Class: Metasploit::Framework::LoginScanner::MySQL

Inherits:

Object

Object
Metasploit::Framework::LoginScanner::MySQL

show all

Includes:: Base, RexSocket, Tcp::Client

Defined in:: lib/metasploit/framework/login_scanner/mysql.rb

Overview

This is the LoginScanner class for dealing with MySQL Database servers. It is responsible for taking a single target, and a list of credentials and attempting them. It then saves the results.

Constant Summary collapse

DEFAULT_PORT =

LIKELY_PORTS =

[3306]

LIKELY_SERVICE_NAMES =

['mysql']

PRIVATE_TYPES =

[:password]

REALM_KEY =

nil

Instance Attribute Summary collapse

#use_client_as_proof ⇒ Object

Returns the value of attribute use_client_as_proof.

Attributes included from Tcp::Client

#max_send_size, #send_delay, #sock

Instance Method Summary collapse

#attempt_login(credential) ⇒ Object
#set_sane_defaults ⇒ Object

This method sets the sane defaults for things like timeouts and TCP evasion options.

Methods included from Tcp::Client

#chost, #connect, #cport, #disconnect, #proxies, #rhost, #rport, #set_tcp_evasions, #ssl, #ssl_version

Instance Attribute Details

#use_client_as_proof ⇒ `Object`

Returns the value of attribute use_client_as_proof.



20
21
22

# File 'lib/metasploit/framework/login_scanner/mysql.rb', line 20

def use_client_as_proof
  @use_client_as_proof
end

Instance Method Details

#attempt_login(credential) ⇒ `Object`

# File 'lib/metasploit/framework/login_scanner/mysql.rb', line 28

def attempt_login(credential)
  result_options = {
    credential:   credential,
    host:         host,
    port:         port,
    protocol:     'tcp',
    service_name: 'mysql'
  }

  begin
    # manage our behind the scenes socket. Close any existing one and open a new one
    disconnect if self.sock
    connect

    mysql_conn = ::Rex::Proto::MySQL::Client.connect(host, credential.public, credential.private, '', port, io: self.sock)

  rescue ::SystemCallError, Rex::ConnectionError => e
    result_options.merge!({
      status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT,
      proof: e
    })
  rescue Rex::Proto::MySQL::Client::ClientError => e
    result_options.merge!({
      status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT,
      proof: e
    })
  rescue Rex::Proto::MySQL::Client::HostNotPrivileged => e
    result_options.merge!({
      status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT,
      proof: e
    })
  rescue Rex::Proto::MySQL::Client::AccessDeniedError => e
    result_options.merge!({
      status: Metasploit::Model::Login::Status::INCORRECT,
      proof: e
    })
  rescue Rex::Proto::MySQL::Client::HostIsBlocked => e
    result_options.merge!({
      status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT,
      proof: e
    })
  end

  if mysql_conn
    result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL

    # This module no long owns the socket, return it as proof so the calling context can perform additional operations
    # Additionally assign values to nil to avoid closing the socket etc automatically
    if use_client_as_proof
      result_options[:proof] = mysql_conn
      result_options[:connection] = self.sock
      self.sock = nil
    else
      mysql_conn.close
    end
  end

  ::Metasploit::Framework::LoginScanner::Result.new(result_options)
end

#set_sane_defaults ⇒ `Object`

This method sets the sane defaults for things like timeouts and TCP evasion options

# File 'lib/metasploit/framework/login_scanner/mysql.rb', line 90

def set_sane_defaults
  self.connection_timeout ||= 30
  self.port               ||= DEFAULT_PORT
  self.max_send_size      ||= 0
  self.send_delay         ||= 0
end