Module: Msf::Exploit::Remote::HTTP::Nifi::Auth

Includes:
Msf::Exploit::Remote::HttpClient
Included in:
Msf::Exploit::Remote::HTTP::Nifi
Defined in:
lib/msf/core/exploit/remote/http/nifi/auth.rb

Instance Attribute Summary

Attributes included from Msf::Exploit::Remote::HttpClient

#client, #cookie_jar

Instance Method Summary collapse

Methods included from Msf::Exploit::Remote::HttpClient

#basic_auth, #cleanup, #configure_http_login_scanner, #connect, #connect_ws, #deregister_http_client_options, #disconnect, #download, #full_uri, #handler, #http_fingerprint, #initialize, #lookup_http_fingerprints, #normalize_uri, #path_from_uri, #peer, #proxies, #reconfig_redirect_opts!, #request_opts_from_url, #request_url, #rhost, #rport, #send_request_cgi, #send_request_cgi!, #send_request_raw, #service_details, #setup, #ssl, #ssl_version, #strip_tags, #target_uri, #validate_fingerprint, #vhost

Methods included from Auxiliary::Report

#active_db?, #create_cracked_credential, #create_credential, #create_credential_and_login, #create_credential_login, #db, #db_warning_given?, #get_client, #get_host, #inside_workspace_boundary?, #invalidate_login, #mytask, #myworkspace, #myworkspace_id, #report_auth_info, #report_client, #report_exploit, #report_host, #report_loot, #report_note, #report_service, #report_vuln, #report_web_form, #report_web_page, #report_web_site, #report_web_vuln, #store_cred, #store_local, #store_loot

Methods included from Metasploit::Framework::Require

optionally, optionally_active_record_railtie, optionally_include_metasploit_credential_creation, #optionally_include_metasploit_credential_creation, optionally_require_metasploit_db_gem_engines

Instance Method Details

#retrieve_login_tokenString

Attempts a login with username and password to retrieve a bearer token for APIs

Returns:

  • (String)

    The bearer token on successful login, nil on errors



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/msf/core/exploit/remote/http/nifi/auth.rb', line 31

def 
  vprint_status('Attempting to login')
  res = send_request_cgi(
    {
      'method' => 'POST',
      'uri' => normalize_uri(target_uri.path, 'nifi-api', 'access', 'token'),
      'vars_post' => {
        'username' => datastore['USERNAME'],
        'password' => datastore['PASSWORD']
      }
    }
  )
  if res.nil?
    print_bad("#{peer} - Could not connect to web service - no response")
    return nil
  end

  if res.code == 400
    print_bad('Invalid Credentials')
    return nil
  elsif res.code != 201
    print_bad("Unexpected response code: #{res.code}")
    return nil
  end
  res.body
end

#supports_login?Boolean

Determines if the Apache Nifi instance supports login.

Returns:

  • (Boolean)

    the value of supportsLogin from the server, nil on error



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/msf/core/exploit/remote/http/nifi/auth.rb', line 9

def supports_login?
  vprint_status('Attempting to retrieve access configuration')
  res = send_request_cgi({
    'method' => 'GET',
    'uri' => normalize_uri(target_uri.path, 'nifi-api', 'access', 'config')
  })

  if res.nil?
    print_bad("#{peer} - Could not connect to web service - no response")
    return nil
  end

  unless res.code == 200
    print_bad("Unexpected response code: #{res.code}")
    return nil
  end
  res.get_json_document.dig('config', 'supportsLogin')
end