int initModule(sLogin* psLogin, _CVS_DATA *_psSessionData)
{
int hSocket = -1;
enum MODULE_STATE nState = MSTATE_NEW;
sCredentialSet *psCredSet = NULL;
sConnectParams params;
psCredSet = malloc( sizeof(sCredentialSet) );
memset(psCredSet, 0, sizeof(sCredentialSet));
if (getNextCredSet(psLogin, psCredSet) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Error retrieving next credential set to test.", MODULE_NAME);
nState = MSTATE_COMPLETE;
}
else if (psCredSet->psUser)
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s user: %s", MODULE_NAME, psLogin->psServer->pHostIP, psCredSet->psUser->pUser);
}
else
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s - no more available users to test.", MODULE_NAME);
nState = MSTATE_COMPLETE;
}
memset(¶ms, 0, sizeof(sConnectParams));
if (psLogin->psServer->psAudit->iPortOverride > 0)
params.nPort = psLogin->psServer->psAudit->iPortOverride;
else
params.nPort = PORT_CVS;
initConnectionParams(psLogin, ¶ms);
/* set directory name, if not specified by user */
if (_psSessionData->szDir == NULL)
{
_psSessionData->szDir = malloc(6);
memset(_psSessionData->szDir, 0, 6);
sprintf(_psSessionData->szDir, "/root");
}
writeError(ERR_DEBUG_MODULE, "[%s] Set directory name: %s", MODULE_NAME, _psSessionData->szDir);
while (nState != MSTATE_COMPLETE)
{
switch(nState)
{
case MSTATE_NEW:
if (hSocket > 0)
medusaDisconnect(hSocket);
if (psLogin->psServer->psHost->iUseSSL > 0)
hSocket = medusaConnectSSL(¶ms);
else
hSocket = medusaConnect(¶ms);
if (hSocket < 0)
{
writeError(ERR_NOTICE, "%s: failed to connect, port %d was not open on %s", MODULE_NAME, params.nPort, psLogin->psServer->pHostIP);
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
return FAILURE;
}
writeError(ERR_DEBUG_MODULE, "Connected");
nState = MSTATE_RUNNING;
break;
case MSTATE_RUNNING:
nState = tryLogin(hSocket, &psLogin, _psSessionData, psCredSet->psUser->pUser, psCredSet->pPass);
if (psLogin->iResult != LOGIN_RESULT_UNKNOWN)
{
if (getNextCredSet(psLogin, psCredSet) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Error retrieving next credential set to test.", MODULE_NAME);
nState = MSTATE_EXITING;
}
else
{
if (psCredSet->iStatus == CREDENTIAL_DONE)
{
writeError(ERR_DEBUG_MODULE, "[%s] No more available credential sets to test.", MODULE_NAME);
nState = MSTATE_EXITING;
}
else if (psCredSet->iStatus == CREDENTIAL_NEW_USER)
{
writeError(ERR_DEBUG_MODULE, "[%s] Starting testing for new user: %s.", MODULE_NAME, psCredSet->psUser->pUser);
nState = MSTATE_NEW;
}
else
writeError(ERR_DEBUG_MODULE, "[%s] Next credential set - user: %s password: %s", MODULE_NAME, psCredSet->psUser->pUser, psCredSet->pPass);
}
}
break;
case MSTATE_EXITING:
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
nState = MSTATE_COMPLETE;
break;
default:
writeError(ERR_CRITICAL, "Unknown %s module state %d", MODULE_NAME, nState);
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
return FAILURE;
}
}
FREE(psCredSet);
return SUCCESS;
}
int initModule(sLogin* _psLogin, _MODULE_DATA *_psSessionData)
{
int hSocket = -1;
enum MODULE_STATE nState = MSTATE_NEW;
char* bufReceive;
int nReceiveBufferSize = 0, nFoundPrompt = PROMPT_UNKNOWN;
int i = 0;
sCredentialSet *psCredSet = NULL;
sConnectParams params;
psCredSet = malloc( sizeof(sCredentialSet) );
memset(psCredSet, 0, sizeof(sCredentialSet));
if (getNextCredSet(_psLogin, psCredSet) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Error retrieving next credential set to test.", MODULE_NAME);
nState = MSTATE_COMPLETE;
}
else if (psCredSet->psUser)
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s user: %s", MODULE_NAME, _psLogin->psServer->pHostIP, psCredSet->psUser->pUser);
}
else
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s - no more available users to test.", MODULE_NAME);
nState = MSTATE_COMPLETE;
}
memset(¶ms, 0, sizeof(sConnectParams));
if (_psLogin->psServer->psAudit->iPortOverride > 0)
params.nPort = _psLogin->psServer->psAudit->iPortOverride;
else if (_psLogin->psServer->psHost->iUseSSL > 0)
params.nPort = PORT_TELNETS;
else
params.nPort = PORT_TELNET;
initConnectionParams(_psLogin, ¶ms);
while (nState != MSTATE_COMPLETE)
{
switch (nState)
{
