modules/auxiliary/scanner/http/phpmyadmin_login.rb
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'metasploit/framework/login_scanner/phpmyadmin'
require 'metasploit/framework/credential_collection'
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::AuthBrute
include Msf::Auxiliary::Report
include Msf::Auxiliary::Scanner
def initialize(info={})
super(update_info(info,
'Name' => 'PhpMyAdmin Login Scanner',
'Description' => %q{
This module will attempt to authenticate to PhpMyAdmin.
},
'Author' => [ 'Shelby Pace' ],
'License' => MSF_LICENSE,
'DefaultOptions' =>
{
'RPORT' => 80,
'USERNAME' => 'root'
}
))
register_options(
[
OptString.new('USERNAME', [true, 'The username to PhpMyAdmin', 'root']),
OptString.new('PASSWORD', [false, 'The password to PhpMyAdmin', '']),
OptString.new('TARGETURI', [true, 'The path to PhpMyAdmin', '/index.php'])
])
end
def scanner(ip)
@scanner ||= lambda {
cred_collection = build_credential_collection(
username: datastore['USERNAME'],
password: datastore['PASSWORD']
)
return Metasploit::Framework::LoginScanner::PhpMyAdmin.new(
configure_http_login_scanner(
host: ip,
port: datastore['RPORT'],
cred_details: cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
uri: normalize_uri(datastore['TARGETURI']),
connection_timeout: 5
))
}.call
end
def report_bad_cred(ip, rport, result)
invalidate_login(
address: ip,
port: rport,
protocol: 'tcp',
public: result.credential.public,
private: result.credential.private,
realm_key: result.credential.realm_key,
realm_value: result.credential.realm,
status: result.status,
proof: result.proof
)
end
def run_host(ip)
phpmyadmin_res = scanner(ip).check_setup
unless phpmyadmin_res
print_brute(:level => :error, :ip => ip, :msg => "PhpMyAdmin is not available")
return
end
print_status("PhpMyAdmin Version: #{phpmyadmin_res}")
scanner(ip).scan! do |result|
case result.status
when Metasploit::Model::Login::Status::SUCCESSFUL
print_brute(:level => :good, :ip => ip, :msg => "Success: '#{result.credential}'")
store_valid_credential(
user: result.credential.public,
private: result.credential.private,
private_type: :password,
proof: result.proof,
service_data: {
address: ip,
port: rport,
service_name: 'http',
protocol: 'tcp',
workspace_id: myworkspace_id
}
)
when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
vprint_brute(:level => :verror, :ip => ip, :msg => result.proof)
report_bad_cred(ip, rport, result)
when Metasploit::Model::Login::Status::INCORRECT
vprint_brute(:level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'")
report_bad_cred(ip, rport, result)
end
end
end
end