Module: Msf::Exploit::Remote::Pop2

Includes:
Tcp
Defined in:
lib/msf/core/exploit/remote/pop2.rb

Overview

This module exposes methods that may be useful to exploits that deal with servers that speak the POP2 protocol.

Instance Attribute Summary collapse

Attributes included from Tcp

#sock

Instance Method Summary collapse

Methods included from Tcp

#chost, #cleanup, #connect_timeout, #cport, #deregister_tcp_options, #disconnect, #handler, #lhost, #lport, #peer, #print_prefix, #proxies, #rhost, #rport, #set_tcp_evasions, #shutdown, #ssl, #ssl_cipher, #ssl_verify_mode, #ssl_version

Instance Attribute Details

This attribute holds the banner that was read in after a successful call to connect or connect_login.


130
131
132
# File 'lib/msf/core/exploit/remote/pop2.rb', line 130

def banner
  @banner
end

Instance Method Details

#connect(global = true) ⇒ Object

This method establishes a POP2 connection to host and port specified by the RHOST and RPORT options, respectively. After connecting, the banner message is read in and stored in the 'banner' attribute.


36
37
38
39
40
41
42
43
44
45
46
47
48
49
# File 'lib/msf/core/exploit/remote/pop2.rb', line 36

def connect(global = true)
  print_status("Connecting to POP2 server #{rhost}:#{rport}...")

  fd = super

  # Wait for a banner to arrive...
  self.banner = fd.get_once

  print_status("Connected to target POP2 server.")
  print_status("Banner: #{self.banner.split("\n")[0].strip}")

  # Return the file descriptor to the caller
  fd
end

#connect_login(global = true) ⇒ Object

Connect and login to the remote POP2 server using the credentials that have been supplied in the exploit options.


55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# File 'lib/msf/core/exploit/remote/pop2.rb', line 55

def (global = true)
  pop2sock = connect(global)


  if !(user and pass)
    print_status("No username and password were supplied, unable to login")
    return false
  end

  print_status("Authenticating as #{user} with password #{pass}...")
  res = raw_send_recv("HELO #{user} #{pass}\r\n")

  if (res !~ /messages/)
    print_status("Authentication failed")
    return false
  end

  print_status("Messages: #{res}")
  return true
end

#initialize(info = {}) ⇒ Object

Creates an instance of an POP2 exploit module.


18
19
20
21
22
23
24
25
26
27
28
29
# File 'lib/msf/core/exploit/remote/pop2.rb', line 18

def initialize(info = {})
  super

  # Register the options that all POP2 exploits may make use of.
  register_options(
    [
      Opt::RHOST,
      Opt::RPORT(109),
      OptString.new('POP2USER', [ false, 'The username to authenticate as']),
      OptString.new('POP2PASS', [ false, 'The password for the specified username'])
    ], Msf::Exploit::Remote::Pop2)
end

#passObject

Returns the user string from the 'POP2PASS' option.


120
121
122
# File 'lib/msf/core/exploit/remote/pop2.rb', line 120

def pass
  datastore['POP2PASS']
end

#raw_send(cmd, nsock = self.sock) ⇒ Object

This method transmits a FTP command and does not wait for a response


100
101
102
# File 'lib/msf/core/exploit/remote/pop2.rb', line 100

def raw_send(cmd, nsock = self.sock)
  nsock.put(cmd)
end

#raw_send_recv(cmd, nsock = self.sock) ⇒ Object

This method transmits a POP2 command and waits for a response. If one is received, it is returned to the caller.


80
81
82
83
# File 'lib/msf/core/exploit/remote/pop2.rb', line 80

def raw_send_recv(cmd, nsock = self.sock)
  nsock.put(cmd)
  res = nsock.get_once
end

#send_cmd(args, recv = true, nsock = self.sock) ⇒ Object

This method sends one command with zero or more parameters


88
89
90
91
92
93
94
95
# File 'lib/msf/core/exploit/remote/pop2.rb', line 88

def send_cmd(args, recv = true, nsock = self.sock)
  cmd = args.join(" ") + "\r\n"
  if (recv)
    return raw_send_recv(cmd, nsock)
  else
    return raw_send(cmd, nsock)
  end
end

#userObject

Returns the user string from the 'POP2USER' option.


113
114
115
# File 'lib/msf/core/exploit/remote/pop2.rb', line 113

def user
  datastore['POP2USER']
end