case MSTATE_NEW:
// Already have an open socket - close it
if (hSocket > 0)
medusaDisconnect(hSocket);
if (_psLogin->psServer->psHost->iUseSSL > 0)
hSocket = medusaConnectSSL(¶ms);
else
hSocket = medusaConnect(¶ms);
if (hSocket <= 0)
{
writeError(ERR_ERROR, "[%s] Failed to connect, port %d was not open on %s", MODULE_NAME, params.nPort, _psLogin->psServer->pHostIP);
_psLogin->iResult = LOGIN_RESULT_UNKNOWN;
setPassResult(_psLogin, psCredSet->pPass);
return FAILURE;
}
writeError(ERR_DEBUG_MODULE, "Connected");
// Examine the first line returned
nReceiveBufferSize = 0;
bufReceive = medusaReceiveLineDelay(hSocket, &nReceiveBufferSize, RECEIVE_DELAY_1, RECEIVE_DELAY_2);
if (bufReceive == NULL)
return FAILURE;
bufReceive[nReceiveBufferSize] = 0; // Make certain buffer is null-terminated
if (bufReceive == NULL)
{
writeError(ERR_ERROR, "[%s] null response was unexpected from a telnet server (is one running?)", MODULE_NAME);
_psLogin->iResult = LOGIN_RESULT_UNKNOWN;
setPassResult(_psLogin, psCredSet->pPass);
return FAILURE;
}
// Telnet protocol negotiation
do
{
nFoundPrompt = PROMPT_UNKNOWN;
processIAC(hSocket, _psSessionData, &bufReceive, &nReceiveBufferSize);
if (bufReceive != NULL && bufReceive[0] != 0 && (unsigned char)bufReceive[0] != IAC)
makeToLower(bufReceive);
if (bufReceive != NULL)
{
writeError(ERR_DEBUG_MODULE, "Looking for login prompts");
if (_psSessionData->nMode == MODE_AS400)
{
if (strcasestr(bufReceive, (char *)"Sign On") != '\0')
{
writeError(ERR_INFO, "[%s] Detected AS/400 Sign On Screen.", MODULE_NAME);
nFoundPrompt = PROMPT_LOGIN_PASSWORD;
FREE(bufReceive);
if (medusaDataReadyTimed(hSocket, 0, 20000) > 0)
{
// More data waiting
bufReceive = medusaReceiveLineDelay(hSocket, &nReceiveBufferSize, RECEIVE_DELAY_1, RECEIVE_DELAY_2);
if (bufReceive != NULL)
bufReceive[nReceiveBufferSize] = 0; // Make certain buffer is null-terminated
}
break;
}
/*
Sign On
System . . . . . : TSTDBS16
Subsystem . . . . : QINTER
Display . . . . . : QPADEV0001
*/
}
else
{
// Look for known login prompts
for (i = 0; i < KNOWN_LOGIN_SIZE; i++)
{
if (strcasestr(bufReceive, KNOWN_LOGIN_PROMPTS[i]) != '\0')
{
// Do we have a prompt?
writeError(ERR_DEBUG_MODULE, "Found login prompt...");
nFoundPrompt = PROMPT_LOGIN_PASSWORD;
break;
}
}
/* Some systems do not provide a login prompt and go right to password */
for (i = 0; i < KNOWN_PWD_SIZE; i++)
{
if (strcasestr(bufReceive, KNOWN_PWD_PROMPTS[i]) != '\0')
{
// Do we have a prompt?
writeError(ERR_DEBUG_MODULE, "Found a password prompt already...");
nFoundPrompt = PROMPT_PASSWORD;
if (_psLogin->psServer->iLoginsDone < 1 && _psLogin->iId == 0)
writeVerbose(VB_NONE_FILE, "Password Prompt Only: %s\n", _psLogin->psServer->pHostIP);
break;
}
}
if (nFoundPrompt == PROMPT_UNKNOWN)
{
FREE(bufReceive);
if (medusaDataReadyTimed(hSocket, 0, 20000) > 0)
{
// More data waiting
bufReceive = medusaReceiveLineDelay(hSocket, &nReceiveBufferSize, RECEIVE_DELAY_1, RECEIVE_DELAY_2);
if (bufReceive != NULL)
bufReceive[nReceiveBufferSize] = 0; // Make certain buffer is null-terminated
}
}
}
}
}
while (bufReceive != NULL && (unsigned char)bufReceive[0] == IAC && nFoundPrompt == PROMPT_UNKNOWN);
FREE(bufReceive);
if (nFoundPrompt == PROMPT_UNKNOWN)
{
writeError(ERR_ERROR, "[%s] Failed to identify logon prompt.", MODULE_NAME);
_psLogin->iResult = LOGIN_RESULT_UNKNOWN;
setPassResult(_psLogin, psCredSet->pPass);
return FAILURE;
}
else
nState = MSTATE_RUNNING;
break;
case MSTATE_RUNNING:
if (_psSessionData->nMode == MODE_AS400)
nState = tryLoginAS400(hSocket, &_psLogin, _psSessionData, psCredSet->psUser->pUser, psCredSet->pPass);
else
nState = tryLogin(hSocket, &_psLogin, _psSessionData, psCredSet->psUser->pUser, psCredSet->pPass, nFoundPrompt);
if (nState != MSTATE_EXITING)
{
if (processIAClogout(hSocket, _psSessionData) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Failed to close existing Telnet session.", MODULE_NAME);
}
medusaDisconnect(hSocket);
hSocket = -1;
/*
Cisco devices appear to keep sessions open for a brief time after we terminate
the connection. They also seem to ignore "IAC DO LOGOUT" commands. Adding a
sleep() hack here, to give them some time to clean-up.
