Class: Metasploit::Framework::LoginScanner::MQTT

Inherits:
Object
  • Object
show all
Includes:
Base, RexSocket, Tcp::Client
Defined in:
lib/metasploit/framework/login_scanner/mqtt.rb

Overview

This is the LoginScanner class for dealing with MQTT. It is responsible for taking a single target, and a list of credentials and attempting them. It then saves the results.

Constant Summary collapse

DEFAULT_PORT =

CONSTANTS

Rex::Proto::MQTT::DEFAULT_PORT
DEFAULT_SSL_PORT =
Rex::Proto::MQTT::DEFAULT_SSL_PORT
LIKELY_PORTS =
[ DEFAULT_PORT, DEFAULT_SSL_PORT ]
LIKELY_SERVICE_NAMES =
[ 'MQTT' ]
PRIVATE_TYPES =
[ :password ]
REALM_KEY =
nil

Instance Attribute Summary collapse

Attributes included from Tcp::Client

#max_send_size, #send_delay, #sock

Instance Method Summary collapse

Methods included from Tcp::Client

#chost, #connect, #cport, #disconnect, #proxies, #rhost, #rport, #set_tcp_evasions, #ssl, #ssl_version

Instance Attribute Details

#client_idString

Returns The client identifier to use when connecting to MQTT.

Returns:

  • (String)

    The client identifier to use when connecting to MQTT


33
34
35
# File 'lib/metasploit/framework/login_scanner/mqtt.rb', line 33

def client_id
  @client_id
end

#read_timeoutint

Returns The timeout use while reading responses from MQTT, in seconds.

Returns:

  • (int)

    The timeout use while reading responses from MQTT, in seconds


29
30
31
# File 'lib/metasploit/framework/login_scanner/mqtt.rb', line 29

def read_timeout
  @read_timeout
end

Instance Method Details

#attempt_login(credential) ⇒ Metasploit::Framework::LoginScanner::Result

This method attempts a single login with a single credential against the target

Parameters:

  • credential (Credential)

    The credential object to attmpt to login with

Returns:


38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# File 'lib/metasploit/framework/login_scanner/mqtt.rb', line 38

def (credential)
  result_options = {
      credential: credential,
      host: host,
      port: port,
      protocol: 'tcp',
      service_name: 'MQTT'
  }

  begin
    # Make our initial socket to the target
    disconnect if self.sock
    connect

    client_opts = {
      username: credential.public,
      password: credential.private,
      read_timeout: read_timeout,
      client_id: client_id
    }
    client = Rex::Proto::MQTT::Client.new(sock, client_opts)
    connect_res = client.connect
    client.disconnect

    if connect_res.return_code == 0
      status = Metasploit::Model::Login::Status::SUCCESSFUL
      proof = "Successful Connection (Received CONNACK packet)"
    else
      status = Metasploit::Model::Login::Status::INCORRECT
      proof = "Failed Connection (#{connect_res.return_code})"
    end

    result_options.merge!(
      proof: proof,
      status: status
    )
  rescue ::EOFError, Errno::ENOTCONN, Rex::ConnectionError, ::Timeout::Error => e
    result_options.merge!(
      proof: e.message,
      status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
    )
  ensure
    disconnect
  end

  ::Metasploit::Framework::LoginScanner::Result.new(result_options)
end