def try_auth(self, username, password):
if self.interface == 'coldfusion-5-admin':
data = {
'PasswordProvided_required': 'You+must+provide+a+password.',
'PasswordProvided': password,
'Submit': 'Password',
}
r = Requester.post(self.interface_url, data)
return (r.status_code == 200
and 'name="PasswordProvided"' not in r.text)
elif self.interface == 'coldfusion-6-admin':
data = {
'cfadminPassword': password,
'requestedURL': '/CFIDE/administrator/index.cfm',
'submit': 'Login',
}
r = Requester.post(self.interface_url, data)
return (r.status_code == 200
and 'name="cfadminPassword"' not in r.text)
elif self.interface == 'coldfusion-7-8-9-admin':
salt = self._get_salt(self.interface_url)
hash_ = hmac.new(
bytes(salt, 'ascii'),
bytes(
hashlib.sha1(password.encode('utf-8')).hexdigest().upper(),
'ascii'), hashlib.sha1).hexdigest().upper()
data = {
'cfadminPassword': hash_,
'requestedURL': '/CFIDE/administrator/enter.cfm?',
'cfadminUserId': username,
'salt': salt,
'submit': 'Login',
}
r = Requester.post(self.interface_url, data)
return (r.status_code == 200
and 'name="cfadminPassword"' not in r.text)
elif self.interface == 'coldfusion-10-11-admin':
hash_ = hashlib.sha1(password.encode('utf-8')).hexdigest().upper()
data = {
'cfadminPassword': hash_,
'requestedURL': '/CFIDE/administrator/enter.cfm?',
'cfadminUserId': username,
'submit': 'Login',
}
r = Requester.post(self.interface_url, data)
return (r.status_code == 200
and 'name="cfadminPassword"' not in r.text)
def try_auth(self, username, password):
if self.interface == 'joomla-admin':
r = Requester.get(self.interface_url)
data = {
'username': username,
'passwd': password,
#'lang': 'en-GB',
'option': self.option,
'task': 'login',
self.token: '1',
}
r = Requester.post(self.interface_url,
data,
headers={
'Cookie': self.cookie,
})
if 'input name="passwd"' not in r.text:
self.cookie = 'a=a'
return True
else:
return False
else:
raise AuthException('No auth interface found during intialization')
def try_auth(self, username, password):
if self.interface == 'admin-console':
# We need to retrieve ViewState value
r = Requester.get(self.interface_url)
m = re.search('<input type="hidden" name="javax\.faces\.ViewState" ' \
'id="javax\.faces\.ViewState" value="(?P<viewstate>.*?)"', r.text)
if not m:
raise RequestException(
'Unable to retrieve ViewState from {}'.format(
self.interface_url))
data = OrderedDict([
("login_form", "login_form"),
("login_form:name", username),
("login_form:password", password),
("login_form:submit", "Login"),
("javax.faces.ViewState", m.group('viewstate')),
])
# We also need to retrieve JSESSIONID value
m = re.search(
r'JSESSIONID=(?P<jsessionid>.*); Path=\/admin-console',
r.headers['Set-Cookie'])
if not m:
raise RequestException('Unable to retrieve JSESSIONID value ' \
'from {}'.format(self.interface_url))
r = Requester.post(self.interface_url,
data,
headers={
'Cookie':
'JSESSIONID={}'.format(
m.group('jsessionid'))
},
allow_redirects=False)
status = ('name="login_form:password"' not in r.text \
and 'Not logged in' not in r.text)
return status
elif self.interface == 'jmx-console':
r = Requester.http_auth(self.interface_url, self.http_auth_type,
username, password)
return (r.status_code != 401)
elif self.interface == 'management':
r = Requester.http_auth(self.interface_url, self.http_auth_type,
username, password)
return (r.status_code != 401)
elif self.interface == 'web-console':
r = Requester.http_auth(self.interface_url, self.http_auth_type,
username, password)
return (r.status_code != 401)
else:
raise AuthException(
'No auth interface found during initialization')
def try_auth(self, username, password):
# Note: In Railo, there is no username
data = OrderedDict([("lang", "en"), ("rememberMe", "yyyy"),
