Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/afp/afp_login.rb
28052 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
require 'openssl'

7
require 'metasploit/framework/credential_collection'

8
require 'metasploit/framework/login_scanner/afp'

9


10
class MetasploitModule < Msf::Auxiliary

11
  include Msf::Auxiliary::Report

12
  include Msf::Auxiliary::Scanner

13
  include Msf::Auxiliary::AuthBrute

14
  include Msf::Exploit::Remote::AFP

15


16
  def initialize(info = {})

17
    super(

18
      update_info(

19
        info,

20
        'Name' => 'Apple Filing Protocol Login Utility',

21
        'Description' => %q{

22
          This module attempts to bruteforce authentication credentials for AFP.

23
        },

24
        'References' => [

25
          [ 'URL', 'https://web.archive.org/web/20130309051753/https://developer.apple.com/library/mac/#documentation/Networking/Reference/AFP_Reference/Reference/reference.html' ],

26
          [ 'URL', 'https://developer.apple.com/library/mac/documentation/networking/conceptual/afp/AFPSecurity/AFPSecurity.html' ]

27


28
        ],

29
        'Author' => [ 'Gregory Man <man.gregory[at]gmail.com>' ],

30
        'License' => MSF_LICENSE,

31
        'Notes' => {

32
          'Stability' => [CRASH_SAFE],

33
          'SideEffects' => [IOC_IN_LOGS, ACCOUNT_LOCKOUTS],

34
          'Reliability' => []

35
        }

36
      )

37
    )

38


39
    register_options(

40
      [

41
        Opt::Proxies,

42
        OptInt.new('LoginTimeOut', [ true, 'Timeout on login', 23 ]),

43
        OptBool.new('RECORD_GUEST', [ false, 'Record guest login to the database', false]),

44
        OptBool.new('CHECK_GUEST', [ false, 'Check for guest login', true])

45
      ]

46
    )

47
  end

48


49
  def run_host(ip)

50
    print_status("Scanning IP: #{ip}")

51


52
    cred_collection = build_credential_collection(

53
      username: datastore['USERNAME'],

54
      password: datastore['PASSWORD']

55
    )

56


57
    scanner = Metasploit::Framework::LoginScanner::AFP.new(

58
      configure_login_scanner(

59
        host: ip,

60
        port: rport,

61
        proxies: datastore['PROXIES'],

62
        cred_details: cred_collection,

63
        stop_on_success: datastore['STOP_ON_SUCCESS'],

64
        bruteforce_speed: datastore['BRUTEFORCE_SPEED'],

65
        connection_timeout: 30,

66
        max_send_size: datastore['TCP::max_send_size'],

67
        send_delay: datastore['TCP::send_delay'],

68
        framework: framework,

69
        framework_module: self,

70
        ssl: datastore['SSL'],

71
        ssl_version: datastore['SSLVersion'],

72
        ssl_verify_mode: datastore['SSLVerifyMode'],

73
        ssl_cipher: datastore['SSLCipher'],

74
        local_port: datastore['CPORT'],

75
        local_host: datastore['CHOST']

76
      )

77
    )

78


79
    scanner.scan! do |result|

80
      credential_data = result.to_h

81
      credential_data.merge!(

82
        module_fullname: fullname,

83
        workspace_id: myworkspace_id

84
      )

85
      if result.success?

86
        credential_core = create_credential(credential_data)

87
        credential_data[:core] = credential_core

88
        create_credential_login(credential_data)

89


90
        print_good "#{ip}:#{rport} - Login Successful: #{result.credential}"

91
      else

92
        invalidate_login(credential_data)

93
        vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"

94
      end

95
    end

96
  end

97
end

98


99