adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/HTTP/Gitlab/Form/Authenticate.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

477 lines
23 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::HTTP::Gitlab::Form::Authenticate
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::HTTP::Gitlab::Form::Authenticate";
relpath = '../../../../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../../../../_index.html">Index (A)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../HTTP.html" title="Msf::Exploit::Remote::HTTP (module)">HTTP</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Gitlab.html" title="Msf::Exploit::Remote::HTTP::Gitlab (module)">Gitlab</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Form.html" title="Msf::Exploit::Remote::HTTP::Gitlab::Form (module)">Form</a></span></span>
&raquo;
<span class="title">Authenticate</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::HTTP::Gitlab::Form::Authenticate
</h1>
<div class="box_info">
<dl>
<dt>Included in:</dt>
<dd><span class='object_link'><a href="../Authenticate.html" title="Msf::Exploit::Remote::HTTP::Gitlab::Authenticate (module)">Authenticate</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/http/gitlab/form/authenticate.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>GitLab session mixin</p>
</div>
</div>
<div class="tags">
</div>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#gitlab_sign_in-instance_method" title="#gitlab_sign_in (instance method)">#<strong>gitlab_sign_in</strong>(username, password) &#x21d2; String<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>performs a gitlab login.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#gitlab_sign_out-instance_method" title="#gitlab_sign_out (instance method)">#<strong>gitlab_sign_out</strong> &#x21d2; Boolean, GitLabError </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>performs a gitlab logout.</p>
</div></span>
</li>
</ul>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="gitlab_sign_in-instance_method">
#<strong>gitlab_sign_in</strong>(username, password) &#x21d2; <tt>String</tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>performs a gitlab login</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>username</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Username</p>
</div>
</li>
<li>
<span class='name'>password</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Password</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>the session cookies as a single string on successful login, nil otherwise</p>
</div>
</li>
</ul>
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt><span class='object_link'><a href="../Error/ClientError.html" title="Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError (class)">Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>if the request timed out</p>
</div>
</li>
<li>
<span class='type'>(<tt><span class='object_link'><a href="../Error/AuthenticationError.html" title="Msf::Exploit::Remote::HTTP::Gitlab::Error::AuthenticationError (class)">Msf::Exploit::Remote::HTTP::Gitlab::Error::AuthenticationError</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>if the authentication failed</p>
</div>
</li>
<li>
<span class='type'>(<tt><span class='object_link'><a href="../Error/CsrfError.html" title="Msf::Exploit::Remote::HTTP::Gitlab::Error::CsrfError (class)">Msf::Exploit::Remote::HTTP::Gitlab::Error::CsrfError</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>if it was not possible to extract the CSRF token</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/gitlab/form/authenticate.rb', line 13</span>
<span class='kw'>def</span> <span class='id identifier rubyid_gitlab_sign_in'>gitlab_sign_in</span><span class='lparen'>(</span><span class='id identifier rubyid_username'>username</span><span class='comma'>,</span> <span class='id identifier rubyid_password'>password</span><span class='rparen'>)</span>
<span class='id identifier rubyid_sign_in_path'>sign_in_path</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>/users/sign_in</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_csrf_token'>csrf_token</span> <span class='op'>=</span> <span class='id identifier rubyid_gitlab_helper_extract_csrf_token'>gitlab_helper_extract_csrf_token</span><span class='lparen'>(</span>
<span class='label'>path:</span> <span class='id identifier rubyid_sign_in_path'>sign_in_path</span><span class='comma'>,</span>
<span class='label'>regex:</span> <span class='tstring'><span class='regexp_beg'>%r{</span><span class='tstring_content'>action=&quot;/users/sign_in&quot;.*name=&quot;authenticity_token&quot;\s+value=&quot;([^&quot;]+)&quot;</span><span class='regexp_end'>}</span></span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_cgi'>send_request_cgi</span><span class='lparen'>(</span><span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>method</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>POST</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_normalize_uri'>normalize_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_target_uri'>target_uri</span><span class='period'>.</span><span class='id identifier rubyid_path'>path</span><span class='comma'>,</span> <span class='id identifier rubyid_sign_in_path'>sign_in_path</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>keep_cookies</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='kw'>true</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>vars_post</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_gitlab_helper_login_post_data'>gitlab_helper_login_post_data</span><span class='lparen'>(</span><span class='id identifier rubyid_username'>username</span><span class='comma'>,</span> <span class='id identifier rubyid_password'>password</span><span class='comma'>,</span> <span class='id identifier rubyid_csrf_token'>csrf_token</span><span class='rparen'>)</span>
