add ipboard loginscanner

add loginscanner class for IPBoard with specs
this should replicate the functionality originally written
by Chris Truncer, but move it into a testable, reusable class

Author: David Maloney

lib/metasploit/framework/login_scanner/ipboard.rb

@@ -0,0 +1,91 @@
+require 'metasploit/framework/login_scanner/http'
+
+module Metasploit
+  module Framework
+    module LoginScanner
+
+      # IP Board login scanner
+      class IPBoard < HTTP
+
+        # (see Base#attempt_login)
+        def attempt_login(credential)
+          http_client = Rex::Proto::Http::Client.new(
+              host, port, {}, ssl, ssl_version
+          )
+
+          result_opts = {
+              credential: credential,
+              host: host,
+              port: port,
+              protocol: 'tcp'
+          }
+          if ssl
+            result_opts[:service_name] = 'https'
+          else
+            result_opts[:service_name] = 'http'
+          end
+
+          begin
+            http_client.connect
+
+            nonce_request = http_client.request_cgi(
+                'uri' => uri,
+                'method'  => 'GET'
+            )
+
+            nonce_response = http_client.send_recv(nonce_request)
+
+            if nonce_response.body =~ /name='auth_key'\s+value='.*?((?:[a-z0-9]*))'/i
+              server_nonce = $1
+
+              auth_uri = "#{uri}/index.php?app=core&module=global&section=login&do=process"
+
+              request = http_client.request_cgi(
+                  'uri' => auth_uri,
+                  'method'  => 'POST',
+                  'vars_post'      => {
+                      'auth_key'     => server_nonce,
+                      'ips_username' => credential.public,
+                      'ips_password' => credential.private
+                  },
+              )
+
+              response = http_client.send_recv(request)
+
+              if response && response.code == 200 && response.get_cookies.include?('ipsconnect') && response.get_cookies.include?('coppa')
+                result_opts.merge!(status: Metasploit::Model::Login::Status::SUCCESSFUL, proof: response)
+              else
+                result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: response)
+              end
+
+            else
+              result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: "Server nonce not present, potentially not an IP Board install or bad URI.")
+            end
+          rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error
+            result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT)
+          end
+
+          Result.new(result_opts)
+
+        end
+
+
+        # (see Base#set_sane_defaults)
+        def set_sane_defaults
+          self.uri = "/forum/" if self.uri.nil?
+          @method = "POST".freeze
+
+          super
+        end
+
+        # The method *must* be "POST", so don't let the user change it
+        # @raise [RuntimeError]
+        def method=(_)
+          raise RuntimeError, "Method must be POST for IPBoard"
+        end
+
+      end
+    end
+  end
+end
+

spec/lib/metasploit/framework/login_scanner/ipboard_spec.rb

@@ -0,0 +1,10 @@
+require 'spec_helper'
+require 'metasploit/framework/login_scanner/ipboard'
+
+describe Metasploit::Framework::LoginScanner::IPBoard do
+
+  it_behaves_like 'Metasploit::Framework::LoginScanner::Base',  has_realm_key: true, has_default_realm: false
+  it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
+  it_behaves_like 'Metasploit::Framework::LoginScanner::HTTP'
+
+end