Class: Metasploit::Framework::LoginScanner::Postgres
- Inherits:
-
Object
- Object
- Metasploit::Framework::LoginScanner::Postgres
- Includes:
- Base
- Defined in:
- lib/metasploit/framework/login_scanner/postgres.rb
Overview
This is the LoginScanner class for dealing with PostgreSQL database servers. It is responsible for taking a single target, and a list of credentials and attempting them. It then saves the results.
Constant Summary collapse
- DEFAULT_PORT =
5432
- DEFAULT_REALM =
'template1'
- LIKELY_PORTS =
[ DEFAULT_PORT ]
- LIKELY_SERVICE_NAMES =
[ 'postgres' ]
- PRIVATE_TYPES =
[ :password ]
- REALM_KEY =
Metasploit::Model::Realm::Key::POSTGRESQL_DATABASE
Instance Attribute Summary collapse
-
#max_send_size ⇒ Integer
The max size of the data to encapsulate in a single packet.
-
#send_delay ⇒ Integer
The delay between sending packets.
-
#ssl ⇒ Boolean
Whether the connection should use SSL.
-
#ssl_cipher ⇒ String
The SSL cipher to use for the context.
-
#ssl_verify_mode ⇒ String
The SSL certification verification mechanism.
-
#ssl_version ⇒ String
The version of SSL to implement.
-
#use_client_as_proof ⇒ Object
Returns the value of attribute use_client_as_proof.
Instance Method Summary collapse
-
#attempt_login(credential) ⇒ Metasploit::Framework::LoginScanner::Result
This method attempts a single login with a single credential against the target.
- #set_sane_defaults ⇒ Object
Instance Attribute Details
#max_send_size ⇒ Integer
Returns The max size of the data to encapsulate in a single packet.
28 29 30 |
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 28 def max_send_size @max_send_size end |
#send_delay ⇒ Integer
Returns The delay between sending packets.
31 32 33 |
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 31 def send_delay @send_delay end |
#ssl ⇒ Boolean
Returns Whether the connection should use SSL.
16 17 18 |
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 16 def ssl @ssl end |
#ssl_cipher ⇒ String
Returns The SSL cipher to use for the context.
25 26 27 |
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 25 def ssl_cipher @ssl_cipher end |
#ssl_verify_mode ⇒ String
Returns the SSL certification verification mechanism.
22 23 24 |
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 22 def ssl_verify_mode @ssl_verify_mode end |
#ssl_version ⇒ String
Returns The version of SSL to implement.
19 20 21 |
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 19 def ssl_version @ssl_version end |
#use_client_as_proof ⇒ Object
Returns the value of attribute use_client_as_proof.
35 36 37 |
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 35 def use_client_as_proof @use_client_as_proof end |
Instance Method Details
#attempt_login(credential) ⇒ Metasploit::Framework::LoginScanner::Result
This method attempts a single login with a single credential against the target
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 |
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 47 def attempt_login(credential) = { credential: credential, host: host, port: port, protocol: 'tcp', service_name: 'postgres' } db_name = credential.realm || 'template1' if ::Rex::Socket.is_ipv6?(host) uri = "tcp://[#{host}]:#{port}" else uri = "tcp://#{host}:#{port}" end pg_conn = nil begin ssl_opts = {} ssl_opts[:ssl_version] = ssl_version if ssl_version ssl_opts[:ssl_verify_mode] = ssl_verify_mode if ssl_verify_mode ssl_opts[:ssl_cipher] = ssl_cipher if ssl_cipher pg_conn = Msf::Db::PostgresPR::Connection.new( db_name, credential.public, credential.private, uri, proxies, ssl, ssl_opts ) rescue ::RuntimeError => e case e.to_s.split("\t")[1] when "C3D000" .merge!({ status: Metasploit::Model::Login::Status::INCORRECT, proof: "C3D000, Creds were good but database was bad" }) when "C28000", "C28P01" .merge!({ status: Metasploit::Model::Login::Status::INCORRECT, proof: "Invalid username or password" }) else .merge!({ status: Metasploit::Model::Login::Status::INCORRECT, proof: e. }) end rescue Rex::ConnectionError, Rex::ConnectionProxyError, Errno::ECONNRESET, Errno::EINTR, Errno::ENOTCONN, Rex::TimeoutError, EOFError, Timeout::Error => e .merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e) rescue Msf::Db::PostgresPR::AuthenticationMethodMismatch => e .merge!({ status: Metasploit::Model::Login::Status::INCORRECT, proof: e. }) end if pg_conn [:status] = Metasploit::Model::Login::Status::SUCCESSFUL # This module no longer owns the socket so return it as proof so the calling context can perform additional operations # Additionally assign values to nil to avoid closing the socket etc automatically if use_client_as_proof [:proof] = pg_conn [:connection] = pg_conn.conn else pg_conn.close end else [:status] = Metasploit::Model::Login::Status::INCORRECT end ::Metasploit::Framework::LoginScanner::Result.new() end |
#set_sane_defaults ⇒ Object
126 127 128 129 130 131 |
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 126 def set_sane_defaults self.connection_timeout ||= 30 self.port ||= DEFAULT_PORT self.max_send_size ||= 0 self.send_delay ||= 0 end |