*/
sleep(1);
if (getNextCredSet(_psLogin, psCredSet) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Error retrieving next credential set to test.", MODULE_NAME);
nState = MSTATE_EXITING;
}
else
{
if (psCredSet->iStatus == CREDENTIAL_DONE)
{
writeError(ERR_DEBUG_MODULE, "[%s] No more available credential sets to test.", MODULE_NAME);
nState = MSTATE_EXITING;
}
else if (psCredSet->iStatus == CREDENTIAL_NEW_USER)
{
writeError(ERR_DEBUG_MODULE, "[%s] Starting testing for new user: %s.", MODULE_NAME, psCredSet->psUser->pUser);
nState = MSTATE_NEW;
}
else
writeError(ERR_DEBUG_MODULE, "[%s] Next credential set - user: %s password: %s", MODULE_NAME, psCredSet->psUser->pUser, psCredSet->pPass);
}
}
break;
case MSTATE_EXITING:
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
nState = MSTATE_COMPLETE;
break;
default:
writeError(ERR_CRITICAL, "Unknown %s module (%d) state %d host: %s", MODULE_NAME, _psLogin->iId, nState, _psLogin->psServer->pHostIP);
_psLogin->iResult = LOGIN_RESULT_UNKNOWN;
}
}
FREE(psCredSet);
return SUCCESS;
}
int initModule(sLogin* psLogin)
{
int hSocket = -1;
enum MODULE_STATE nState = MSTATE_NEW;
sCredentialSet *psCredSet = NULL;
sConnectParams params;
psCredSet = malloc( sizeof(sCredentialSet) );
memset(psCredSet, 0, sizeof(sCredentialSet));
if (getNextCredSet(psLogin, psCredSet) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Error retrieving next credential set to test.", MODULE_NAME);
nState = MSTATE_COMPLETE;
}
else if (psCredSet->psUser)
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s user: %s", MODULE_NAME, psLogin->psServer->pHostIP, psCredSet->psUser->pUser);
}
else
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s - no more available users to test.", MODULE_NAME);
nState = MSTATE_COMPLETE;
}
memset(¶ms, 0, sizeof(sConnectParams));
if (psLogin->psServer->psAudit->iPortOverride > 0)
params.nPort = psLogin->psServer->psAudit->iPortOverride;
else if (psLogin->psServer->psHost->iUseSSL > 0)
writeError(ERR_ERROR, "[%s] module asked for REXEC with SSL. Don't know if such a thing exists...\n");
else
params.nPort = PORT_REXEC;
params.nSourcePort = 1023;
initConnectionParams(psLogin, ¶ms);
while (nState != MSTATE_COMPLETE)
{
switch (nState)
{
case MSTATE_NEW:
// Already have an open socket - close it
if (hSocket > 0)
medusaDisconnect(hSocket);
if (psLogin->psServer->psHost->iUseSSL > 0)
hSocket = medusaConnectSSL(¶ms);
else
hSocket = medusaConnect(¶ms);
if (hSocket < 0)
{
writeError(ERR_NOTICE, "%s: failed to connect, port %d was not open on %s", MODULE_NAME, params.nPort, psLogin->psServer->pHostIP);
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
return FAILURE;
}
writeError(ERR_DEBUG_MODULE, "Connected");
nState = MSTATE_RUNNING;
break;
case MSTATE_RUNNING:
nState = tryLogin(hSocket, &psLogin, psCredSet->psUser->pUser, psCredSet->pPass);
if (psLogin->iResult != LOGIN_RESULT_UNKNOWN)
{
if (getNextCredSet(psLogin, psCredSet) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Error retrieving next credential set to test.", MODULE_NAME);
nState = MSTATE_EXITING;
}
else
{
if (psCredSet->iStatus == CREDENTIAL_DONE)
{
writeError(ERR_DEBUG_MODULE, "[%s] No more available credential sets to test.", MODULE_NAME);
nState = MSTATE_EXITING;
}
else if (psCredSet->iStatus == CREDENTIAL_NEW_USER)
{
writeError(ERR_DEBUG_MODULE, "[%s] Starting testing for new user: %s.", MODULE_NAME, psCredSet->psUser->pUser);
nState = MSTATE_NEW;
}
else
writeError(ERR_DEBUG_MODULE, "[%s] Next credential set - user: %s password: %s", MODULE_NAME, psCredSet->psUser->pUser, psCredSet->pPass);
}
}
break;
case MSTATE_EXITING:
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
nState = MSTATE_COMPLETE;
break;
default:
writeError(ERR_CRITICAL, "Unknown %s module state %d", MODULE_NAME, nState);
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
return FAILURE;
}
}
FREE(psCredSet);
return SUCCESS;
}
int initModule(_MODULE_DATA *_psSessionData, sLogin* psLogin)
{
int hSocket = -1;
enum MODULE_STATE nState = MSTATE_NEW;
unsigned char bufSend[BUF_SIZE];
sCredentialSet *psCredSet = NULL;
sConnectParams params;
psCredSet = malloc( sizeof(sCredentialSet) );
memset(psCredSet, 0, sizeof(sCredentialSet));
if (getNextCredSet(psLogin, psCredSet) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Error retrieving next credential set to test.", MODULE_NAME);
nState = MSTATE_COMPLETE;
}
else if (psCredSet->psUser)
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s user: %s", MODULE_NAME, psLogin->psServer->pHostIP, psCredSet->psUser->pUser);
}
else
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s - no more available users to test.", MODULE_NAME);
nState = MSTATE_COMPLETE;
}
memset(¶ms, 0, sizeof(sConnectParams));
