dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Land #4057 - Bring back TCP::max_send_size and TCP::send_delay options 

Fix #3967
This commit is contained in:
sinn3r 2014-10-22 16:23:15 -05:00
parent e479a6308c 0ea03c00a5
commit 42cd288bc0
No known key found for this signature in database
GPG Key ID: 2384DB4EF06F730B
31 changed files with 139 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/metasploit/framework/ftp/client.rb
View File

@ -4,6 +4,7 @@ module Metasploit
module Framework
module Ftp
module Client
extend ActiveSupport::Concern
include Metasploit::Framework::Tcp::Client
#

10
lib/metasploit/framework/login_scanner/base.rb
View File

@ -88,6 +88,7 @@ module Metasploit
def each_credential
cred_details.each do |raw_cred|
# This could be a Credential object, or a Credential Core, or an Attempt object
# so make sure that whatever it is, we end up with a Credential.
credential = raw_cred.to_credential
@ -101,6 +102,11 @@ module Metasploit
credential.realm_key = self.class::REALM_KEY
yield credential
elsif credential.realm.blank? && self.class::REALM_KEY.present? && self.class::DEFAULT_REALM.present?
# XXX: This is messing up the display for mssql when not using
# Windows authentication, e.g.:
# [+] 10.0.0.53:1433 - LOGIN SUCCESSFUL: WORKSTATION\sa:msfadmin
# Realm gets ignored in that case, so it still functions, it
# just gives the user bogus info
credential.realm_key = self.class::REALM_KEY
credential.realm = self.class::DEFAULT_REALM
yield credential
@ -144,8 +150,10 @@ module Metasploit
successful_users = Set.new
each_credential do |credential|
# For Pro bruteforce Reuse and Guess we need to note that we skipped an attempt.
# Skip users for whom we've have already found a password
if successful_users.include?(credential.public)
# For Pro bruteforce Reuse and Guess we need to note that we
# skipped an attempt.
if credential.parent.respond_to?(:skipped)
credential.parent.skipped = true
credential.parent.save!

2
lib/metasploit/framework/login_scanner/http.rb
View File

@ -139,8 +139,6 @@ module Metasploit
# like timeouts and TCP evasion options
def set_sane_defaults
self.connection_timeout ||= 20
self.max_send_size = 0 if self.max_send_size.nil?
self.send_delay = 0 if self.send_delay.nil?
self.uri = '/' if self.uri.blank?
self.method = 'GET' if self.method.blank?

21
lib/metasploit/framework/login_scanner/rex_socket.rb
View File

@ -12,12 +12,6 @@ module Metasploit
included do
# @!attribute max_send_size
# @return [Fixnum] The max size of the data to encapsulate in a single packet
attr_accessor :max_send_size
# @!attribute send_delay
# @return [Fixnum] The delay between sending packets
attr_accessor :send_delay
# @!attribute ssl
# @return [Boolean] Whether the socket should use ssl
attr_accessor :ssl
@ -25,21 +19,6 @@ module Metasploit
# @return [String] The version of SSL to implement
attr_accessor :ssl_version
validates :max_send_size,
presence: true,
numericality: {
only_integer: true,
greater_than_or_equal_to: 0
}
validates :send_delay,
presence: true,
numericality: {
only_integer: true,
greater_than_or_equal_to: 0
}
private
def chost

4
lib/metasploit/framework/login_scanner/telnet.rb
View File

@ -105,12 +105,12 @@ module Metasploit
# like timeouts and TCP evasion options
def set_sane_defaults
self.connection_timeout ||= 30
self.max_send_size ||= 0
self.port ||= DEFAULT_PORT
self.send_delay ||= 0
self.banner_timeout ||= 25
self.telnet_timeout ||= 10
self.connection_timeout ||= 30
self.max_send_size ||= 0
self.send_delay ||= 0
# Shim to set up the ivars from the old Login mixin
create_login_ivars
end

3
lib/metasploit/framework/login_scanner/vnc.rb
View File

@ -56,7 +56,6 @@ module Metasploit
# Create our VNC client overtop of the socket
vnc = Rex::Proto::RFB::Client.new(sock, :allow_none => false)
if vnc.handshake
if vnc_auth(vnc,credential.private)
result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL
@ -77,6 +76,8 @@ module Metasploit
proof: e.message,
status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
)
ensure
disconnect
end
::Metasploit::Framework::LoginScanner::Result.new(result_options)

3
lib/metasploit/framework/mssql/client.rb
View File

@ -5,6 +5,7 @@ module Metasploit
module MSSQL
module Client
extend ActiveSupport::Concern
include Metasploit::Framework::Tcp::Client
NTLM_CRYPT = Rex::Proto::NTLM::Crypt
@ -725,4 +726,4 @@ module Metasploit
end
end
end
end

