Module: Msf::Exploit::Remote::Imap

Includes:
Tcp
Defined in:
lib/msf/core/exploit/imap.rb

Overview

This module exposes methods that may be useful to exploits that deal with servers that speak the IMAP protocol.

Instance Method Summary collapse

Methods included from Tcp

#chost, #cleanup, #connect_timeout, #cport, #disconnect, #handler, #lhost, #lport, #proxies, #rhost, #rport, #set_tcp_evasions, #ssl, #ssl_version

Instance Method Details

#connect(global = true) ⇒ Object

This method establishes a IMAP connection to host and port specified by the RHOST and RPORT options, respectively. After connecting, the banner message is read in and stored in the 'banner' attribute.


37
38
39
40
41
42
43
44
45
# File 'lib/msf/core/exploit/imap.rb', line 37

def connect(global = true)
  fd = super

  # Wait for a banner to arrive...
  self.banner = fd.get_once(-1, 30)

  # Return the file descriptor to the caller
  fd
end

#connect_login(global = true) ⇒ Object

Connect and login to the remote IMAP server using the credentials that have been supplied in the exploit options.


51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# File 'lib/msf/core/exploit/imap.rb', line 51

def (global = true)
  ftpsock = connect(global)


  if !(user and pass)
    print_status("No username and password were supplied, unable to login")
    return false
  end

  print_status("Authenticating as #{user} with password #{pass}...")
  res = raw_send_recv("a001 LOGIN #{user} #{pass}\r\n")

  if (res !~ /^a001 OK/)
    print_status("Authentication failed")
    return false
  end

  return true
end

#initialize(info = {}) ⇒ Object

Creates an instance of an IMAP exploit module.


19
20
21
22
23
24
25
26
27
28
29
30
# File 'lib/msf/core/exploit/imap.rb', line 19

def initialize(info = {})
  super

  # Register the options that all IMAP exploits may make use of.
  register_options(
    [
      Opt::RHOST,
      Opt::RPORT(143),
      OptString.new('IMAPUSER', [ false, 'The username to authenticate as']),
      OptString.new('IMAPPASS', [ false, 'The password for the specified username'])
    ], Msf::Exploit::Remote::Imap)
end

#passObject

Returns the user string from the 'IMAPPASS' option.


97
98
99
# File 'lib/msf/core/exploit/imap.rb', line 97

def pass
  datastore['IMAPPASS']
end

#raw_send_recv(cmd, nsock = self.sock) ⇒ Object

This method transmits an IMAP command and waits for a response. If one is received, it is returned to the caller.


75
76
77
78
# File 'lib/msf/core/exploit/imap.rb', line 75

def raw_send_recv(cmd, nsock = self.sock)
  nsock.put(cmd)
  nsock.get_once
end

#userObject

Returns the user string from the 'IMAPUSER' option.


90
91
92
# File 'lib/msf/core/exploit/imap.rb', line 90

def user
  datastore['IMAPUSER']
end