if (psLogin->psServer->psAudit->iPortOverride > 0)
params.nPort = psLogin->psServer->psAudit->iPortOverride;
else if (psLogin->psServer->psHost->iUseSSL > 0)
params.nPort = PORT_IMAPS;
else
params.nPort = PORT_IMAP;
initConnectionParams(psLogin, ¶ms);
/* set TAG, if not specified by user */
if (_psSessionData->szTag == NULL)
{
_psSessionData->szTag = malloc(5);
memset(_psSessionData->szTag, 0, 5);
sprintf(_psSessionData->szTag, "gerg");
}
while (nState != MSTATE_COMPLETE)
{
switch (nState)
{
case MSTATE_NEW:
// Already have an open socket - close it
if (hSocket > 0)
medusaDisconnect(hSocket);
if (psLogin->psServer->psHost->iUseSSL > 0)
hSocket = medusaConnectSSL(¶ms);
else
hSocket = medusaConnect(¶ms);
if (hSocket < 0)
{
writeError(ERR_NOTICE, "%s: failed to connect, port %d was not open on %s", MODULE_NAME, params.nPort, psLogin->psServer->pHostIP);
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
return FAILURE;
}
if (initConnection(_psSessionData, hSocket, ¶ms) == FAILURE)
{
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
return FAILURE;
}
writeError(ERR_DEBUG_MODULE, "Connected");
nState = MSTATE_RUNNING;
break;
case MSTATE_RUNNING:
/* The IMAP service may be configured to drop connections after an arbitrary number of failed
logon attempts. We will reuse the established connection to send authentication attempts
until that disconnect happens. At that point the connection should be reestablished. */
if ( medusaCheckSocket(hSocket) )
{
nState = tryLogin(hSocket, _psSessionData, &psLogin, psCredSet->psUser->pUser, psCredSet->pPass);
if (psLogin->iResult != LOGIN_RESULT_UNKNOWN)
{
if (getNextCredSet(psLogin, psCredSet) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Error retrieving next credential set to test.", MODULE_NAME);
nState = MSTATE_EXITING;
}
else
{
if (psCredSet->iStatus == CREDENTIAL_DONE)
{
writeError(ERR_DEBUG_MODULE, "[%s] No more available credential sets to test.", MODULE_NAME);
nState = MSTATE_EXITING;
}
else if (psCredSet->iStatus == CREDENTIAL_NEW_USER)
{
writeError(ERR_DEBUG_MODULE, "[%s] Starting testing for new user: %s.", MODULE_NAME, psCredSet->psUser->pUser);
nState = MSTATE_NEW;
}
else
writeError(ERR_DEBUG_MODULE, "[%s] Next credential set - user: %s password: %s", MODULE_NAME, psCredSet->psUser->pUser, psCredSet->pPass);
}
}
}
else
{
writeError(ERR_NOTICE, "[%s] Socket is no longer valid. Server likely dropped connection. Establishing new session.", MODULE_NAME);
nState = MSTATE_NEW;
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
}
break;
case MSTATE_EXITING:
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
nState = MSTATE_COMPLETE;
break;
default:
writeError(ERR_CRITICAL, "Unknown %s module state %d", MODULE_NAME, nState);
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
return FAILURE;
}
}
FREE(psCredSet);
return SUCCESS;
}
int initModule(sLogin* psLogin)
{
int hSocket = -1;
enum MODULE_STATE nState = MSTATE_NEW;
char* bufReceive;
int nReceiveBufferSize = 0, nFirstPass = 0, nFoundPrompt = 0;
int i = 0;
char *pPass;
sUser* user = psLogin->psUser;
sConnectParams params;
memset(¶ms, 0, sizeof(sConnectParams));
if (psLogin->psServer->psAudit->iPortOverride > 0)
params.nPort = psLogin->psServer->psAudit->iPortOverride;
else if (psLogin->psServer->psHost->iUseSSL > 0)
writeError(ERR_DEBUG_MODULE, "[%s] module asked for RLOGIN/SSL. Don't know if such a thing exists...\n");
else
params.nPort = PORT_RLOGIN;
params.nSourcePort = 1023;
initConnectionParams(psLogin, ¶ms);
if (user != NULL)
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s user: '******'", MODULE_NAME, psLogin->psServer->pHostIP, user->pUser);
}
else
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s", MODULE_NAME, psLogin->psServer->pHostIP);
}
pPass = getNextPass(psLogin->psServer->psAudit, user);
if (pPass == NULL)
{
writeVerbose(VB_GENERAL, "[%s] out of passwords for user '%s' at host '%s', bailing", MODULE_NAME, user->pUser, psLogin->psServer->pHostIP);
}
while(NULL != pPass)
{
switch(nState)
{
case MSTATE_NEW:
// Already have an open socket - close it
if (hSocket > 0)
medusaDisconnect(hSocket);
if (psLogin->psServer->psHost->iUseSSL > 0)
hSocket = medusaConnectSSL(¶ms);
else
hSocket = medusaConnect(¶ms);
if (hSocket < 0)
{
writeError(ERR_NOTICE, "%s: failed to connect, port %d was not open on %s", MODULE_NAME, params.nPort, psLogin->psServer->pHostIP);
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
psLogin->iStatus = LOGIN_FAILED;
return FAILURE;
}
writeError(ERR_DEBUG_MODULE, "Connected");
nState = MSTATE_RUNNING;
break;
case MSTATE_RUNNING:
nState = tryLogin(hSocket, &psLogin, user->pUser, pPass);
if (psLogin->iResult != LOGIN_RESULT_UNKNOWN)
pPass = getNextPass(psLogin->psServer->psAudit, user);
