Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Gitlab login scanner ignoring user and pass (#18831) #19381

Merged
merged 3 commits into from
Aug 30, 2024
Merged

Fix Gitlab login scanner ignoring user and pass (#18831) #19381

merged 3 commits into from
Aug 30, 2024

Conversation

Takahiro-Yoko
Copy link
Contributor

@Takahiro-Yoko Takahiro-Yoko commented Aug 12, 2024
edited
Loading

fixes #18831
(and rubocop formatting and add doc)

Before

HttpUsername, USERNAME, HttpPassword and PASSWORD options exist.
HttpUsername and HttpPassword are used.
USERNAME and PASSWORD are not used.

After

Remove HttpUsername and HttpPassword.
Use USERNAME and PASSWORD instead.

Verification

  1. Install GitLab and start it
  2. Start msfconsole
  3. Do: use auxiliary/scanner/http/gitlab_login
  4. Do: set rhosts
  5. Do: set usernames and passwords via the username and password options, or pass a list via user_file and pass_file options
  6. Do: run

Result

fix

@Takahiro-Yoko Takahiro-Yoko mentioned this pull request Aug 28, 2024
Closed
@jheysel-r7 jheysel-r7 self-assigned this Aug 30, 2024
@jheysel-r7
Copy link
Contributor

Thanks for the fix, the documentation file and for running rubocop @Takahiro-Yoko! Everything looks great 👍

Before

HttpUsername and HttpPassword are used:

msf6 auxiliary(scanner/http/gitlab_login) > set HttpUsername msfuser
HttpUsername => msfuser
msf6 auxiliary(scanner/http/gitlab_login) > set HttpPassword notpassword
HttpPassword => notpassword
msf6 auxiliary(scanner/http/gitlab_login) > set rhost 127.0.0.1
rhost => 127.0.0.1
msf6 auxiliary(scanner/http/gitlab_login) > set rport 1680
rport => 1680
msf6 auxiliary(scanner/http/gitlab_login) > run

[*] 127.0.0.1:1680 - GitLab v7 login page
[!] No active DB -- Credential data will not be saved!
[+] 127.0.0.1:1680 - Login Successful: msfuser:notpassword
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

After

username and password are used

msf6 auxiliary(scanner/http/gitlab_login) > set username msfuser
username => msfuser
msf6 auxiliary(scanner/http/gitlab_login) > set password notpassword
password => notpassword
msf6 auxiliary(scanner/http/gitlab_login) > run

[*] 127.0.0.1:1680 - GitLab v7 login page
[!] No active DB -- Credential data will not be saved!
[+] 127.0.0.1:1680 - Login Successful: msfuser:notpassword
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

user_file and pass_file work as expected:

msf6 auxiliary(scanner/http/gitlab_login) > unset password
Unsetting password...
msf6 auxiliary(scanner/http/gitlab_login) > unset username
Unsetting username...
msf6 auxiliary(scanner/http/gitlab_login) > set user_file ~/tmp/users.txt
user_file => ~/tmp/users.txt
msf6 auxiliary(scanner/http/gitlab_login) > set pass_file ~/tmp/passwords.txt
pass_file => ~/tmp/passwords.txt
msf6 auxiliary(scanner/http/gitlab_login) > run

[-] Msf::OptionValidateError One or more options failed to validate: USER_FILE, PASS_FILE.
msf6 auxiliary(scanner/http/gitlab_login) > run

[*] 127.0.0.1:1680 - GitLab v7 login page
[!] No active DB -- Credential data will not be saved!
[-] 127.0.0.1:1680 - LOGIN FAILED: user:password (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: user:mydogsname (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: user:test123 (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: user:derp (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: user:notpassword (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: derp:password (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: derp:mydogsname (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: derp:test123 (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: derp:derp (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: derp:notpassword (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: bichael:password (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: bichael:mydogsname (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: bichael:test123 (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: bichael:derp (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: bichael:notpassword (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: mrtest:password (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: mrtest:mydogsname (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: mrtest:test123 (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: mrtest:derp (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: mrtest:notpassword (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: msfuser:password (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: msfuser:mydogsname (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: msfuser:test123 (Incorrect)
[-] 127.0.0.1:1680 - LOGIN FAILED: msfuser:derp (Incorrect)
[+] 127.0.0.1:1680 - Login Successful: msfuser:notpassword
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

@jheysel-r7 jheysel-r7 merged commit f951f25 into rapid7:master Aug 30, 2024
39 checks passed
@jheysel-r7 jheysel-r7 added the rn-fix release notes fix label Aug 30, 2024
@jheysel-r7
Copy link
Contributor

Release Notes

This fixes the gitlab_login scanner so that it uses the proper datastore options Username and Password which are the standard for login scanners. Before this fix the scanner was using HttpUsername and HttpPassword and ignoring the datastore options Username and Password

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jheysel-r7 jheysel-r7

Labels
rn-fix release notes fix
Projects
Metasploit Kanban
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Gitlab login scanner ignoring user and pass files.
2 participants
@Takahiro-Yoko @jheysel-r7