Module: Msf::Exploit::Remote::Imap

Includes:
Tcp
Defined in:
lib/msf/core/exploit/remote/imap.rb

Overview

This module exposes methods that may be useful to exploits that deal with servers that speak the IMAP protocol.

Instance Attribute Summary collapse

Attributes included from Tcp

#sock

Instance Method Summary collapse

Methods included from Tcp

#chost, #cleanup, #connect_timeout, #cport, #disconnect, #handler, #lhost, #lport, #peer, #print_prefix, #proxies, #rhost, #rport, #set_tcp_evasions, #shutdown, #ssl, #ssl_cipher, #ssl_verify_mode, #ssl_version

Instance Attribute Details

This attribute holds the banner that was read in after a successful call to connect or connect_login.



106
107
108
# File 'lib/msf/core/exploit/remote/imap.rb', line 106

def banner
  @banner
end

Instance Method Details

#connect(global = true) ⇒ Object

This method establishes a IMAP connection to host and port specified by the RHOST and RPORT options, respectively. After connecting, the banner message is read in and stored in the ‘banner’ attribute.



36
37
38
39
40
41
42
43
44
# File 'lib/msf/core/exploit/remote/imap.rb', line 36

def connect(global = true)
  fd = super

  # Wait for a banner to arrive...
  self.banner = fd.get_once(-1, 30)

  # Return the file descriptor to the caller
  fd
end

#connect_login(global = true) ⇒ Object

Connect and login to the remote IMAP server using the credentials that have been supplied in the exploit options.



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# File 'lib/msf/core/exploit/remote/imap.rb', line 50

def (global = true)
  ftpsock = connect(global)


  if !(user and pass)
    print_status("No username and password were supplied, unable to login")
    return false
  end

  print_status("Authenticating as #{user} with password #{pass}...")
  res = raw_send_recv("a001 LOGIN #{user} #{pass}\r\n")

  if (res !~ /^a001 OK/)
    print_status("Authentication failed")
    return false
  end

  return true
end

#initialize(info = {}) ⇒ Object

Creates an instance of an IMAP exploit module.



18
19
20
21
22
23
24
25
26
27
28
29
# File 'lib/msf/core/exploit/remote/imap.rb', line 18

def initialize(info = {})
  super

  # Register the options that all IMAP exploits may make use of.
  register_options(
    [
      Opt::RHOST,
      Opt::RPORT(143),
      OptString.new('IMAPUSER', [ false, 'The username to authenticate as']),
      OptString.new('IMAPPASS', [ false, 'The password for the specified username'])
    ], Msf::Exploit::Remote::Imap)
end

#passObject

Returns the user string from the ‘IMAPPASS’ option.



96
97
98
# File 'lib/msf/core/exploit/remote/imap.rb', line 96

def pass
  datastore['IMAPPASS']
end

#raw_send_recv(cmd, nsock = self.sock) ⇒ Object

This method transmits an IMAP command and waits for a response. If one is received, it is returned to the caller.



74
75
76
77
# File 'lib/msf/core/exploit/remote/imap.rb', line 74

def raw_send_recv(cmd, nsock = self.sock)
  nsock.put(cmd)
  nsock.get_once
end

#userObject

Returns the user string from the ‘IMAPUSER’ option.



89
90
91
# File 'lib/msf/core/exploit/remote/imap.rb', line 89

def user
  datastore['IMAPUSER']
end