<span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'><span class='object_link'><a href="../../../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../HTTP.html" title="Msf::Exploit::Remote::HTTP (module)">HTTP</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Gitlab.html" title="Msf::Exploit::Remote::HTTP::Gitlab (module)">Gitlab</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Error.html" title="Msf::Exploit::Remote::HTTP::Gitlab::Error (module)">Error</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Error/ClientError.html" title="Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError (class)">ClientError</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../Error/ClientError.html#initialize-instance_method" title="Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError#initialize (method)">new</a></span></span> <span class='label'>message:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Request timed out</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>unless</span> <span class='id identifier rubyid_res'>res</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'><span class='object_link'><a href="../../../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../HTTP.html" title="Msf::Exploit::Remote::HTTP (module)">HTTP</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Gitlab.html" title="Msf::Exploit::Remote::HTTP::Gitlab (module)">Gitlab</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Error.html" title="Msf::Exploit::Remote::HTTP::Gitlab::Error (module)">Error</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Error/AuthenticationError.html" title="Msf::Exploit::Remote::HTTP::Gitlab::Error::AuthenticationError (class)">AuthenticationError</a></span></span> <span class='kw'>if</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_code'>code</span> <span class='op'>!=</span> <span class='int'>302</span>
<span class='id identifier rubyid_cookies'>cookies</span> <span class='op'>=</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_get_cookies'>get_cookies</span>
<span class='comment'># Check if a valid gitlab cookie is returned
</span> <span class='kw'>return</span> <span class='id identifier rubyid_cookies'>cookies</span> <span class='kw'>if</span> <span class='id identifier rubyid_cookies'>cookies</span> <span class='op'>=~</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>(_gitlab_session=[A-Za-z0-9%-]+)</span><span class='regexp_end'>/i</span></span>
<span class='kw'>nil</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="gitlab_sign_out-instance_method">
#<strong>gitlab_sign_out</strong> &#x21d2; <tt>Boolean</tt>, <tt>GitLabError</tt>
</h3><div class="docstring">
<div class="discussion">
<p>performs a gitlab logout</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>, <tt>GitLabError</tt>)</span>
&mdash;
<div class='inline'>
<p>True if sign out, Msf::Exploit::Remote::HTTP::Gitlab::Error otherwise</p>
</div>
</li>
</ul>
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt><span class='object_link'><a href="../Error/ClientError.html" title="Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError (class)">Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError</a></span></tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/gitlab/form/authenticate.rb', line 41</span>
<span class='kw'>def</span> <span class='id identifier rubyid_gitlab_sign_out'>gitlab_sign_out</span>
<span class='id identifier rubyid_csrf_token'>csrf_token</span> <span class='op'>=</span> <span class='id identifier rubyid_gitlab_helper_extract_csrf_token'>gitlab_helper_extract_csrf_token</span><span class='lparen'>(</span>
<span class='label'>path:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>/</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='label'>regex:</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>name=&quot;csrf-token&quot; content=&quot;(.*)&quot;</span><span class='regexp_end'>/</span></span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_cgi'>send_request_cgi</span><span class='lparen'>(</span><span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>method</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>POST</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_normalize_uri'>normalize_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_target_uri'>target_uri</span><span class='period'>.</span><span class='id identifier rubyid_path'>path</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>/users/sign_out</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>keep_cookies</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='kw'>true</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>vars_post</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>_method</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>post</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>authenticity_token</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_csrf_token'>csrf_token</span>
<span class='rbrace'>}</span>
<span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'><span class='object_link'><a href="../../../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../HTTP.html" title="Msf::Exploit::Remote::HTTP (module)">HTTP</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Gitlab.html" title="Msf::Exploit::Remote::HTTP::Gitlab (module)">Gitlab</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Error.html" title="Msf::Exploit::Remote::HTTP::Gitlab::Error (module)">Error</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Error/ClientError.html" title="Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError (class)">ClientError</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../Error/ClientError.html#initialize-instance_method" title="Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError#initialize (method)">new</a></span></span> <span class='label'>message:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Request timed out</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>unless</span> <span class='id identifier rubyid_res'>res</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'><span class='object_link'><a href="../../../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../HTTP.html" title="Msf::Exploit::Remote::HTTP (module)">HTTP</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Gitlab.html" title="Msf::Exploit::Remote::HTTP::Gitlab (module)">Gitlab</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Error.html" title="Msf::Exploit::Remote::HTTP::Gitlab::Error (module)">Error</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Error/ClientError.html" title="Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError (class)">ClientError</a></span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Failed to sign out</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>unless</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_code'>code</span> <span class='op'>==</span> <span class='int'>302</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_headers'>headers</span><span class='op'>&amp;.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Location</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='op'>&amp;.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>/users/sign_in</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>true</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:46 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink