Class: Metasploit::Framework::LoginScanner::POP3

Inherits:

Object

Object
Metasploit::Framework::LoginScanner::POP3

show all

Includes:: Base, RexSocket, Tcp::Client

Defined in:: lib/metasploit/framework/login_scanner/pop3.rb

Overview

This is the LoginScanner class for dealing with POP3. It is responsible for taking a single target, and a list of credentials and attempting them. It then saves the results.

Constant Summary collapse

DEFAULT_PORT =

LIKELY_PORTS =

[ 110, 995 ]

LIKELY_SERVICE_NAMES =

[ 'pop3', 'pop3s' ]

PRIVATE_TYPES =

[ :password ]

REALM_KEY =

nil

Instance Attribute Summary

Attributes included from Tcp::Client

#max_send_size, #send_delay, #sock

Instance Method Summary collapse

#attempt_login(credential) ⇒ Metasploit::Framework::LoginScanner::Result

This method attempts a single login with a single credential against the target.

Methods included from Tcp::Client

#chost, #connect, #cport, #disconnect, #proxies, #rhost, #rport, #set_tcp_evasions, #ssl, #ssl_version

Instance Method Details

#attempt_login(credential) ⇒ `Metasploit::Framework::LoginScanner::Result`

This method attempts a single login with a single credential against the target

Parameters:

credential (Credential) —

The credential object to attempt to login with

Returns:

(Metasploit::Framework::LoginScanner::Result) —

The LoginScanner Result object

# File 'lib/metasploit/framework/login_scanner/pop3.rb', line 26

def attempt_login(credential)
  result_options = {
    credential: credential,
    status: Metasploit::Model::Login::Status::INCORRECT,
    host: host,
    port: port,
    protocol: 'tcp',
    service_name: 'pop3'
  }

  disconnect if self.sock

  begin
    connect
    select([sock],nil,nil,0.4)

    # Check to see if we received an OK?
    result_options[:proof] = sock.get_once
    if result_options[:proof] && result_options[:proof][/^\+OK.*/]
      # If we received an OK we should send the USER
      sock.put("USER #{credential.public}\r\n")
      result_options[:proof] = sock.get_once

      if result_options[:proof] && result_options[:proof][/^\+OK.*/]
        # If we got an OK after the username we can send the PASS
        sock.put("PASS #{credential.private}\r\n")
        # Dovecot has a failed-auth penalty system that maxes at
        # sleeping for 15 seconds before sending responses to the
        # PASS command, so bump the timeout to 16.
        result_options[:proof] = sock.get_once(-1, 16)

        if result_options[:proof] && result_options[:proof][/^\+OK.*/]
          # if the pass gives an OK, were good to go
          result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL
        end
      end
    end

  rescue Rex::ConnectionError, EOFError, Timeout::Error, Errno::EPIPE => e
    result_options.merge!(
      proof: e,
      status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
    )
  end

  disconnect if self.sock

  Result.new(result_options)
end