Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

pop2.rb 2.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135
  1. # -*- coding: binary -*-
  2. module Msf
  3. require 'msf/core/exploit/tcp'
  4. ###
  5. #
  6. # This module exposes methods that may be useful to exploits that deal with
  7. # servers that speak the POP2 protocol.
  8. #
  9. ###
  10. module Exploit::Remote::Pop2
  11. include Exploit::Remote::Tcp
  12. #
  13. # Creates an instance of an POP2 exploit module.
  14. #
  15. def initialize(info = {})
  16. super
  17. # Register the options that all POP2 exploits may make use of.
  18. register_options(
  19. [
  20. Opt::RHOST,
  21. Opt::RPORT(109),
  22. OptString.new('POP2USER', [ false, 'The username to authenticate as']),
  23. OptString.new('POP2PASS', [ false, 'The password for the specified username'])
  24. ], Msf::Exploit::Remote::Pop2)
  25. end
  26. #
  27. # This method establishes a POP2 connection to host and port specified by
  28. # the RHOST and RPORT options, respectively. After connecting, the banner
  29. # message is read in and stored in the 'banner' attribute.
  30. #
  31. def connect(global = true)
  32. print_status("Connecting to POP2 server #{rhost}:#{rport}...")
  33. fd = super
  34. # Wait for a banner to arrive...
  35. self.banner = fd.get_once
  36. print_status("Connected to target POP2 server.")
  37. print_status("Banner: #{self.banner.split("\n")[0].strip}")
  38. # Return the file descriptor to the caller
  39. fd
  40. end
  41. #
  42. # Connect and login to the remote POP2 server using the credentials
  43. # that have been supplied in the exploit options.
  44. #
  45. def connect_login(global = true)
  46. pop2sock = connect(global)
  47. if !(user and pass)
  48. print_status("No username and password were supplied, unable to login")
  49. return false
  50. end
  51. print_status("Authenticating as #{user} with password #{pass}...")
  52. res = raw_send_recv("HELO #{user} #{pass}\r\n")
  53. if (res !~ /messages/)
  54. print_status("Authentication failed")
  55. return false
  56. end
  57. print_status("Messages: #{res}")
  58. return true
  59. end
  60. #
  61. # This method transmits a POP2 command and waits for a response. If one is
  62. # received, it is returned to the caller.
  63. #
  64. def raw_send_recv(cmd, nsock = self.sock)
  65. nsock.put(cmd)
  66. res = nsock.get_once
  67. end
  68. #
  69. # This method sends one command with zero or more parameters
  70. #
  71. def send_cmd(args, recv = true, nsock = self.sock)
  72. cmd = args.join(" ") + "\r\n"
  73. if (recv)
  74. return raw_send_recv(cmd, nsock)
  75. else
  76. return raw_send(cmd, nsock)
  77. end
  78. end
  79. #
  80. # This method transmits a FTP command and does not wait for a response
  81. #
  82. def raw_send(cmd, nsock = self.sock)
  83. nsock.put(cmd)
  84. end
  85. ##
  86. #
  87. # Wrappers for getters
  88. #
  89. ##
  90. #
  91. # Returns the user string from the 'POP2USER' option.
  92. #
  93. def user
  94. datastore['POP2USER']
  95. end
  96. #
  97. # Returns the user string from the 'POP2PASS' option.
  98. #
  99. def pass
  100. datastore['POP2PASS']
  101. end
  102. protected
  103. #
  104. # This attribute holds the banner that was read in after a successful call
  105. # to connect or connect_login.
  106. #
  107. attr_accessor :banner
  108. end
  109. end