Add Cisco ASA ASDM Login #2715
Add Cisco ASA ASDM Login #2715
Conversation
| } | ||
| }) | ||
|
|
||
| if res.code == 200 && |
There was a problem hiding this comment.
Thanks for the module. Looks great overall.
This check actually needs to see if res is nil or not in case there's a timeout for whatever reason. If the timeout condition occurs, this will end up hitting a "undefined method `code' for nil:NilClass" bug. So I recommend simply writing it this way:
(res and res.code == 200 and res.headers['set-Cookie'] =~ /webvpn/) ? true : falseThere was a problem hiding this comment.
Whoopsies. I wasn't aware send_request_raw could return a nil.
I'll make a change to account for that.
| 'data' => "username=#{user}&password=#{pass}&tgroup=DefaultADMINGroup" | ||
| }) | ||
|
|
||
| if res.code == 200 && |
There was a problem hiding this comment.
Ah, I missed the nil check here too, I'll add it in a sec
|
Alright, all the nil checking and peer stuff should be sorted. |
| def do_login(user, pass) | ||
| vprint_status("#{peer} - Trying username:#{user.inspect} with password:#{pass.inspect}") | ||
| begin | ||
| res = send_request_raw({ |
There was a problem hiding this comment.
I'm sure this send_request_raw() works perfect the way it is. Would you like to try a slightly cleaner way to write this?
send_request_cgi({
'uri' => '/+webvpn+/index.html',
'method' => 'POST',
'agent' => 'ASDM/ Java/1.6.0_65',
'ctype' => 'application/x-www-form-urlencoded; charset=UTF-8',
'cookie' => 'webvpnlogin=1; tg=0DefaultADMINGroup',
'vars_post' => {
'username' => user,
'password' => pass,
'tgroup' => 'DefaultADMINGroup'
}
})There was a problem hiding this comment.
Sure, I was originally having issues getting the agent setup (looking back it was probably the key I was setting was wrong). I'll adjust, test and send an update.
There was a problem hiding this comment.
I see. Thanks! BTW in case you're wondering how to find all the supported options, you can read the API documentation here:
https://github.com/rapid7/metasploit-framework/blob/master/lib/rex/proto/http/client.rb#L152
Or, in your metasploit directory, you can simply run the command "yard", and that will generate the Metasploit API documentation for you in a new folder called "doc". Kind of convenient too.
|
Ok, send_request_cgi stuff has been converted and tested. |
|
Thanks. Merging now. |
Emulates the Cisco ASA ASDM Client Authentication process to allow for bruteforcing of valid Cisco ASA ASDM credentials.
Should be mostly self explanatory, but let me know if you have questions.