break;
case MSTATE_EXITING:
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
pPass = NULL;
break;
default:
writeError(ERR_CRITICAL, "Unknown %s module state %d", MODULE_NAME, nState);
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
psLogin->iStatus = LOGIN_FAILED;
return FAILURE;
}
}
psLogin->iStatus = LOGIN_DONE;
return SUCCESS;
}
int initModule(_MODULE_DATA *_psSessionData, sLogin* _psLogin)
{
int hSocket = -1;
enum MODULE_STATE nState = MSTATE_NEW;
char *pStrtokSavePtr = NULL;
char *pTemp;
int nBufLength = 0;
sCredentialSet *psCredSet = NULL;
sConnectParams params;
psCredSet = malloc( sizeof(sCredentialSet) );
memset(psCredSet, 0, sizeof(sCredentialSet));
if (getNextCredSet(_psLogin, psCredSet) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Error retrieving next credential set to test.", MODULE_NAME);
nState = MSTATE_COMPLETE;
}
else if (psCredSet->psUser)
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s user: %s", MODULE_NAME, _psLogin->psServer->pHostIP, psCredSet->psUser->pUser);
}
else
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s - no more available users to test.", MODULE_NAME);
nState = MSTATE_COMPLETE;
}
memset(¶ms, 0, sizeof(sConnectParams));
if (_psLogin->psServer->psAudit->iPortOverride > 0)
params.nPort = _psLogin->psServer->psAudit->iPortOverride;
else if (_psLogin->psServer->psHost->iUseSSL > 0)
params.nPort = HTTPS_PORT;
else
params.nPort = HTTP_PORT;
initConnectionParams(_psLogin, ¶ms);
while (nState != MSTATE_COMPLETE)
{
switch (nState)
{
case MSTATE_NEW:
// Already have an open socket - close it
if (hSocket > 0)
medusaDisconnect(hSocket);
if (_psLogin->psServer->psHost->iUseSSL > 0)
hSocket = medusaConnectSSL(¶ms);
else
hSocket = medusaConnect(¶ms);
if (hSocket < 0)
{
writeError(ERR_NOTICE, "%s: failed to connect, port %d was not open on %s", MODULE_NAME, params.nPort, _psLogin->psServer->pHostIP);
_psLogin->iResult = LOGIN_RESULT_UNKNOWN;
setPassResult(_psLogin, psCredSet->pPass);
return FAILURE;
}
/* Set request parameters */
if (!_psSessionData->szDir) {
_psSessionData->szDir = malloc(1);
memset(_psSessionData->szDir, 0, 1);
sprintf(_psSessionData->szDir, "/");
}
if (!_psSessionData->szHostHeader) {
nBufLength = strlen(_psLogin->psServer->psHost->pHost) + 1 + log(params.nPort) + 1;
_psSessionData->szHostHeader = malloc(nBufLength + 1);
memset(_psSessionData->szHostHeader, 0, nBufLength + 1);
sprintf(_psSessionData->szHostHeader, "%s:%d", _psLogin->psServer->psHost->pHost, params.nPort);
}
if (!_psSessionData->szFormData) {
_psSessionData->szFormRest = malloc(1);
memset(_psSessionData->szFormRest, 0, 1);
_psSessionData->szFormUser = malloc(10);
memset(_psSessionData->szFormUser, 0, 10);
sprintf(_psSessionData->szFormUser, "username="******"password="******"?", &pStrtokSavePtr);
writeError(ERR_DEBUG_MODULE, "[%s] User-supplied Form Action Method: %s", MODULE_NAME, pTemp);
if(strncasecmp(pTemp, "POST", 4) == 0)
_psSessionData->nFormType=FORM_POST;
else if(strncasecmp(pTemp, "GET", 3) == 0)
_psSessionData->nFormType=FORM_GET;
else
_psSessionData->nFormType=FORM_UNKNOWN;
pTemp = strtok_r(NULL, "&", &pStrtokSavePtr);
if (pTemp != NULL)
{
_psSessionData->szFormUser = malloc( strlen(pTemp) + 1 );
memset(_psSessionData->szFormUser, 0, strlen(pTemp) + 1);
strncpy(_psSessionData->szFormUser, pTemp, strlen(pTemp));
}
pTemp = strtok_r(NULL, "&", &pStrtokSavePtr);
if (pTemp != NULL)
{
_psSessionData->szFormPass = malloc( strlen(pTemp) + 1);
memset(_psSessionData->szFormPass, 0, strlen(pTemp) + 1);
strncpy(_psSessionData->szFormPass, pTemp, strlen(pTemp));
}
pTemp = strtok_r(NULL, "", &pStrtokSavePtr);
if (pTemp != NULL)
{
_psSessionData->szFormRest = malloc( strlen(pTemp) + 1 );
memset(_psSessionData->szFormRest, 0, strlen(pTemp) + 1);
strncpy(_psSessionData->szFormRest, pTemp, strlen(pTemp));
}
}
writeError(ERR_DEBUG_MODULE, "[%s] User-supplied Form User Field: %s", MODULE_NAME, _psSessionData->szFormUser);
writeError(ERR_DEBUG_MODULE, "[%s] User-supplied Form Pass Field: %s", MODULE_NAME, _psSessionData->szFormPass);
writeError(ERR_DEBUG_MODULE, "[%s] User-supplied Form Rest Field: %s", MODULE_NAME, _psSessionData->szFormRest);
if ((_psSessionData->nFormType == FORM_UNKNOWN) || (_psSessionData->szFormUser == NULL) || (_psSessionData->szFormPass == NULL))
{
writeError(ERR_WARNING, "Invalid FORM-DATA format. Using default format: \"post?username=&password=\"");
_psSessionData->szFormRest = malloc(1);
memset(_psSessionData->szFormRest, 0, 1);
_psSessionData->szFormUser = malloc(10);
memset(_psSessionData->szFormUser, 0, 10);
sprintf(_psSessionData->szFormUser, "username="******"password="******"I'm not Mozilla, I'm Ming Mong");
}
if (!_psSessionData->szDenySignal) {
