login_state(credential.public, credential.private)) rescue ::Rex::ConnectionError => e # Something went wrong during login. 'e' knows what's up. result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e.) end Result.new(result_opts) end |
#check_setup ⇒ Boolean
Checks if the target is Direct Admin Web Control Panel. The login module should call this.
16 17 18 19 20 21 22 23 24 25 |
# File 'lib/metasploit/framework/login_scanner/directadmin.rb', line 16 def check_setup login_uri = normalize_uri("#{uri}/CMD_LOGIN") res = send_request({'uri'=> login_uri}) if res && res.body.include?('DirectAdmin Login') return true end false end |
#get_last_sid ⇒ String
Returns the latest sid from DirectAdmin Control Panel
31 32 33 34 35 36 37 38 39 40 41 42 43 |
# File 'lib/metasploit/framework/login_scanner/directadmin.rb', line 31 def get_last_sid @last_sid ||= lambda { # We don't have a session ID. Well, let's grab one right quick from the login page. # This should probably only happen once (initially). login_uri = normalize_uri("#{uri}/CMD_LOGIN") res = send_request({'uri' => login_uri}) return '' unless res = res. @last_sid = .scan(/(session=\w+);*/).flatten[0] || '' }.call end |
#get_login_state(username, password) ⇒ Hash
Actually doing the login. Called by #attempt_login
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
# File 'lib/metasploit/framework/login_scanner/directadmin.rb', line 53 def get_login_state(username, password) # Prep the data needed for login sid = get_last_sid protocol = ssl ? 'https' : 'http' peer = "#{host}:#{port}" login_uri = normalize_uri("#{uri}/CMD_LOGIN") res = send_request({ 'uri' => login_uri, 'method' => 'POST', 'cookie' => sid, 'headers' => { 'Referer' => "#{protocol}://#{peer}/#{login_uri}" }, 'vars_post' => { 'username' => username, 'password' => password, 'referer' => '%2F' } }) unless res return {:status => Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, :proof => res.to_s} end # After login, the application should give us a new SID = res. sid = .scan(/(session=\w+);*/).flatten[0] || '' @last_sid = sid # Update our SID if res.headers['Location'].to_s.include?('/') && !sid.blank? return {:status => Metasploit::Model::Login::Status::SUCCESSFUL, :proof => res.to_s} end {:status => Metasploit::Model::Login::Status::INCORRECT, :proof => res.to_s} end |