Module: Metasploit::Framework::Varnish::Client

Included in:

LoginScanner::VarnishCLI

Defined in:

lib/metasploit/framework/varnish/client.rb

Constant Summary

@@AUTH_REQUIRED_REGEX =

107 auth

/107 \d+\s\s\s\s\s\s\n(\w+)\n\nAuthentication required\./

@@AUTH_SUCCESS_REGEX =

200 ok

/200 \d+/

Instance Method Summary

• #close_session ⇒ Object
• #login(pass) ⇒ Object
• #require_auth? ⇒ Boolean

Instance Method Details

#close_session ⇒ Object

# File 'lib/metasploit/framework/varnish/client.rb', line 46

def close_session
  sock.put('quit')
end

#login(pass) ⇒ Object

# File 'lib/metasploit/framework/varnish/client.rb', line 25

def login(pass)
  # based on https://www.varnish-cache.org/trac/wiki/CLI
  begin
    challenge = require_auth?
    if !!challenge
      response = Digest::SHA256.hexdigest("#{challenge}\n#{pass.strip}\n#{challenge}\n")
      sock.put("auth #{response}\n")
      res = sock.get_once
      if res && res =~ @@AUTH_SUCCESS_REGEX
        return true
      else
        return false
      end
    else
      raise RuntimeError, "No Auth Required"
    end
  rescue Timeout::Error
    raise RuntimeError, "Varnish Login timeout"
  end
end

#require_auth? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/metasploit/framework/varnish/client.rb', line 10

def require_auth?
  # function returns false if no auth is required, else the challenge string
  res = sock.get_once # varnish can give the challenge on connect, so check if we have it already
  if res && res =~ @@AUTH_REQUIRED_REGEX
    return $1
  end
  # Cause a login fail to get the challenge. Length is correct, but this has upper chars, subtle diff for debugging
  sock.put("auth #{Rex::Text.rand_text_alphanumeric(64)}\n")
  res = sock.get_once # grab challenge
  if res && res =~ @@AUTH_REQUIRED_REGEX
    return $1
  end
  return false
end