Module: Msf::Exploit::Remote::Pop2

Includes:
Tcp
Defined in:
lib/msf/core/exploit/pop2.rb

Overview

This module exposes methods that may be useful to exploits that deal with servers that speak the POP2 protocol.

Instance Method Summary collapse

Methods included from Tcp

#chost, #cleanup, #connect_timeout, #cport, #disconnect, #handler, #lhost, #lport, #proxies, #rhost, #rport, #set_tcp_evasions, #ssl, #ssl_version

Instance Method Details

#connect(global = true) ⇒ Object

This method establishes a POP2 connection to host and port specified by the RHOST and RPORT options, respectively. After connecting, the banner message is read in and stored in the 'banner' attribute.


37
38
39
40
41
42
43
44
45
46
47
48
49
50
# File 'lib/msf/core/exploit/pop2.rb', line 37

def connect(global = true)
  print_status("Connecting to POP2 server #{rhost}:#{rport}...")

  fd = super

  # Wait for a banner to arrive...
  self.banner = fd.get_once

  print_status("Connected to target POP2 server.")
  print_status("Banner: #{self.banner.split("\n")[0].strip}")

  # Return the file descriptor to the caller
  fd
end

#connect_login(global = true) ⇒ Object

Connect and login to the remote POP2 server using the credentials that have been supplied in the exploit options.


56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# File 'lib/msf/core/exploit/pop2.rb', line 56

def (global = true)
  pop2sock = connect(global)


  if !(user and pass)
    print_status("No username and password were supplied, unable to login")
    return false
  end

  print_status("Authenticating as #{user} with password #{pass}...")
  res = raw_send_recv("HELO #{user} #{pass}\r\n")

  if (res !~ /messages/)
    print_status("Authentication failed")
    return false
  end

  print_status("Messages: #{res}")
  return true
end

#initialize(info = {}) ⇒ Object

Creates an instance of an POP2 exploit module.


19
20
21
22
23
24
25
26
27
28
29
30
# File 'lib/msf/core/exploit/pop2.rb', line 19

def initialize(info = {})
  super

  # Register the options that all POP2 exploits may make use of.
  register_options(
    [
      Opt::RHOST,
      Opt::RPORT(109),
      OptString.new('POP2USER', [ false, 'The username to authenticate as']),
      OptString.new('POP2PASS', [ false, 'The password for the specified username'])
    ], Msf::Exploit::Remote::Pop2)
end

#passObject

Returns the user string from the 'POP2PASS' option.


121
122
123
# File 'lib/msf/core/exploit/pop2.rb', line 121

def pass
  datastore['POP2PASS']
end

#raw_send(cmd, nsock = self.sock) ⇒ Object

This method transmits a FTP command and does not wait for a response


101
102
103
# File 'lib/msf/core/exploit/pop2.rb', line 101

def raw_send(cmd, nsock = self.sock)
  nsock.put(cmd)
end

#raw_send_recv(cmd, nsock = self.sock) ⇒ Object

This method transmits a POP2 command and waits for a response. If one is received, it is returned to the caller.


81
82
83
84
# File 'lib/msf/core/exploit/pop2.rb', line 81

def raw_send_recv(cmd, nsock = self.sock)
  nsock.put(cmd)
  res = nsock.get_once
end

#send_cmd(args, recv = true, nsock = self.sock) ⇒ Object

This method sends one command with zero or more parameters


89
90
91
92
93
94
95
96
# File 'lib/msf/core/exploit/pop2.rb', line 89

def send_cmd(args, recv = true, nsock = self.sock)
  cmd = args.join(" ") + "\r\n"
  if (recv)
    return raw_send_recv(cmd, nsock)
  else
    return raw_send(cmd, nsock)
  end
end

#userObject

Returns the user string from the 'POP2USER' option.


114
115
116
# File 'lib/msf/core/exploit/pop2.rb', line 114

def user
  datastore['POP2USER']
end