_psSessionData->szDenySignal = malloc(19);
memset(_psSessionData->szDenySignal, 0, 19);
sprintf(_psSessionData->szDenySignal, "Login Incorrect");
}
nState = MSTATE_RUNNING;
break;
case MSTATE_RUNNING:
nState = tryLogin(hSocket, _psSessionData, &_psLogin, params.nPort, psCredSet->psUser->pUser, psCredSet->pPass);
if (_psLogin->iResult != LOGIN_RESULT_UNKNOWN)
{
if (getNextCredSet(_psLogin, psCredSet) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Error retrieving next credential set to test.", MODULE_NAME);
nState = MSTATE_EXITING;
}
else
{
if (psCredSet->iStatus == CREDENTIAL_DONE)
{
writeError(ERR_DEBUG_MODULE, "[%s] No more available credential sets to test.", MODULE_NAME);
nState = MSTATE_EXITING;
}
else if (psCredSet->iStatus == CREDENTIAL_NEW_USER)
{
writeError(ERR_DEBUG_MODULE, "[%s] Starting testing for new user: %s.", MODULE_NAME, psCredSet->psUser->pUser);
nState = MSTATE_NEW;
}
else
writeError(ERR_DEBUG_MODULE, "[%s] Next credential set - user: %s password: %s", MODULE_NAME, psCredSet->psUser->pUser, psCredSet->pPass);
}
}
break;
case MSTATE_EXITING:
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
nState = MSTATE_COMPLETE;
break;
default:
writeError(ERR_CRITICAL, "Unknown HTTP module state (%d). Exiting...", nState);
_psLogin->iResult = LOGIN_RESULT_UNKNOWN;
break;
}
}
/* clean up memory */
FREE(_psSessionData->szDir);
FREE(_psSessionData->szHostHeader);
FREE(_psSessionData->szUserAgent);
FREE(_psSessionData->szDenySignal);
FREE(_psSessionData->szFormData);
FREE(_psSessionData->szFormRest);
FREE(_psSessionData->szFormUser);
FREE(_psSessionData->szFormPass);
FREE(psCredSet);
return SUCCESS;
}
int initModule(sLogin* psLogin, _MODULE_DATA *_psSessionData)
{
int hSocket = -1;
enum MODULE_STATE nState = MSTATE_NEW;
unsigned char bufSend[BUF_SIZE];
unsigned char* bufReceive;
int nReceiveBufferSize = 0;
sCredentialSet *psCredSet = NULL;
sConnectParams params;
psCredSet = malloc( sizeof(sCredentialSet) );
memset(psCredSet, 0, sizeof(sCredentialSet));
if (getNextCredSet(psLogin, psCredSet) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Error retrieving next credential set to test.", MODULE_NAME);
nState = MSTATE_COMPLETE;
}
else if (psCredSet->psUser)
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s user: %s", MODULE_NAME, psLogin->psServer->pHostIP, psCredSet->psUser->pUser);
}
else
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s - no more available users to test.", MODULE_NAME);
nState = MSTATE_COMPLETE;
}
memset(¶ms, 0, sizeof(sConnectParams));
if (psLogin->psServer->psAudit->iPortOverride > 0)
params.nPort = psLogin->psServer->psAudit->iPortOverride;
else if (psLogin->psServer->psHost->iUseSSL > 0)
params.nPort = PORT_POP3S;
else
params.nPort = PORT_POP3;
initConnectionParams(psLogin, ¶ms);
while (nState != MSTATE_COMPLETE)
{
switch (nState)
{
case MSTATE_NEW:
// Already have an open socket - close it
if (hSocket > 0)
medusaDisconnect(hSocket);
if (psLogin->psServer->psHost->iUseSSL > 0)
hSocket = medusaConnectSSL(¶ms);
else
hSocket = medusaConnect(¶ms);
if (hSocket < 0)
{
writeError(ERR_NOTICE, "%s: failed to connect, port %d was not open on %s", MODULE_NAME, params.nPort, psLogin->psServer->pHostIP);
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
return FAILURE;
}
/* establish initial connection */
nReceiveBufferSize = 0;
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "\\+OK.*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_DEBUG_MODULE, "%s failed: Server did not respond with '+OK'. Exiting...", MODULE_NAME);
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
nState = MSTATE_EXITING;
}
else
{
writeError(ERR_DEBUG_MODULE, "Connected");
nState = MSTATE_RUNNING;
}
/* POP3 STARTTLS Extension
http://www.faqs.org/rfcs/rfc2595.html
*/
/* The capability name "STLS" indicates this command is present and
permitted in the current state. "CAPA" can be used to test for its
presence. Are there cases where "STLS" may not be implemented?
*/
/* Initiate STLS only if we don't already have a SSL connection */
if (psLogin->psServer->psHost->iUseSSL == 0)
{
memset(bufSend, 0, BUF_SIZE);
sprintf(bufSend, "STLS\r\n");
if (medusaSend(hSocket, bufSend, strlen(bufSend), 0) < 0)
{
writeError(ERR_ERROR, "[%s] failed: medusaSend was not successful", MODULE_NAME);
return FAILURE;
}
nReceiveBufferSize = 0;
if (medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "\\+OK.*\r\n|-ERR.*\r\n") == FAILURE)
{
writeError(ERR_ERROR, "[%s] Failed: Unexpected or no data received: %s", MODULE_NAME, bufReceive);
return FAILURE;
}
/*
[SUPPORTED] +OK Begin TLS negotiation / +OK Ready to start TLS
[NOT SUPPORTED] +OK STLS completed
[ERROR] -ERR Command not permitted when TLS active
*/
else if (strstr(bufReceive, "+OK") != NULL)
