Module: Metasploit::Framework::Varnish::Client

Included in:
LoginScanner::VarnishCLI
Defined in:
lib/metasploit/framework/varnish/client.rb

Constant Summary collapse

@@AUTH_REQUIRED_REGEX =

107 auth

/107 \d+\s\s\s\s\s\s\n(\w+)\n\nAuthentication required\./
@@AUTH_SUCCESS_REGEX =

200 ok

/200 \d+/

Instance Method Summary collapse

Instance Method Details

#close_sessionObject


49
50
51
# File 'lib/metasploit/framework/varnish/client.rb', line 49

def close_session
  sock.put('quit')
end

#login(pass) ⇒ Object


28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# File 'lib/metasploit/framework/varnish/client.rb', line 28

def (pass)
  # based on https://www.varnish-cache.org/trac/wiki/CLI
  begin
    challenge = require_auth?
    if !!challenge
      response = Digest::SHA256.hexdigest("#{challenge}\n#{pass.strip}\n#{challenge}\n")
      sock.put("auth #{response}\n")
      res = sock.get_once
      if res && res =~ @@AUTH_SUCCESS_REGEX
        return true
      else
        return false
      end
    else
      raise RuntimeError, "No Auth Required"
    end
  rescue Timeout::Error
    raise RuntimeError, "Varnish Login timeout"
  end
end

#require_auth?Boolean

Returns:

  • (Boolean)

13
14
15
16
17
18
19
20
21
22
23
24
25
26
# File 'lib/metasploit/framework/varnish/client.rb', line 13

def require_auth?
  # function returns false if no auth is required, else the challenge string
  res = sock.get_once # varnish can give the challenge on connect, so check if we have it already
  if res && res =~ @@AUTH_REQUIRED_REGEX
    return $1
  end
  # Cause a login fail to get the challenge. Length is correct, but this has upper chars, subtle diff for debugging
  sock.put("auth #{Rex::Text.rand_text_alphanumeric(64)}\n")
  res = sock.get_once # grab challenge
  if res && res =~ @@AUTH_REQUIRED_REGEX
    return $1
  end
  return false
end