Class: Metasploit::Framework::LoginScanner::POP3

Inherits:
Object
  • Object
show all
Includes:
Base, RexSocket, Tcp::Client
Defined in:
lib/metasploit/framework/login_scanner/pop3.rb

Overview

This is the LoginScanner class for dealing with POP3. It is responsible for taking a single target, and a list of credentials and attempting them. It then saves the results.

Constant Summary collapse

DEFAULT_PORT =
110
LIKELY_PORTS =
[ 110, 995 ]
LIKELY_SERVICE_NAMES =
[ 'pop3', 'pop3s' ]
PRIVATE_TYPES =
[ :password ]
REALM_KEY =
nil

Instance Attribute Summary

Attributes included from Tcp::Client

#max_send_size, #send_delay, #sock

Instance Method Summary collapse

Methods included from Tcp::Client

#chost, #connect, #cport, #disconnect, #proxies, #rhost, #rport, #set_tcp_evasions, #ssl, #ssl_version

Instance Method Details

#attempt_login(credential) ⇒ Metasploit::Framework::LoginScanner::Result

This method attempts a single login with a single credential against the target

Parameters:

  • credential (Credential)

    The credential object to attempt to login with

Returns:


26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# File 'lib/metasploit/framework/login_scanner/pop3.rb', line 26

def (credential)
  result_options = {
    credential: credential,
    status: Metasploit::Model::Login::Status::INCORRECT,
    host: host,
    port: port,
    protocol: 'tcp',
    service_name: 'pop3'
  }

  disconnect if self.sock

  begin
    connect
    select([sock],nil,nil,0.4)

    # Check to see if we recieved an OK?
    result_options[:proof] = sock.get_once
    if result_options[:proof] && result_options[:proof][/^\+OK.*/]
      # If we received an OK we should send the USER
      sock.put("USER #{credential.public}\r\n")
      result_options[:proof] = sock.get_once

      if result_options[:proof] && result_options[:proof][/^\+OK.*/]
        # If we got an OK after the username we can send the PASS
        sock.put("PASS #{credential.private}\r\n")
        # Dovecot has a failed-auth penalty system that maxes at
        # sleeping for 15 seconds before sending responses to the
        # PASS command, so bump the timeout to 16.
        result_options[:proof] = sock.get_once(-1, 16)

        if result_options[:proof] && result_options[:proof][/^\+OK.*/]
          # if the pass gives an OK, were good to go
          result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL
        end
      end
    end

  rescue Rex::ConnectionError, EOFError, Timeout::Error, Errno::EPIPE => e
    result_options.merge!(
      proof: e,
      status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
    )
  end

  disconnect if self.sock

  Result.new(result_options)
end