Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/metasploit/framework/login_scanner/advantech_webaccess.rb
32410 views
1
require 'metasploit/framework/login_scanner/http'

2


3
module Metasploit

4
  module Framework

5
    module LoginScanner

6


7
      class AdvantechWebAccess < HTTP

8


9
        DEFAULT_PORT  = 80

10
        PRIVATE_TYPES = [ :password ]

11
        LOGIN_STATUS  = Metasploit::Model::Login::Status # Shorter name

12


13
        # Checks if the target is Advantech WebAccess

14
        #

15
        # @return [false] Indicates there were no errors

16
        # @return [String] a human-readable error message describing why

17
        #   this scanner can't run

18
        def check_setup

19
          uri = normalize_uri("#{uri}broadWeb/bwRoot.asp")

20


21
          res = send_request({

22
            'method' => 'GET',

23
            'uri'    => uri

24
          })

25


26
          if res && res.body =~ /Welcome to Advantech WebAccess/i

27
            return false

28
          end

29


30
          'Unable to locate "Welcome to Advantech WebAccess" in body. (Is this really Advantech WebAccess?)'

31
        end

32


33
        def do_login(user, pass)

34
          uri  = normalize_uri("#{uri}broadweb/user/signin.asp")

35


36
          res = send_request({

37
            'method' => 'POST',

38
            'uri'    => uri,

39
            'vars_post' =>

40
              {

41
                'page'     => '/',

42
                'pos'      => '',

43
                'remMe'    => '',

44
                'submit1'  => 'Login',

45
                'username' => user,

46
                'password' => pass

47
              }

48
          })

49


50
          unless res

51
            return {status: LOGIN_STATUS::UNABLE_TO_CONNECT, proof: 'Connection timed out for signin.asp'}

52
          end

53


54
          if res.headers['Location'] && res.headers['Location'] == '/broadweb/bwproj.asp'

55
            return {status: LOGIN_STATUS::SUCCESSFUL, proof: res.body}

56
          end

57


58
          {status: LOGIN_STATUS::INCORRECT, proof: res.body}

59
        end

60


61
        # Attempts to login to Advantech WebAccess.

62
        #

63
        # @param credential [Metasploit::Framework::Credential] The credential object

64
        # @return [Result] A Result object indicating success or failure

65
        def attempt_login(credential)

66
          result_opts = {

67
            credential: credential,

68
            status: Metasploit::Model::Login::Status::INCORRECT,

69
            proof: nil,

70
            host: host,

71
            port: port,

72
            protocol: 'tcp'

73
          }

74


75
          begin

76
            result_opts.merge!(do_login(credential.public, credential.private))

77
          rescue ::Rex::ConnectionError => e

78
            # Something went wrong during login. 'e' knows what's up.

79
            result_opts.merge!(status: LOGIN_STATUS::UNABLE_TO_CONNECT, proof: e.message)

80
          end

81


82
          Result.new(result_opts)

83
        end

84


85
      end

86
    end

87
  end

88
end

89


90