Class: Metasploit::Framework::LoginScanner::IPBoard

Inherits:

HTTP

Object
HTTP
Metasploit::Framework::LoginScanner::IPBoard

show all

Defined in:: lib/metasploit/framework/login_scanner/ipboard.rb

Overview

IP Board login scanner

Constant Summary

Constants inherited from HTTP

HTTP::AUTHORIZATION_HEADER, HTTP::DEFAULT_HTTP_NOT_AUTHED_CODES, HTTP::DEFAULT_HTTP_SUCCESS_CODES, HTTP::DEFAULT_PORT, HTTP::DEFAULT_REALM, HTTP::DEFAULT_SSL_PORT, HTTP::LIKELY_PORTS, HTTP::LIKELY_SERVICE_NAMES, HTTP::PRIVATE_TYPES, HTTP::REALM_KEY

Instance Attribute Summary collapse

Attributes inherited from HTTP

#digest_auth_iis, #evade_header_folding, #evade_method_random_case, #evade_method_random_invalid, #evade_method_random_valid, #evade_pad_fake_headers, #evade_pad_fake_headers_count, #evade_pad_get_params, #evade_pad_get_params_count, #evade_pad_method_uri_count, #evade_pad_method_uri_type, #evade_pad_post_params, #evade_pad_post_params_count, #evade_pad_uri_version_count, #evade_pad_uri_version_type, #evade_shuffle_get_params, #evade_shuffle_post_params, #evade_uri_dir_fake_relative, #evade_uri_dir_self_reference, #evade_uri_encode_mode, #evade_uri_fake_end, #evade_uri_fake_params_start, #evade_uri_full_url, #evade_uri_use_backslashes, #evade_version_random_invalid, #evade_version_random_valid, #http_success_codes, #keep_connection_alive, #kerberos_authenticator_factory, #method, #ntlm_domain, #ntlm_send_lm, #ntlm_send_ntlm, #ntlm_send_spn, #ntlm_use_lm_key, #ntlm_use_ntlmv2, #ntlm_use_ntlmv2_session, #uri, #user_agent, #vhost

Instance Method Summary collapse

#attempt_login(credential) ⇒ Object
#method=(_) ⇒ Object

The method must be “POST”, so don’t let the user change it.
#set_sane_defaults ⇒ Object

Methods inherited from HTTP

#authentication_required?, #check_setup, #send_request

Instance Attribute Details

#http_password ⇒ `String`

Returns:

(String)



16
17
18

# File 'lib/metasploit/framework/login_scanner/ipboard.rb', line 16

def http_password
  @http_password
end

#http_username ⇒ `String`

Returns:

(String)



12
13
14

# File 'lib/metasploit/framework/login_scanner/ipboard.rb', line 12

def http_username
  @http_username
end

Instance Method Details

#attempt_login(credential) ⇒ `Object`

# File 'lib/metasploit/framework/login_scanner/ipboard.rb', line 19

def attempt_login(credential)
  result_opts = {
      credential: credential,
      host: host,
      port: port,
      protocol: 'tcp'
  }
  if ssl
    result_opts[:service_name] = 'https'
  else
    result_opts[:service_name] = 'http'
  end

  begin

    nonce_response = send_request({
        'uri' => uri,
        'method'  => 'GET'
    })

    if nonce_response.body =~ /name='auth_key'\s+value='.*?((?:[a-z0-9]*))'/i
      server_nonce = $1

      if uri.end_with? '/'
        base_uri = uri.gsub(/\/$/, '')
      else
        base_uri = uri
      end

      auth_uri = "#{base_uri}/index.php"

      response = send_request({
        'uri' => auth_uri,
        'method'  => 'POST',
        'vars_get' => {
          'app'     => 'core',
          'module'  => 'global',
          'section' => 'login',
          'do'      => 'process'
        },
        'vars_post'      => {
          'auth_key'     => server_nonce,
          'ips_username' => credential.public,
          'ips_password' => credential.private
        }
      })

      if response && response.get_cookies.include?('ipsconnect') && response.get_cookies.include?('coppa')
        result_opts.merge!(status: Metasploit::Model::Login::Status::SUCCESSFUL, proof: response)
      else
        result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: response)
      end

    else
      result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: "Server nonce not present, potentially not an IP Board install or bad URI.")
    end
  rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
    result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
  end

  Result.new(result_opts)

end

#method=(_) ⇒ `Object`

The method must be “POST”, so don’t let the user change it

Raises:

(RuntimeError)



94
95
96

# File 'lib/metasploit/framework/login_scanner/ipboard.rb', line 94

def method=(_)
  raise RuntimeError, "Method must be POST for IPBoard"
end

#set_sane_defaults ⇒ `Object`

# File 'lib/metasploit/framework/login_scanner/ipboard.rb', line 85

def set_sane_defaults
  self.uri = "/forum/" if self.uri.nil?
  @method = "POST".freeze

  super
end

Class: Metasploit::Framework::LoginScanner::IPBoard

Overview

Constant Summary

Constants inherited from HTTP

Instance Attribute Summary collapse

Attributes inherited from HTTP

Instance Method Summary collapse

Methods inherited from HTTP

Instance Attribute Details

#http_password ⇒ String

#http_username ⇒ String

Instance Method Details

#attempt_login(credential) ⇒ Object

#method=(_) ⇒ Object

#set_sane_defaults ⇒ Object

#http_password ⇒ `String`

#http_username ⇒ `String`

#attempt_login(credential) ⇒ `Object`

#method=(_) ⇒ `Object`

#set_sane_defaults ⇒ `Object`