Class: Metasploit::Framework::LoginScanner::Jenkins

Inherits:

HTTP

• Object
• HTTP
• Metasploit::Framework::LoginScanner::Jenkins

Defined in:

lib/metasploit/framework/login_scanner/jenkins.rb

Overview

Jenkins login scanner

Constant Summary

CAN_GET_SESSION =

Inherit LIKELY_PORTS,LIKELY_SERVICE_NAMES, and REALM_KEY from HTTP

true

DEFAULT_HTTP_NOT_AUTHED_CODES =

[403]

DEFAULT_PORT =

8080

PRIVATE_TYPES =

[:password].freeze

LOGIN_PATH_REGEX =

/action="(j_([a-z0-9_]+))"/

Constants inherited from HTTP

HTTP::AUTHORIZATION_HEADER, HTTP::DEFAULT_HTTP_SUCCESS_CODES, HTTP::DEFAULT_REALM, HTTP::DEFAULT_SSL_PORT, HTTP::LIKELY_PORTS, HTTP::LIKELY_SERVICE_NAMES, HTTP::REALM_KEY

Instance Attribute Summary

Attributes inherited from HTTP

#digest_auth_iis, #evade_header_folding, #evade_method_random_case, #evade_method_random_invalid, #evade_method_random_valid, #evade_pad_fake_headers, #evade_pad_fake_headers_count, #evade_pad_get_params, #evade_pad_get_params_count, #evade_pad_method_uri_count, #evade_pad_method_uri_type, #evade_pad_post_params, #evade_pad_post_params_count, #evade_pad_uri_version_count, #evade_pad_uri_version_type, #evade_shuffle_get_params, #evade_shuffle_post_params, #evade_uri_dir_fake_relative, #evade_uri_dir_self_reference, #evade_uri_encode_mode, #evade_uri_fake_end, #evade_uri_fake_params_start, #evade_uri_full_url, #evade_uri_use_backslashes, #evade_version_random_invalid, #evade_version_random_valid, #http_password, #http_success_codes, #http_username, #keep_connection_alive, #kerberos_authenticator_factory, #method, #ntlm_domain, #ntlm_send_lm, #ntlm_send_ntlm, #ntlm_send_spn, #ntlm_use_lm_key, #ntlm_use_ntlmv2, #ntlm_use_ntlmv2_session, #uri, #user_agent, #vhost

Instance Method Summary

• #attempt_login(credential) ⇒ Object
• #authentication_required?(response) ⇒ Boolean protected

  Returns a boolean value indicating whether the request requires authentication or not.

• #check_setup ⇒ String, false

  Checks the setup for the Jenkins Login scanner.

• #set_sane_defaults ⇒ Object

Methods inherited from HTTP

#send_request

Instance Method Details

#attempt_login(credential) ⇒ Object

# File 'lib/metasploit/framework/login_scanner/jenkins.rb', line 39

def attempt_login(credential)
  result_opts = {
    credential: credential,
    host: host,
    port: port,
    protocol: 'tcp'
  }

  if ssl
    result_opts[:service_name] = 'https'
  else
    result_opts[:service_name] = 'http'
  end

  status, proof = jenkins_login(credential.public, credential.private)

  result_opts.merge!(status: status, proof: proof)

  Result.new(result_opts)
end

#authentication_required?(response) ⇒ Boolean (protected)

Returns a boolean value indicating whether the request requires authentication or not.

Parameters:

• response (Rex::Proto::Http::Response) —

  The response received from the HTTP endpoint

Returns:

• (Boolean) —

  True if the request required authentication; otherwise false.

# File 'lib/metasploit/framework/login_scanner/jenkins.rb', line 66

def authentication_required?(response)
  return false unless response

  self.class::DEFAULT_HTTP_NOT_AUTHED_CODES.include?(response.code)
end

#check_setup ⇒ String, false

Checks the setup for the Jenkins Login scanner.

Returns:

• (String, false) —

  Always returns false.

# File 'lib/metasploit/framework/login_scanner/jenkins.rb', line 18

def check_setup
  login_uri = jenkins_login_url

  return 'Unable to locate the Jenkins login path' if login_uri.nil?

  self.uri = normalize_uri(login_uri)

  false
end

#set_sane_defaults ⇒ Object

# File 'lib/metasploit/framework/login_scanner/jenkins.rb', line 29

def set_sane_defaults
  self.uri ||= '/'

  unless uri.to_s.start_with?('/')
    self.uri = "/#{uri}"
  end

  super
end