Module: Msf::Exploit::Remote::Pop2

Includes:

Tcp

Defined in:

lib/msf/core/exploit/remote/pop2.rb

Overview

This module exposes methods that may be useful to exploits that deal with servers that speak the POP2 protocol.

Instance Attribute Summary

• #banner ⇒ Object protected

  This attribute holds the banner that was read in after a successful call to connect or connect_login.

Attributes included from Tcp

#sock

Instance Method Summary

• #connect(global = true) ⇒ Object

  This method establishes a POP2 connection to host and port specified by the RHOST and RPORT options, respectively.

• #connect_login(global = true) ⇒ Object

  Connect and login to the remote POP2 server using the credentials that have been supplied in the exploit options.

• #initialize(info = {}) ⇒ Object

  Creates an instance of an POP2 exploit module.

• #pass ⇒ Object

  Returns the user string from the ‘POP2PASS’ option.

• #raw_send(cmd, nsock = self.sock) ⇒ Object

  This method transmits a FTP command and does not wait for a response.

• #raw_send_recv(cmd, nsock = self.sock) ⇒ Object

  This method transmits a POP2 command and waits for a response.

• #send_cmd(args, recv = true, nsock = self.sock) ⇒ Object

  This method sends one command with zero or more parameters.

• #user ⇒ Object

  Returns the user string from the ‘POP2USER’ option.

Methods included from Tcp

#chost, #cleanup, #connect_timeout, #cport, #disconnect, #handler, #lhost, #lport, #peer, #print_prefix, #proxies, #replicant, #rhost, #rport, #set_tcp_evasions, #shutdown, #ssl, #ssl_cipher, #ssl_verify_mode, #ssl_version

Instance Attribute Details

#banner ⇒ Object (protected)

This attribute holds the banner that was read in after a successful call to connect or connect_login.

# File 'lib/msf/core/exploit/remote/pop2.rb', line 130

def banner
  @banner
end

Instance Method Details

#connect(global = true) ⇒ Object

This method establishes a POP2 connection to host and port specified by the RHOST and RPORT options, respectively. After connecting, the banner message is read in and stored in the ‘banner’ attribute.

# File 'lib/msf/core/exploit/remote/pop2.rb', line 36

def connect(global = true)
  print_status("Connecting to POP2 server #{rhost}:#{rport}...")

  fd = super

  # Wait for a banner to arrive...
  self.banner = fd.get_once

  print_status("Connected to target POP2 server.")
  print_status("Banner: #{self.banner.split("\n")[0].strip}")

  # Return the file descriptor to the caller
  fd
end

#connect_login(global = true) ⇒ Object

Connect and login to the remote POP2 server using the credentials that have been supplied in the exploit options.

# File 'lib/msf/core/exploit/remote/pop2.rb', line 55

def connect_login(global = true)
  pop2sock = connect(global)


  if !(user and pass)
    print_status("No username and password were supplied, unable to login")
    return false
  end

  print_status("Authenticating as #{user} with password #{pass}...")
  res = raw_send_recv("HELO #{user} #{pass}\r\n")

  if (res !~ /messages/)
    print_status("Authentication failed")
    return false
  end

  print_status("Messages: #{res}")
  return true
end

#initialize(info = {}) ⇒ Object

Creates an instance of an POP2 exploit module.

# File 'lib/msf/core/exploit/remote/pop2.rb', line 18

def initialize(info = {})
  super

  # Register the options that all POP2 exploits may make use of.
  register_options(
    [
      Opt::RHOST,
      Opt::RPORT(109),
      OptString.new('POP2USER', [ false, 'The username to authenticate as']),
      OptString.new('POP2PASS', [ false, 'The password for the specified username'])
    ], Msf::Exploit::Remote::Pop2)
end

#pass ⇒ Object

Returns the user string from the ‘POP2PASS’ option.

# File 'lib/msf/core/exploit/remote/pop2.rb', line 120

def pass
  datastore['POP2PASS']
end

#raw_send(cmd, nsock = self.sock) ⇒ Object

This method transmits a FTP command and does not wait for a response

# File 'lib/msf/core/exploit/remote/pop2.rb', line 100

def raw_send(cmd, nsock = self.sock)
  nsock.put(cmd)
end

#raw_send_recv(cmd, nsock = self.sock) ⇒ Object

This method transmits a POP2 command and waits for a response. If one is received, it is returned to the caller.

# File 'lib/msf/core/exploit/remote/pop2.rb', line 80

def raw_send_recv(cmd, nsock = self.sock)
  nsock.put(cmd)
  res = nsock.get_once
end

#send_cmd(args, recv = true, nsock = self.sock) ⇒ Object

This method sends one command with zero or more parameters

# File 'lib/msf/core/exploit/remote/pop2.rb', line 88

def send_cmd(args, recv = true, nsock = self.sock)
  cmd = args.join(" ") + "\r\n"
  if (recv)
    return raw_send_recv(cmd, nsock)
  else
    return raw_send(cmd, nsock)
  end
end

#user ⇒ Object

Returns the user string from the ‘POP2USER’ option.

# File 'lib/msf/core/exploit/remote/pop2.rb', line 113

def user
  datastore['POP2USER']
end