New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Cisco ASA ASDM Login #2715
Add Cisco ASA ASDM Login #2715
Conversation
} | ||
}) | ||
|
||
if res.code == 200 && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the module. Looks great overall.
This check actually needs to see if res is nil or not in case there's a timeout for whatever reason. If the timeout condition occurs, this will end up hitting a "undefined method `code' for nil:NilClass" bug. So I recommend simply writing it this way:
(res and res.code == 200 and res.headers['set-Cookie'] =~ /webvpn/) ? true : false
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whoopsies. I wasn't aware send_request_raw could return a nil.
I'll make a change to account for that.
'data' => "username=#{user}&password=#{pass}&tgroup=DefaultADMINGroup" | ||
}) | ||
|
||
if res.code == 200 && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, I missed the nil check here too, I'll add it in a sec
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks :-)
Alright, all the nil checking and peer stuff should be sorted. |
def do_login(user, pass) | ||
vprint_status("#{peer} - Trying username:#{user.inspect} with password:#{pass.inspect}") | ||
begin | ||
res = send_request_raw({ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm sure this send_request_raw() works perfect the way it is. Would you like to try a slightly cleaner way to write this?
send_request_cgi({
'uri' => '/+webvpn+/index.html',
'method' => 'POST',
'agent' => 'ASDM/ Java/1.6.0_65',
'ctype' => 'application/x-www-form-urlencoded; charset=UTF-8',
'cookie' => 'webvpnlogin=1; tg=0DefaultADMINGroup',
'vars_post' => {
'username' => user,
'password' => pass,
'tgroup' => 'DefaultADMINGroup'
}
})
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, I was originally having issues getting the agent setup (looking back it was probably the key I was setting was wrong). I'll adjust, test and send an update.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see. Thanks! BTW in case you're wondering how to find all the supported options, you can read the API documentation here:
https://github.com/rapid7/metasploit-framework/blob/master/lib/rex/proto/http/client.rb#L152
Or, in your metasploit directory, you can simply run the command "yard", and that will generate the Metasploit API documentation for you in a new folder called "doc". Kind of convenient too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool, Ty!
Ok, send_request_cgi stuff has been converted and tested. |
Thanks. Merging now. |
Emulates the Cisco ASA ASDM Client Authentication process to allow for bruteforcing of valid Cisco ASA ASDM credentials.
Should be mostly self explanatory, but let me know if you have questions.