@@ -80,7 +80,8 @@ class Metasploit3 < Msf::Auxiliary
80
80
'IMAP' => :tls_imap ,
81
81
'JABBER' => :tls_jabber ,
82
82
'POP3' => :tls_pop3 ,
83
- 'FTP' => :tls_ftp
83
+ 'FTP' => :tls_ftp ,
84
+ 'POSTGRES' => :tls_postgres
84
85
}
85
86
86
87
# See the discussion at https://github.com/rapid7/metasploit-framework/pull/3252
@@ -111,7 +112,8 @@ def initialize
111
112
'Sebastiano Di Paola' , # Msf module
112
113
'Tom Sellers' , # Msf module
113
114
'jjarmoc' , #Msf module; keydump, refactoring..
114
- 'Ben Buchanan' #Msf module
115
+ 'Ben Buchanan' , #Msf module
116
+ 'herself' #Msf module
115
117
] ,
116
118
'References' =>
117
119
[
@@ -137,7 +139,7 @@ def initialize
137
139
register_options (
138
140
[
139
141
Opt ::RPORT ( 443 ) ,
140
- OptEnum . new ( 'TLS_CALLBACK' , [ true , 'Protocol to use, "None" to use raw TLS sockets' , 'None' , [ 'None' , 'SMTP' , 'IMAP' , 'JABBER' , 'POP3' , 'FTP' ] ] ) ,
142
+ OptEnum . new ( 'TLS_CALLBACK' , [ true , 'Protocol to use, "None" to use raw TLS sockets' , 'None' , [ 'None' , 'SMTP' , 'IMAP' , 'JABBER' , 'POP3' , 'FTP' , 'POSTGRES' ] ] ) ,
141
143
OptEnum . new ( 'TLS_VERSION' , [ true , 'TLS/SSL version to use' , '1.0' , [ 'SSLv3' , '1.0' , '1.1' , '1.2' ] ] ) ,
142
144
OptInt . new ( 'MAX_KEYTRIES' , [ true , 'Max tries to dump key' , 10 ] ) ,
143
145
OptInt . new ( 'STATUS_EVERY' , [ true , 'How many retries until status' , 5 ] ) ,
@@ -222,6 +224,22 @@ def tls_imap
222
224
sock . get_once ( -1 , response_timeout )
223
225
end
224
226
227
+ def tls_postgres
228
+ # postgresql TLS - works with all modern pgsql versions - 8.0 - 9.3
229
+ # http://www.postgresql.org/docs/9.3/static/protocol-message-formats.html
230
+ sock . get_once
231
+ # the postgres SSLRequest packet is a int32(8) followed by a int16(1234),
232
+ # int16(5679) in network format
233
+ psql_sslrequest = [ 8 ] . pack ( 'N' )
234
+ psql_sslrequest << [ 1234 , 5679 ] . pack ( 'n*' )
235
+ sock . put ( psql_sslrequest )
236
+ res = sock . get_once
237
+ unless res && res =~ /S/
238
+ return nil
239
+ end
240
+ res
241
+ end
242
+
225
243
def tls_pop3
226
244
# http://tools.ietf.org/html/rfc2595
227
245
sock . get_once ( -1 , response_timeout )
0 commit comments