Class: Metasploit::Framework::LoginScanner::Postgres

Inherits:
Object
  • Object
show all
Includes:
Base
Defined in:
lib/metasploit/framework/login_scanner/postgres.rb

Overview

This is the LoginScanner class for dealing with PostgreSQL database servers. It is responsible for taking a single target, and a list of credentials and attempting them. It then saves the results.

Constant Summary collapse

DEFAULT_PORT = 
5432
DEFAULT_REALM = 
'template1'
LIKELY_PORTS = 
[ DEFAULT_PORT ]
LIKELY_SERVICE_NAMES = 
[ 'postgres' ]
PRIVATE_TYPES = 
[ :password ]
REALM_KEY = 
Metasploit::Model::Realm::Key::POSTGRESQL_DATABASE

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#use_client_as_proofObject

Returns the value of attribute use_client_as_proof.



16
17
18
 
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 16

def use_client_as_proof
  @use_client_as_proof
end

Instance Method Details

#attempt_login(credential) ⇒ Metasploit::Framework::LoginScanner::Result

This method attempts a single login with a single credential against the target

Parameters:

  • credential (Credential)

    The credential object to attempt to login with

Returns:



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 28

def (credential)
  result_options = {
      credential: credential,
      host: host,
      port: port,
      protocol: 'tcp',
      service_name: 'postgres'
  }

  db_name = credential.realm || 'template1'

  if ::Rex::Socket.is_ipv6?(host)
    uri = "tcp://[#{host}]:#{port}"
  else
    uri = "tcp://#{host}:#{port}"
  end

  pg_conn = nil

  begin
    pg_conn = Msf::Db::PostgresPR::Connection.new(db_name,credential.public,credential.private,uri,proxies)
  rescue ::RuntimeError => e
    case e.to_s.split("\t")[1]
      when "C3D000"
        result_options.merge!({
          status: Metasploit::Model::Login::Status::INCORRECT,
          proof: "C3D000, Creds were good but database was bad"
        })
      when "C28000", "C28P01"
        result_options.merge!({
            status: Metasploit::Model::Login::Status::INCORRECT,
            proof: "Invalid username or password"
        })
      else
        result_options.merge!({
            status: Metasploit::Model::Login::Status::INCORRECT,
            proof: e.message
        })
    end
  rescue Rex::ConnectionError, Rex::ConnectionProxyError, Errno::ECONNRESET, Errno::EINTR, Errno::ENOTCONN, Rex::TimeoutError, EOFError, Timeout::Error => e
    result_options.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
  rescue Msf::Db::PostgresPR::AuthenticationMethodMismatch => e
    result_options.merge!({
      status: Metasploit::Model::Login::Status::INCORRECT,
      proof: e.message
    })
  end

  if pg_conn
    result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL

    # This module no longer owns the socket so return it as proof so the calling context can perform additional operations
    # Additionally assign values to nil to avoid closing the socket etc automatically
    if use_client_as_proof
      result_options[:proof] = pg_conn
      result_options[:connection] = pg_conn.conn
    else
      pg_conn.close
    end
  else
    result_options[:status] = Metasploit::Model::Login::Status::INCORRECT
  end

  ::Metasploit::Framework::LoginScanner::Result.new(result_options)
end