Beispiel #1
0
    def try_auth(self, username, password):
        if self.interface == 'joomla-admin':
            r = Requester.get(self.interface_url)

            data = {
                'username': username,
                'passwd': password,
                #'lang': 'en-GB',
                'option': self.option,
                'task': 'login',
                self.token: '1',
            }
            r = Requester.post(self.interface_url,
                               data,
                               headers={
                                   'Cookie': self.cookie,
                               })

            if 'input name="passwd"' not in r.text:
                self.cookie = 'a=a'
                return True
            else:
                return False

        else:
            raise AuthException('No auth interface found during intialization')
Beispiel #2
0
    def try_auth(self, username, password):
        if self.interface == 'htaccess':
            r = Requester.http_auth(self.interface_url, self.http_auth_type, 
                username, password)
            return (r.status_code != 401)

        else:
            raise AuthException('No auth interface found during initialization')            
Beispiel #3
0
    def try_auth(self, username, password):
        if self.interface == 'admin-console':
            # We need to retrieve ViewState value
            r = Requester.get(self.interface_url)
            m = re.search('<input type="hidden" name="javax\.faces\.ViewState" ' \
                'id="javax\.faces\.ViewState" value="(?P<viewstate>.*?)"', r.text)
            if not m:
                raise RequestException(
                    'Unable to retrieve ViewState from {}'.format(
                        self.interface_url))

            data = OrderedDict([
                ("login_form", "login_form"),
                ("login_form:name", username),
                ("login_form:password", password),
                ("login_form:submit", "Login"),
                ("javax.faces.ViewState", m.group('viewstate')),
            ])
            # We also need to retrieve JSESSIONID value
            m = re.search(
                r'JSESSIONID=(?P<jsessionid>.*); Path=\/admin-console',
                r.headers['Set-Cookie'])
            if not m:
                raise RequestException('Unable to retrieve JSESSIONID value ' \
                    'from {}'.format(self.interface_url))

            r = Requester.post(self.interface_url,
                               data,
                               headers={
                                   'Cookie':
                                   'JSESSIONID={}'.format(
                                       m.group('jsessionid'))
                               },
                               allow_redirects=False)

            status = ('name="login_form:password"' not in r.text \
                and 'Not logged in' not in r.text)
            return status

        elif self.interface == 'jmx-console':
            r = Requester.http_auth(self.interface_url, self.http_auth_type,
                                    username, password)
            return (r.status_code != 401)

        elif self.interface == 'management':
            r = Requester.http_auth(self.interface_url, self.http_auth_type,
                                    username, password)
            return (r.status_code != 401)

        elif self.interface == 'web-console':
            r = Requester.http_auth(self.interface_url, self.http_auth_type,
                                    username, password)
            return (r.status_code != 401)

        else:
            raise AuthException(
                'No auth interface found during initialization')
Beispiel #4
0
    def try_auth(self, username, password):
        if self.interface == 'jenkins-admin':
            data = {
                'j_username': username,
                'j_password': password,
                'Submit': 'Sign+in',
            }
            r = Requester.post(self.action_url, data)
            return ('name="j_password"' not in r.text)

        else:
            raise AuthException('No auth interface found during initialization')            
Beispiel #5
0
    def try_auth(self, username, password):
        if self.interface == 'axis2-admin':
            data = {
                'userName': username,
                'password': password,
                'submit': '+Login+',
            }
            r = Requester.post(self.interface_url, data)
            return (r.status_code == 200 and 'name="password"' not in r.text)

        else:
            raise AuthException('No auth interface found during initialization')            
Beispiel #6
0
    def try_auth(self, username, password):
        if self.interface == 'weblogic-admin':
            data = {
                'j_username': username,
                'j_password': password,
                'j_character_encoding': 'UTF-8',
            }
            r = Requester.post(self.interface_url, data)
            return ('name="j_password"' not in r.text)

        else:
            raise AuthException(
                'No auth interface found during initialization')
Beispiel #7
0
    def try_auth(self, username, password):

        # Note: In Railo, there is no username

        data = OrderedDict([("lang", "en"), ("rememberMe", "yyyy"),
                            ("submit", "submit")])

        if self.interface == 'railo-server-admin':
            data['login_passwordserver'] = password
            r = Requester.post(self.interface_url, data)
            return ('login.login_password' not in r.text)

        elif self.interface == 'railo-web-admin':
            data['login_passwordweb'] = password
            r = Requester.post(self.interface_url, data)
            return ('login.login_password' not in r.text)

        else:
            raise AuthException(
                'No auth interface found during initialization')
Beispiel #8
0
    def try_auth(self, username, password):

        # If anti-CSRF token might be present, reload the page before every attempt
        # and re-extract form fields
        if self.has_csrftoken:
            r = Requester.get(self.url)
            self.cookies = r.cookies
            soup = BeautifulSoup(r.text, 'html.parser')
            try:
                target_form = soup.find_all('form')[self.form_number]
            except:
                raise AuthException(
                    'Problem occured when reloading page. Maybe some WAF/Protection '
                    'is blocking us ?')
            self.parameters = self.__extract_form_fields(target_form)
            if self.password_field not in self.parameters.keys() \
               or (self.username_field and self.username_field not in self.parameters.keys()):
                raise AuthException(
                    'Problem occured when reloading page. Maybe some WAF/Protection '
                    'is blocking us ?')

        # Send authentication request
        if self.username_field:
            self.parameters[self.username_field] = username
        self.parameters[self.password_field] = password

        if self.method == 'GET':
            r = Requester.get(self.action_url,
                              params=self.parameters,
                              cookies=self.cookies)
        else:
            r = Requester.post(self.action_url,
                               data=self.parameters,
                               cookies=self.cookies)
        if self.verbose:
            logger.info('Raw HTTP Request/Response:')
            data = dump.dump_all(r)
            print(data.decode('utf-8'))

        # Check authentication status
        # HTTP response code check
        if r.status_code >= 400:
            return False

        # Check if response page contains password field
        soup = BeautifulSoup(r.text, 'html.parser')
        input_password = soup.find('input',
                                   attrs={'name': self.password_field})
        if input_password:
            return False

        # Heuristic check of failed attemps based on possible error messages
        if re.search(
                '(username\s+or\s+password|cannot\s+log\s*in|unauthorized'
                '|auth(entication)?\s+fail|(invalid|wrong)\s+(cred|user|login|mail|email|e-mail|pass)'
                '|error\s+during\s+(login|auth))', r.text, re.IGNORECASE):
            return False

        # Heuristic check of successful attempt based on page content
        if re.search('(log\s*out|log\s*off|deconn?e|disconn?ec)', r.text,
                     re.IGNORECASE):
            return True

        # Heuristic check of account lockout based on possible error messages
        if re.search(
                '(too\s+many\s+(failed)?\s*(attempt|try|tri)|account\s+(lock|block))',
                r.text, re.IGNORECASE):
            return False

        # Heuristic check based on source code difference with original page
        s = difflib.SequenceMatcher(None, self.page_html, r.text)
        return (s.quick_ratio() < 0.60)