("submit", "submit")])
if self.interface == 'railo-server-admin':
data['login_passwordserver'] = password
r = Requester.post(self.interface_url, data)
return ('login.login_password' not in r.text)
elif self.interface == 'railo-web-admin':
data['login_passwordweb'] = password
r = Requester.post(self.interface_url, data)
return ('login.login_password' not in r.text)
else:
raise AuthException(
'No auth interface found during initialization')
def try_auth(self, username, password):
if self.interface == 'jenkins-admin':
data = {
'j_username': username,
'j_password': password,
'Submit': 'Sign+in',
}
r = Requester.post(self.action_url, data)
return ('name="j_password"' not in r.text)
else:
raise AuthException('No auth interface found during initialization')
def try_auth(self, username, password):
if self.interface == 'axis2-admin':
data = {
'userName': username,
'password': password,
'submit': '+Login+',
}
r = Requester.post(self.interface_url, data)
return (r.status_code == 200 and 'name="password"' not in r.text)
else:
raise AuthException('No auth interface found during initialization')
def try_auth(self, username, password):
if self.interface == 'weblogic-admin':
data = {
'j_username': username,
'j_password': password,
'j_character_encoding': 'UTF-8',
}
r = Requester.post(self.interface_url, data)
return ('name="j_password"' not in r.text)
else:
raise AuthException(
'No auth interface found during initialization')
def try_auth(self, username, password):
# If anti-CSRF token might be present, reload the page before every attempt
# and re-extract form fields
if self.has_csrftoken:
r = Requester.get(self.url)
self.cookies = r.cookies
soup = BeautifulSoup(r.text, 'html.parser')
try:
target_form = soup.find_all('form')[self.form_number]
except:
raise AuthException(
'Problem occured when reloading page. Maybe some WAF/Protection '
'is blocking us ?')
self.parameters = self.__extract_form_fields(target_form)
if self.password_field not in self.parameters.keys() \
or (self.username_field and self.username_field not in self.parameters.keys()):
raise AuthException(
'Problem occured when reloading page. Maybe some WAF/Protection '
'is blocking us ?')
# Send authentication request
if self.username_field:
self.parameters[self.username_field] = username
self.parameters[self.password_field] = password
if self.method == 'GET':
r = Requester.get(self.action_url,
params=self.parameters,
cookies=self.cookies)
else:
r = Requester.post(self.action_url,
data=self.parameters,
cookies=self.cookies)
if self.verbose:
logger.info('Raw HTTP Request/Response:')
data = dump.dump_all(r)
print(data.decode('utf-8'))
# Check authentication status
# HTTP response code check
if r.status_code >= 400:
return False
# Check if response page contains password field
soup = BeautifulSoup(r.text, 'html.parser')
input_password = soup.find('input',
attrs={'name': self.password_field})
if input_password:
return False
# Heuristic check of failed attemps based on possible error messages
if re.search(
'(username\s+or\s+password|cannot\s+log\s*in|unauthorized'
'|auth(entication)?\s+fail|(invalid|wrong)\s+(cred|user|login|mail|email|e-mail|pass)'
'|error\s+during\s+(login|auth))', r.text, re.IGNORECASE):
return False
# Heuristic check of successful attempt based on page content
if re.search('(log\s*out|log\s*off|deconn?e|disconn?ec)', r.text,
re.IGNORECASE):
return True
# Heuristic check of account lockout based on possible error messages
if re.search(
'(too\s+many\s+(failed)?\s*(attempt|try|tri)|account\s+(lock|block))',
r.text, re.IGNORECASE):
return False
# Heuristic check based on source code difference with original page
s = difflib.SequenceMatcher(None, self.page_html, r.text)
return (s.quick_ratio() < 0.60)
