Class: Metasploit::Framework::LoginScanner::WowzaStreamingEngineManager
- Inherits:
-
HTTP
- Object
- HTTP
- Metasploit::Framework::LoginScanner::WowzaStreamingEngineManager
- Defined in:
- lib/metasploit/framework/login_scanner/wowza_streaming_engine_manager.rb
Constant Summary collapse
- DEFAULT_PORT =
8088
- PRIVATE_TYPES =
[ :password ].freeze
- LOGIN_STATUS =
Metasploit::Model::Login::Status
Constants inherited from HTTP
HTTP::DEFAULT_HTTP_SUCCESS_CODES, HTTP::DEFAULT_REALM, HTTP::DEFAULT_SSL_PORT, HTTP::LIKELY_PORTS, HTTP::LIKELY_SERVICE_NAMES, HTTP::REALM_KEY
Instance Attribute Summary
Attributes inherited from HTTP
#digest_auth_iis, #evade_header_folding, #evade_method_random_case, #evade_method_random_invalid, #evade_method_random_valid, #evade_pad_fake_headers, #evade_pad_fake_headers_count, #evade_pad_get_params, #evade_pad_get_params_count, #evade_pad_method_uri_count, #evade_pad_method_uri_type, #evade_pad_post_params, #evade_pad_post_params_count, #evade_pad_uri_version_count, #evade_pad_uri_version_type, #evade_shuffle_get_params, #evade_shuffle_post_params, #evade_uri_dir_fake_relative, #evade_uri_dir_self_reference, #evade_uri_encode_mode, #evade_uri_fake_end, #evade_uri_fake_params_start, #evade_uri_full_url, #evade_uri_use_backslashes, #evade_version_random_invalid, #evade_version_random_valid, #http_password, #http_success_codes, #http_username, #keep_connection_alive, #kerberos_authenticator_factory, #method, #ntlm_domain, #ntlm_send_lm, #ntlm_send_ntlm, #ntlm_send_spn, #ntlm_use_lm_key, #ntlm_use_ntlmv2, #ntlm_use_ntlmv2_session, #uri, #user_agent, #vhost
Instance Method Summary collapse
-
#attempt_login(credential) ⇒ Result
Attempts to login to Wowza Streaming Engine server via Manager web interface.
-
#check_setup ⇒ Boolean
Checks if the target is Wowza Streaming Engine Manager.
Methods inherited from HTTP
Instance Method Details
#attempt_login(credential) ⇒ Result
Attempts to login to Wowza Streaming Engine server via Manager web interface
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/metasploit/framework/login_scanner/wowza_streaming_engine_manager.rb', line 30 def attempt_login(credential) result_opts = { credential: credential, status: Metasploit::Model::Login::Status::INCORRECT, proof: nil, host: host, port: port, protocol: 'tcp' } res = send_request({ 'method' => 'POST', 'uri' => normalize_uri('/enginemanager/j_spring_security_check'), 'vars_post' => { 'wowza-page-redirect' => '', 'j_username' => credential.public.to_s, 'j_password' => credential.private.to_s, 'host' => 'http://localhost:8087' } }) unless res result_opts.merge!({ status: LOGIN_STATUS::UNABLE_TO_CONNECT }) end if res && res.code == 302 && res['location'].to_s.include?('Home.htm') = res. result_opts.merge!({ status: LOGIN_STATUS::SUCCESSFUL, proof: .to_s }) unless .blank? end Result.new(result_opts) end |
#check_setup ⇒ Boolean
Checks if the target is Wowza Streaming Engine Manager. The login module should call this.
15 16 17 18 19 20 21 22 |
# File 'lib/metasploit/framework/login_scanner/wowza_streaming_engine_manager.rb', line 15 def check_setup res = send_request({ 'uri' => normalize_uri('/enginemanager/login.htm') }) return false unless res return false unless res.code == 200 res.body.include?('Wowza Streaming Engine Manager') end |