Class: Metasploit::Framework::LoginScanner::Postgres

Inherits:
Object
  • Object
show all
Includes:
Base
Defined in:
lib/metasploit/framework/login_scanner/postgres.rb

Overview

This is the LoginScanner class for dealing with PostgreSQL database servers. It is responsible for taking a single target, and a list of credentials and attempting them. It then saves the results.

Constant Summary collapse

DEFAULT_PORT =
5432
DEFAULT_REALM =
'template1'
LIKELY_PORTS =
[ DEFAULT_PORT ]
LIKELY_SERVICE_NAMES =
[ 'postgres' ]
PRIVATE_TYPES =
[ :password ]
REALM_KEY =
Metasploit::Model::Realm::Key::POSTGRESQL_DATABASE

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#max_send_sizeInteger

Returns The max size of the data to encapsulate in a single packet.

Returns:

  • (Integer)

    The max size of the data to encapsulate in a single packet



28
29
30
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 28

def max_send_size
  @max_send_size
end

#send_delayInteger

Returns The delay between sending packets.

Returns:

  • (Integer)

    The delay between sending packets



31
32
33
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 31

def send_delay
  @send_delay
end

#sslBoolean

Returns Whether the connection should use SSL.

Returns:

  • (Boolean)

    Whether the connection should use SSL



16
17
18
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 16

def ssl
  @ssl
end

#ssl_cipherString

Returns The SSL cipher to use for the context.

Returns:

  • (String)

    The SSL cipher to use for the context



25
26
27
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 25

def ssl_cipher
  @ssl_cipher
end

#ssl_verify_modeString

Returns the SSL certification verification mechanism.

Returns:

  • (String)

    the SSL certification verification mechanism



22
23
24
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 22

def ssl_verify_mode
  @ssl_verify_mode
end

#ssl_versionString

Returns The version of SSL to implement.

Returns:

  • (String)

    The version of SSL to implement



19
20
21
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 19

def ssl_version
  @ssl_version
end

#use_client_as_proofObject

Returns the value of attribute use_client_as_proof.



35
36
37
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 35

def use_client_as_proof
  @use_client_as_proof
end

Instance Method Details

#attempt_login(credential) ⇒ Metasploit::Framework::LoginScanner::Result

This method attempts a single login with a single credential against the target

Parameters:

  • credential (Credential)

    The credential object to attempt to login with

Returns:



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 47

def (credential)
  result_options = {
      credential: credential,
      host: host,
      port: port,
      protocol: 'tcp',
      service_name: 'postgres'
  }

  db_name = credential.realm || 'template1'

  if ::Rex::Socket.is_ipv6?(host)
    uri = "tcp://[#{host}]:#{port}"
  else
    uri = "tcp://#{host}:#{port}"
  end

  pg_conn = nil

  begin
    ssl_opts = {}
    ssl_opts[:ssl_version] = ssl_version if ssl_version
    ssl_opts[:ssl_verify_mode] = ssl_verify_mode if ssl_verify_mode
    ssl_opts[:ssl_cipher] = ssl_cipher if ssl_cipher

    pg_conn = Msf::Db::PostgresPR::Connection.new(
      db_name,
      credential.public,
      credential.private,
      uri,
      proxies,
      ssl,
      ssl_opts
    )
  rescue ::RuntimeError => e
    case e.to_s.split("\t")[1]
      when "C3D000"
        result_options.merge!({
          status: Metasploit::Model::Login::Status::INCORRECT,
          proof: "C3D000, Creds were good but database was bad"
        })
      when "C28000", "C28P01"
        result_options.merge!({
            status: Metasploit::Model::Login::Status::INCORRECT,
            proof: "Invalid username or password"
        })
      else
        result_options.merge!({
            status: Metasploit::Model::Login::Status::INCORRECT,
            proof: e.message
        })
    end
  rescue Rex::ConnectionError, Rex::ConnectionProxyError, Errno::ECONNRESET, Errno::EINTR, Errno::ENOTCONN, Rex::TimeoutError, EOFError, Timeout::Error => e
    result_options.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
  rescue Msf::Db::PostgresPR::AuthenticationMethodMismatch => e
    result_options.merge!({
      status: Metasploit::Model::Login::Status::INCORRECT,
      proof: e.message
    })
  end

  if pg_conn
    result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL

    # This module no longer owns the socket so return it as proof so the calling context can perform additional operations
    # Additionally assign values to nil to avoid closing the socket etc automatically
    if use_client_as_proof
      result_options[:proof] = pg_conn
      result_options[:connection] = pg_conn.conn
    else
      pg_conn.close
    end
  else
    result_options[:status] = Metasploit::Model::Login::Status::INCORRECT
  end

  ::Metasploit::Framework::LoginScanner::Result.new(result_options)
end

#set_sane_defaultsObject



126
127
128
129
130
131
# File 'lib/metasploit/framework/login_scanner/postgres.rb', line 126

def set_sane_defaults
  self.connection_timeout ||= 30
  self.port               ||= DEFAULT_PORT
  self.max_send_size      ||= 0
  self.send_delay         ||= 0
end