Module: Msf::Exploit::Remote::HTTP::Gitea::Login

Included in:: Msf::Exploit::Remote::HTTP::Gitea

Defined in:: lib/msf/core/exploit/remote/http/gitea/login.rb

Instance Method Summary collapse

#gitea_login(user, pass, timeout = 20) ⇒ Rex::Proto::Http::Response, AuthenticationError

performs a gitea login.

Instance Method Details

#gitea_login(user, pass, timeout = 20) ⇒ `Rex::Proto::Http::Response`, `AuthenticationError`

performs a gitea login

Parameters:

user (String) —

Username
pass (String) —

Password
timeout (Integer) (defaults to: 20) —

The maximum number of seconds to wait before the request times out

Returns:

(Rex::Proto::Http::Response, AuthenticationError) —

the HTTP response on successful login, raise AuthenticationError otherwise

Raises:

(CsrfError) —

if the CSRF could not be retrieved
(AuthenticationError) —

if the authentication fails

# File 'lib/msf/core/exploit/remote/http/gitea/login.rb', line 14

def gitea_login(user, pass, timeout = 20)
  res = send_request_cgi({
    'uri' => gitea_url_login,
    'keep_cookies' => true
  }, timeout)
  return nil unless res

  csrf = gitea_get_csrf(res)
  raise Msf::Exploit::Remote::HTTP::Gitea::Error::CsrfError.new unless csrf

  res = send_request_cgi(
    'method' => 'POST',
    'uri' => gitea_url_login,
    'vars_post' => gitea_helper_login_post_data(user, pass, csrf),
    'keep_cookies' => true
  )

  raise Msf::Exploit::Remote::HTTP::Gitea::Error::AuthenticationError.new if res&.code != 302

  store_valid_credential(user: user, private: pass)
  return res
end

Module: Msf::Exploit::Remote::HTTP::Gitea::Login

Instance Method Summary collapse

Instance Method Details

#gitea_login(user, pass, timeout = 20) ⇒ Rex::Proto::Http::Response, AuthenticationError

#gitea_login(user, pass, timeout = 20) ⇒ `Rex::Proto::Http::Response`, `AuthenticationError`