Module: Msf::Exploit::Remote::Imap

Includes:

Tcp

Defined in:

lib/msf/core/exploit/remote/imap.rb

Overview

This module exposes methods that may be useful to exploits that deal with servers that speak the IMAP protocol.

Instance Attribute Summary

• #banner ⇒ Object protected

  This attribute holds the banner that was read in after a successful call to connect or connect_login.

Attributes included from Tcp

#sock

Instance Method Summary

• #connect(global = true) ⇒ Object

  This method establishes a IMAP connection to host and port specified by the RHOST and RPORT options, respectively.

• #connect_login(global = true) ⇒ Object

  Connect and login to the remote IMAP server using the credentials that have been supplied in the exploit options.

• #initialize(info = {}) ⇒ Object

  Creates an instance of an IMAP exploit module.

• #pass ⇒ Object

  Returns the user string from the 'IMAPPASS' option.

• #raw_send_recv(cmd, nsock = self.sock) ⇒ Object

  This method transmits an IMAP command and waits for a response.

• #user ⇒ Object

  Returns the user string from the 'IMAPUSER' option.

Methods included from Tcp

#chost, #cleanup, #connect_timeout, #cport, #disconnect, #handler, #lhost, #lport, #peer, #print_prefix, #proxies, #rhost, #rport, #set_tcp_evasions, #shutdown, #ssl, #ssl_cipher, #ssl_verify_mode, #ssl_version

Instance Attribute Details

#banner ⇒ Object (protected)

This attribute holds the banner that was read in after a successful call to connect or connect_login.

# File 'lib/msf/core/exploit/remote/imap.rb', line 106

def banner
  @banner
end

Instance Method Details

#connect(global = true) ⇒ Object

This method establishes a IMAP connection to host and port specified by the RHOST and RPORT options, respectively. After connecting, the banner message is read in and stored in the 'banner' attribute.

# File 'lib/msf/core/exploit/remote/imap.rb', line 36

def connect(global = true)
  fd = super

  # Wait for a banner to arrive...
  self.banner = fd.get_once(-1, 30)

  # Return the file descriptor to the caller
  fd
end

#connect_login(global = true) ⇒ Object

Connect and login to the remote IMAP server using the credentials that have been supplied in the exploit options.

# File 'lib/msf/core/exploit/remote/imap.rb', line 50

def connect_login(global = true)
  ftpsock = connect(global)


  if !(user and pass)
    print_status("No username and password were supplied, unable to login")
    return false
  end

  print_status("Authenticating as #{user} with password #{pass}...")
  res = raw_send_recv("a001 LOGIN #{user} #{pass}\r\n")

  if (res !~ /^a001 OK/)
    print_status("Authentication failed")
    return false
  end

  return true
end

#initialize(info = {}) ⇒ Object

Creates an instance of an IMAP exploit module.

# File 'lib/msf/core/exploit/remote/imap.rb', line 18

def initialize(info = {})
  super

  # Register the options that all IMAP exploits may make use of.
  register_options(
    [
      Opt::RHOST,
      Opt::RPORT(143),
      OptString.new('IMAPUSER', [ false, 'The username to authenticate as']),
      OptString.new('IMAPPASS', [ false, 'The password for the specified username'])
    ], Msf::Exploit::Remote::Imap)
end

#pass ⇒ Object

Returns the user string from the 'IMAPPASS' option.

# File 'lib/msf/core/exploit/remote/imap.rb', line 96

def pass
  datastore['IMAPPASS']
end

#raw_send_recv(cmd, nsock = self.sock) ⇒ Object

This method transmits an IMAP command and waits for a response. If one is received, it is returned to the caller.

# File 'lib/msf/core/exploit/remote/imap.rb', line 74

def raw_send_recv(cmd, nsock = self.sock)
  nsock.put(cmd)
  nsock.get_once
end

#user ⇒ Object

Returns the user string from the 'IMAPUSER' option.

# File 'lib/msf/core/exploit/remote/imap.rb', line 89

def user
  datastore['IMAPUSER']
end