{
FREE(bufReceive);
writeError(ERR_DEBUG_MODULE, "[%s] Starting TLS negotiation.", MODULE_NAME);
params.nSSLVersion = 3.1; /* Force the use of TLSv1 */
if (medusaConnectSocketSSL(¶ms, hSocket) < 0)
{
writeError(ERR_ERROR, "[%s] Failed to establish SSLv3 connection.", MODULE_NAME);
return FAILURE;
}
}
else
{
writeError(ERR_DEBUG_MODULE, "[%s] TLS negotiation not available.", MODULE_NAME);
FREE(bufReceive);
}
}
/* Query service for accepted authentication methods */
if (_psSessionData->nAuthType == AUTH_UNKNOWN)
{
getAuthType(hSocket, _psSessionData);
if (_psSessionData->nAuthType == AUTH_UNKNOWN)
{
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
return FAILURE;
}
}
break;
case MSTATE_RUNNING:
/* The POP3 service may be configured to drop connections after an arbitrary number of failed
logon attempts. We will reuse the established connection to send authentication attempts
until that disconnect happens. At that point the connection should be reestablished. */
if ( medusaCheckSocket(hSocket) )
{
nState = tryLogin(hSocket, &psLogin, _psSessionData, psCredSet->psUser->pUser, psCredSet->pPass);
if (psLogin->iResult != LOGIN_RESULT_UNKNOWN)
{
if (getNextCredSet(psLogin, psCredSet) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Error retrieving next credential set to test.", MODULE_NAME);
nState = MSTATE_EXITING;
}
else
{
if (psCredSet->iStatus == CREDENTIAL_DONE)
{
writeError(ERR_DEBUG_MODULE, "[%s] No more available credential sets to test.", MODULE_NAME);
nState = MSTATE_EXITING;
}
else if (psCredSet->iStatus == CREDENTIAL_NEW_USER)
{
writeError(ERR_DEBUG_MODULE, "[%s] Starting testing for new user: %s.", MODULE_NAME, psCredSet->psUser->pUser);
nState = MSTATE_NEW;
}
else
writeError(ERR_DEBUG_MODULE, "[%s] Next credential set - user: %s password: %s", MODULE_NAME, psCredSet->psUser->pUser, psCredSet->pPass);
}
}
}
else
{
writeError(ERR_NOTICE, "[%s] Socket is no longer valid. Server likely dropped connection. Establishing new session.", MODULE_NAME);
nState = MSTATE_NEW;
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
}
break;
case MSTATE_EXITING:
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
nState = MSTATE_COMPLETE;
break;
default:
writeError(ERR_CRITICAL, "Unknown %s module state %d", MODULE_NAME, nState);
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
return FAILURE;
}
}
FREE(psCredSet);
return SUCCESS;
}
int initModule(sLogin* psLogin, _MODULE_DATA *_psSessionData)
{
int hSocket = -1;
enum MODULE_STATE nState = MSTATE_NEW;
unsigned char* bufReceive;
int nReceiveBufferSize = 0;
sCredentialSet *psCredSet = NULL;
psCredSet = malloc( sizeof(sCredentialSet) );
memset(psCredSet, 0, sizeof(sCredentialSet));
if (getNextCredSet(psLogin, psCredSet) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Error retrieving next credential set to test.", MODULE_NAME);
nState = MSTATE_COMPLETE;
}
else if (psCredSet->psUser)
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s user: %s", MODULE_NAME, psLogin->psServer->pHostIP, psCredSet->psUser->pUser);
}
else
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s - no more available users to test.", MODULE_NAME);
nState = MSTATE_COMPLETE;
}
_psSessionData->params = malloc( sizeof(sConnectParams) );
memset(_psSessionData->params, 0, sizeof(sConnectParams));
if (_psSessionData->nAuthType == AUTH_IMPLICIT)
{
psLogin->psServer->psHost->iUseSSL = 1;
_psSessionData->params->nPort = PORT_FTPS;
}
else
{
_psSessionData->params->nPort = PORT_FTP;
}
if (psLogin->psServer->psAudit->iPortOverride > 0)
_psSessionData->params->nPort = psLogin->psServer->psAudit->iPortOverride;
else if (psLogin->psServer->psHost->iUseSSL > 0)
_psSessionData->params->nPort = PORT_FTPS;
initConnectionParams(psLogin, _psSessionData->params);
while (nState != MSTATE_COMPLETE)
{
switch (nState)
{
case MSTATE_NEW:
// Already have an open socket - close it
if (hSocket > 0)
medusaDisconnect(hSocket);
if (psLogin->psServer->psHost->iUseSSL > 0)
hSocket = medusaConnectSSL(_psSessionData->params);
else
hSocket = medusaConnect(_psSessionData->params);
if (hSocket < 0)
{
writeError(ERR_NOTICE, "%s: failed to connect, port %d was not open on %s", MODULE_NAME, _psSessionData->params->nPort, psLogin->psServer->pHostIP);
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
return FAILURE;
}
/* establish initial connection */
/* http://www.faqs.org/rfcs/rfc959.html
Thus the format for multi-line replies is that the first line
will begin with the exact required reply code, followed
immediately by a Hyphen, "-" (also known as Minus), followed by
text. The last line will begin with the same code, followed
immediately by Space <SP>, optionally some text, and the Telnet
end-of-line code.
