Class: Metasploit::Framework::LoginScanner::Telnet

Inherits:
Object
  • Object
show all
Includes:
Base, RexSocket, Telnet::Client
Defined in:
lib/metasploit/framework/login_scanner/telnet.rb

Overview

This is the LoginScanner class for dealing with Telnet remote terminals. It is responsible for taking a single target, and a list of credentials and attempting them. It then saves the results.

Constant Summary collapse

CAN_GET_SESSION =
true
DEFAULT_PORT =
23
LIKELY_PORTS =
[ DEFAULT_PORT ]
LIKELY_SERVICE_NAMES =
[ 'telnet' ]
PRIVATE_TYPES =
[ :password ]
REALM_KEY =
nil

Constants included from Telnet::Client

Telnet::Client::ABORT, Telnet::Client::AO, Telnet::Client::AYT, Telnet::Client::BREAK, Telnet::Client::DM, Telnet::Client::DO, Telnet::Client::DONT, Telnet::Client::EC, Telnet::Client::EL, Telnet::Client::EOF, Telnet::Client::EOR, Telnet::Client::GA, Telnet::Client::IAC, Telnet::Client::IP, Telnet::Client::NOP, Telnet::Client::OPT_3270REGIME, Telnet::Client::OPT_AUTHENTICATION, Telnet::Client::OPT_BINARY, Telnet::Client::OPT_BM, Telnet::Client::OPT_DET, Telnet::Client::OPT_ECHO, Telnet::Client::OPT_ENCRYPT, Telnet::Client::OPT_EOR, Telnet::Client::OPT_EXOPL, Telnet::Client::OPT_LFLOW, Telnet::Client::OPT_LINEMODE, Telnet::Client::OPT_LOGOUT, Telnet::Client::OPT_NAMS, Telnet::Client::OPT_NAOCRD, Telnet::Client::OPT_NAOFFD, Telnet::Client::OPT_NAOHTD, Telnet::Client::OPT_NAOHTS, Telnet::Client::OPT_NAOL, Telnet::Client::OPT_NAOLFD, Telnet::Client::OPT_NAOP, Telnet::Client::OPT_NAOVTD, Telnet::Client::OPT_NAOVTS, Telnet::Client::OPT_NAWS, Telnet::Client::OPT_NEW_ENVIRON, Telnet::Client::OPT_OLD_ENVIRON, Telnet::Client::OPT_OUTMRK, Telnet::Client::OPT_RCP, Telnet::Client::OPT_RCTE, Telnet::Client::OPT_SGA, Telnet::Client::OPT_SNDLOC, Telnet::Client::OPT_STATUS, Telnet::Client::OPT_SUPDUP, Telnet::Client::OPT_SUPDUPOUTPUT, Telnet::Client::OPT_TM, Telnet::Client::OPT_TSPEED, Telnet::Client::OPT_TTYLOC, Telnet::Client::OPT_TTYPE, Telnet::Client::OPT_TUID, Telnet::Client::OPT_X3PAD, Telnet::Client::OPT_XASCII, Telnet::Client::OPT_XDISPLOC, Telnet::Client::SB, Telnet::Client::SE, Telnet::Client::SUSP, Telnet::Client::SYNCH, Telnet::Client::WILL, Telnet::Client::WONT

Constants included from Msf::Auxiliary::Login

Msf::Auxiliary::Login::CR, Msf::Auxiliary::Login::EOL, Msf::Auxiliary::Login::LF, Msf::Auxiliary::Login::NULL

Instance Attribute Summary collapse

Attributes included from Telnet::Client

#banner

Attributes included from Tcp::Client

#max_send_size, #send_delay, #sock

Instance Method Summary collapse

Methods included from Telnet::Client

#connect, #connect_reset_safe, #recv, #recv_telnet

Methods included from Msf::Auxiliary::Login

#busy_message?, #command_echo?, #create_login_ivars, #initialize, #login_failed?, #login_prompt?, #login_succeeded?, #password_prompt?, #raw_send, #recv, #recv_all, #send_pass, #send_recv, #send_user, #wait_for, #waiting_message?

Methods included from Tcp::Client

#chost, #connect, #cport, #disconnect, #proxies, #rhost, #rport, #set_tcp_evasions, #ssl, #ssl_version

Instance Attribute Details

Returns the value of attribute banner_timeout


28
29
30
# File 'lib/metasploit/framework/login_scanner/telnet.rb', line 28

def banner_timeout
  @banner_timeout
end

#pre_loginObject

Returns the value of attribute pre_login


40
41
42
# File 'lib/metasploit/framework/login_scanner/telnet.rb', line 40

def 
  @pre_login
end

#telnet_timeoutObject

Returns the value of attribute telnet_timeout


34
35
36
# File 'lib/metasploit/framework/login_scanner/telnet.rb', line 34

def telnet_timeout
  @telnet_timeout
end

#verbosityProc

Prepend code to call before checking for a user login

Returns:

  • (Proc)

28
# File 'lib/metasploit/framework/login_scanner/telnet.rb', line 28

attr_accessor :banner_timeout

Instance Method Details

#attempt_login(credential) ⇒ Object


57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# File 'lib/metasploit/framework/login_scanner/telnet.rb', line 57

def (credential)
  result_options = {
      credential: credential,
      host: host,
      port: port,
      protocol: 'tcp',
      service_name: 'telnet'
  }

  begin
    if connect_reset_safe == :refused
      result_options[:status] = Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
    else
      if busy_message?
        self.sock.close unless self.sock.closed?
        result_options[:status] = Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
      end
    end

    unless result_options[:status]
      if 
        .call(self)
      end

      unless password_prompt?
        send_user(credential.public)
      end

      recvd_sample = @recvd.dup
      # Allow for slow echos
      1.upto(10) do
        recv_telnet(self.sock, 0.10) unless @recvd.nil? || password_prompt?(@recvd)
      end

      if password_prompt?(credential.public)
        send_pass(credential.private)

        # Allow for slow echos
        1.upto(10) do
          recv_telnet(self.sock, 0.10) if @recvd == recvd_sample
        end
      end

      if 
        result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL
      else
        result_options[:status] = Metasploit::Model::Login::Status::INCORRECT
      end

    end
  rescue ::EOFError, Errno::ECONNRESET, Rex::ConnectionError, Rex::ConnectionTimeout, ::Timeout::Error
    result_options[:status] = Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
  end

  ::Metasploit::Framework::LoginScanner::Result.new(result_options)
end