Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

imap.rb 2.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112
  1. # -*- coding: binary -*-
  2. module Msf
  3. require 'msf/core/exploit/tcp'
  4. ###
  5. #
  6. # This module exposes methods that may be useful to exploits that deal with
  7. # servers that speak the IMAP protocol.
  8. #
  9. ###
  10. module Exploit::Remote::Imap
  11. include Exploit::Remote::Tcp
  12. #
  13. # Creates an instance of an IMAP exploit module.
  14. #
  15. def initialize(info = {})
  16. super
  17. # Register the options that all IMAP exploits may make use of.
  18. register_options(
  19. [
  20. Opt::RHOST,
  21. Opt::RPORT(143),
  22. OptString.new('IMAPUSER', [ false, 'The username to authenticate as']),
  23. OptString.new('IMAPPASS', [ false, 'The password for the specified username'])
  24. ], Msf::Exploit::Remote::Imap)
  25. end
  26. #
  27. # This method establishes a IMAP connection to host and port specified by
  28. # the RHOST and RPORT options, respectively. After connecting, the banner
  29. # message is read in and stored in the 'banner' attribute.
  30. #
  31. def connect(global = true)
  32. fd = super
  33. # Wait for a banner to arrive...
  34. self.banner = fd.get_once(-1, 30)
  35. # Return the file descriptor to the caller
  36. fd
  37. end
  38. #
  39. # Connect and login to the remote IMAP server using the credentials
  40. # that have been supplied in the exploit options.
  41. #
  42. def connect_login(global = true)
  43. ftpsock = connect(global)
  44. if !(user and pass)
  45. print_status("No username and password were supplied, unable to login")
  46. return false
  47. end
  48. print_status("Authenticating as #{user} with password #{pass}...")
  49. res = raw_send_recv("a001 LOGIN #{user} #{pass}\r\n")
  50. if (res !~ /^a001 OK/)
  51. print_status("Authentication failed")
  52. return false
  53. end
  54. return true
  55. end
  56. #
  57. # This method transmits an IMAP command and waits for a response. If one is
  58. # received, it is returned to the caller.
  59. #
  60. def raw_send_recv(cmd, nsock = self.sock)
  61. nsock.put(cmd)
  62. nsock.get_once
  63. end
  64. ##
  65. #
  66. # Wrappers for getters
  67. #
  68. ##
  69. #
  70. # Returns the user string from the 'IMAPUSER' option.
  71. #
  72. def user
  73. datastore['IMAPUSER']
  74. end
  75. #
  76. # Returns the user string from the 'IMAPPASS' option.
  77. #
  78. def pass
  79. datastore['IMAPPASS']
  80. end
  81. protected
  82. #
  83. # This attribute holds the banner that was read in after a successful call
  84. # to connect or connect_login.
  85. #
  86. attr_accessor :banner
  87. end
  88. end