*/
writeError(ERR_DEBUG_MODULE, "[%s] Retrieving FTP banner.", MODULE_NAME);
bufReceive = NULL;
nReceiveBufferSize = 0;
/* Grab entire banner and verify format */
if ((medusaReceiveRegex(hSocket, &bufReceive, &nReceiveBufferSize, "^[0-9]{3,3}-.*\r\n[0-9]{3,3} .*\r\n|^[0-9]{3,3} .*\r\n") == FAILURE) || (bufReceive == NULL))
{
writeError(ERR_DEBUG_MODULE, "[%s] failed: Server sent unknown response. Exiting...", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
if (strncmp((char*)bufReceive, "220", 3) == 0)
{
writeError(ERR_DEBUG_MODULE, "[%s] Server sent 220 response.", MODULE_NAME);
FREE(bufReceive);
}
else if (strncmp((char*)bufReceive, "421", 3) == 0)
{
writeError(ERR_ERROR, "[%s] Server sent 421 response (too many connections).", MODULE_NAME);
FREE(bufReceive);
return FAILURE;
}
else
{
writeError(ERR_ERROR, "[%s] Server sent unknown response code: %c%c%c", MODULE_NAME, bufReceive[0], bufReceive[1], bufReceive[2]);
FREE(bufReceive);
return FAILURE;
}
/* Establish Explicit FTPS mode authentication if requested */
if (_psSessionData->nAuthType == AUTH_EXPLICIT)
{
if (initAuthSSL(hSocket, _psSessionData) == FAILURE)
{
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
nState = MSTATE_EXITING;
}
}
nState = MSTATE_RUNNING;
break;
case MSTATE_RUNNING:
/* The FTP service may be configured to drop connections after an arbitrary number of failed
logon attempts. We will reuse the established connection to send authentication attempts
until that disconnect happens. At that point the connection should be reestablished. */
if ( medusaCheckSocket(hSocket, psLogin->psServer->psAudit->iSocketWait) )
{
nState = tryLogin(hSocket, &psLogin, _psSessionData, psCredSet->psUser->pUser, psCredSet->pPass);
if (psLogin->iResult != LOGIN_RESULT_UNKNOWN)
{
if (getNextCredSet(psLogin, psCredSet) == FAILURE)
{
writeError(ERR_ERROR, "[%s] Error retrieving next credential set to test.", MODULE_NAME);
nState = MSTATE_EXITING;
}
else
{
if (psCredSet->iStatus == CREDENTIAL_DONE)
{
writeError(ERR_DEBUG_MODULE, "[%s] No more available credential sets to test.", MODULE_NAME);
nState = MSTATE_EXITING;
}
else if (psCredSet->iStatus == CREDENTIAL_NEW_USER)
{
writeError(ERR_DEBUG_MODULE, "[%s] Starting testing for new user: %s.", MODULE_NAME, psCredSet->psUser->pUser);
nState = MSTATE_NEW;
}
else
writeError(ERR_DEBUG_MODULE, "[%s] Next credential set - user: %s password: %s", MODULE_NAME, psCredSet->psUser->pUser, psCredSet->pPass);
}
}
}
else
{
writeError(ERR_NOTICE, "[%s] Socket is no longer valid. Server likely dropped connection. Establishing new session.", MODULE_NAME);
nState = MSTATE_NEW;
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
}
break;
case MSTATE_EXITING:
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
nState = MSTATE_COMPLETE;
break;
default:
writeError(ERR_CRITICAL, "Unknown %s module state %d", MODULE_NAME, nState);
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
return FAILURE;
}
}
FREE(psCredSet);
return SUCCESS;
}
int initModule(sLogin* psLogin, _MODULE_DATA *_psSessionData)
{
int hSocket = -1;
enum MODULE_STATE nState = MSTATE_NEW;
char* bufReceive;
int nReceiveBufferSize = 0, nFirstPass = 0, nFoundPrompt = 0;
int i = 0;
char *pPass;
sUser* user = psLogin->psUser;
sConnectParams params;
memset(¶ms, 0, sizeof(sConnectParams));
params.nPort = PORT_SMTP;
initConnectionParams(psLogin, ¶ms);
if (user != NULL)
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s user: '******'", MODULE_NAME, psLogin->psServer->pHostIP, user->pUser);
}
else
{
writeError(ERR_DEBUG_MODULE, "[%s] module started for host: %s", MODULE_NAME, psLogin->psServer->pHostIP);
}
pPass = getNextPass(psLogin->psServer->psAudit, user);
if (pPass == NULL)
{
writeVerbose(VB_GENERAL, "[%s] out of passwords for user '%s' at host '%s', bailing", MODULE_NAME, user->pUser, psLogin->psServer->pHostIP);
}
if (_psSessionData->szEHLO == NULL)
{
_psSessionData->szEHLO = malloc(7);
memset(_psSessionData->szEHLO, 0, 7);
sprintf(_psSessionData->szEHLO, "MEDUSA");
}
writeError(ERR_DEBUG, "[%s] Set EHLO value: %s", MODULE_NAME, _psSessionData->szEHLO);
while(NULL != pPass)
{
switch(nState)
{
case MSTATE_NEW:
if (hSocket > 0)
medusaDisconnect(hSocket);
if (psLogin->psServer->psHost->iUseSSL > 0)
hSocket = medusaConnectSSL(¶ms);
else
hSocket = medusaConnect(¶ms);
if (hSocket < 0)
{
writeError(ERR_NOTICE, "%s: failed to connect, port %d was not open on %s", MODULE_NAME, params.nPort, psLogin->psServer->pHostIP);
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
psLogin->iStatus = LOGIN_FAILED;
return FAILURE;
}
writeError(ERR_DEBUG_MODULE, "Connected");
/* send EHLO */
writeError(ERR_DEBUG_MODULE, "[%s] Sending EHLO command.", MODULE_NAME);
if (sayEHLO(hSocket, _psSessionData) == SUCCESS)
nState = MSTATE_RUNNING;
else
nState = MSTATE_EXITING;
break;
case MSTATE_RUNNING:
nState = tryLogin(hSocket, &psLogin, _psSessionData, pPass, user->pUser);
if (psLogin->iResult != LOGIN_RESULT_UNKNOWN)
pPass = getNextPass(psLogin->psServer->psAudit, user);
break;
case MSTATE_EXITING:
sayQUIT(hSocket);
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
pPass = NULL;
break;
default:
writeError(ERR_CRITICAL, "Unknown %s module state %d", MODULE_NAME, nState);
if (hSocket > 0)
medusaDisconnect(hSocket);
hSocket = -1;
psLogin->iResult = LOGIN_RESULT_UNKNOWN;
psLogin->iStatus = LOGIN_FAILED;
return FAILURE;
}
}
psLogin->iStatus = LOGIN_DONE;
return SUCCESS;
}
