Land rapid7#5249, Add Module for Enum on InfluxDB database

wchen-r7 · wchen-r7 · commit 24a989b8a359 · 2015-05-14T11:22:54.000-05:00
diff --git a/modules/auxiliary/scanner/http/influxdb_enum.rb b/modules/auxiliary/scanner/http/influxdb_enum.rb
@@ -0,0 +1,82 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Auxiliary::Report
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'InfluxDB Enum Utility',
+      'Description'    => %q{
+        This module enumerates databases on InfluxDB using the REST API
+        (using default authentication - root:root).
+      },
+      'References'     =>
+        [
+          ['URL', 'http://influxdb.com/docs/v0.9/concepts/reading_and_writing_data.html']
+        ],
+      'Author'         => [ 'Roberto Soares Espreto <robertoespreto[at]gmail.com>' ],
+      'License'        => MSF_LICENSE
+    ))
+
+    register_options(
+      [
+        Opt::RPORT(8086),
+        OptString.new('TARGETURI', [true, 'Path to list all the databases', '/db']),
+        OptString.new('USERNAME', [true, 'The username to login as', 'root']),
+        OptString.new('PASSWORD', [true, 'The password to login with', 'root'])
+      ], self.class)
+  end
+
+  def run
+    begin
+      res = send_request_cgi(
+        'uri'           => normalize_uri(target_uri.path),
+        'method'        => 'GET'
+      )
+    rescue ::Errno::EPIPE, ::Timeout::Error, ::EOFError, ::IOError => e
+      print_error("#{peer} - The following Error was encountered: #{e.class}")
+      return
+    end
+
+    unless res
+      print_error("#{peer} - Server did not respond in an expected way.")
+      return
+    end
+
+    if res.code == 401 && res.body =~ /Invalid username\/password/
+      print_error("#{peer} - Failed to authenticate. Invalid username/password.")
+      return
+    elsif res.code == 200 && res.headers.include?('X-Influxdb-Version') && res.body.length > 0
+      print_status("#{peer} - Enumerating...")
+      begin
+        temp = JSON.parse(res.body)
+        if temp.blank?
+          print_status("#{peer} - Json data is empty")
+          return
+        end
+        results = JSON.pretty_generate(temp)
+      rescue JSON::ParserError
+        print_error("#{peer} - Unable to parse JSON data.")
+        return
+      end
+      print_good("Found:\n\n#{results}\n")
+      path = store_loot(
+        'influxdb.enum',
+        'text/plain',
+        rhost,
+        results,
+        'InfluxDB Enum'
+      )
+      print_good("#{peer} - File saved in: #{path}")
+    else
+      print_error("#{peer} - Unable to enum, received \"#{res.code}\"")
+    end
+  end
+end