36
lib/metasploit/framework/tcp/client.rb
View File

@ -40,6 +40,33 @@ module Metasploit
module Client
extend ActiveSupport::Concern
# @!attribute max_send_size
# @return [Fixnum] The max size of the data to encapsulate in a single packet
attr_accessor :max_send_size
# @!attribute send_delay
# @return [Fixnum] The delay between sending packets
attr_accessor :send_delay
included do
include ActiveModel::Validations
validates :max_send_size,
presence: true,
numericality: {
only_integer: true,
greater_than_or_equal_to: 0
}
validates :send_delay,
presence: true,
numericality: {
only_integer: true,
greater_than_or_equal_to: 0
}
end
#
# Establishes a TCP connection to the specified RHOST/RPORT
#
@ -64,7 +91,6 @@ module Metasploit
'Proxies' => proxies,
'Timeout' => (opts['ConnectTimeout'] || connection_timeout || 10).to_i
)
# enable evasions on this socket
set_tcp_evasions(nsock)
@ -121,14 +147,6 @@ module Metasploit
#
##
def max_send_size
raise NotImplementedError
end
def send_delay
raise NotImplementedError
end
#
# Returns the target host
#

3
lib/metasploit/framework/telnet/client.rb
View File

@ -4,6 +4,7 @@ module Metasploit
module Framework
module Telnet
module Client
extend ActiveSupport::Concern
include Metasploit::Framework::Tcp::Client
include Msf::Auxiliary::Login
@ -216,4 +217,4 @@ module Metasploit
end
end
end
end
end

4
modules/auxiliary/scanner/afp/afp_login.rb
View File

@ -63,7 +63,9 @@ class Metasploit3 < Msf::Auxiliary
proxies: datastore['PROXIES'],
cred_details: cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
connection_timeout: 30
connection_timeout: 30,
max_send_size: datastore['TCP::max_send_size'],
send_delay: datastore['TCP::send_delay'],
)
scanner.scan! do |result|

4
modules/auxiliary/scanner/db2/db2_auth.rb
View File

@ -61,7 +61,9 @@ class Metasploit3 < Msf::Auxiliary
proxies: datastore['PROXIES'],
cred_details: cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
connection_timeout: 30
connection_timeout: 30,
max_send_size: datastore['TCP::max_send_size'],
send_delay: datastore['TCP::send_delay'],
)
scanner.scan! do |result|

2
modules/auxiliary/scanner/ftp/ftp_login.rb
View File

@ -75,6 +75,8 @@ class Metasploit3 < Msf::Auxiliary
proxies: datastore['PROXIES'],
cred_details: cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
max_send_size: datastore['TCP::max_send_size'],
send_delay: datastore['TCP::send_delay'],
connection_timeout: 30
)

6
modules/auxiliary/scanner/mysql/mysql_login.rb
View File

@ -60,7 +60,9 @@ class Metasploit3 < Msf::Auxiliary
proxies: datastore['PROXIES'],
cred_details: cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
connection_timeout: 30
connection_timeout: 30,
max_send_size: datastore['TCP::max_send_size'],
send_delay: datastore['TCP::send_delay'],
)
scanner.scan! do |result|
@ -74,7 +76,7 @@ class Metasploit3 < Msf::Auxiliary
credential_data[:core] = credential_core
create_credential_login(credential_data)
print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}"
print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"
else
invalidate_login(credential_data)
vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"

2
modules/auxiliary/scanner/pop3/pop3_login.rb
View File

@ -71,6 +71,8 @@ class Metasploit3 < Msf::Auxiliary
ssl: datastore['SSL'],
cred_details: cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
max_send_size: datastore['TCP::max_send_size'],
send_delay: datastore['TCP::send_delay'],
)
scanner.scan! do |result|

2
modules/auxiliary/scanner/smb/smb_login.rb
View File

@ -74,6 +74,8 @@ class Metasploit3 < Msf::Auxiliary
port: rport,
stop_on_success: datastore['STOP_ON_SUCCESS'],
connection_timeout: 5,
max_send_size: datastore['TCP::max_send_size'],
send_delay: datastore['TCP::send_delay'],
)
bogus_result = @scanner.attempt_bogus_login(domain)

5
modules/auxiliary/scanner/telnet/telnet_login.rb
View File

@ -7,7 +7,6 @@ require 'msf/core'
require 'metasploit/framework/credential_collection'
require 'metasploit/framework/login_scanner/telnet'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Telnet
@ -27,7 +26,7 @@ class Metasploit3 < Msf::Auxiliary
logins and hosts so you can track your access.
},
'Author' => 'egypt',
'References' =>
'References' =>
[
[ 'CVE', '1999-0502'] # Weak password
],
@ -66,6 +65,8 @@ class Metasploit3 < Msf::Auxiliary
cred_details: cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
connection_timeout: datastore['Timeout'],
max_send_size: datastore['TCP::max_send_size'],
send_delay: datastore['TCP::send_delay'],
banner_timeout: datastore['TelnetBannerTimeout'],
telnet_timeout: datastore['TelnetTimeout']
)

4
modules/auxiliary/scanner/vmware/vmauthd_login.rb
View File

@ -72,7 +72,9 @@ class Metasploit3 < Msf::Auxiliary
proxies: datastore['PROXIES'],
cred_details: cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
connection_timeout: 30
connection_timeout: 30,
max_send_size: datastore['TCP::max_send_size'],
send_delay: datastore['TCP::send_delay'],
)
scanner.scan! do |result|

4
modules/auxiliary/scanner/vnc/vnc_login.rb
View File

@ -77,7 +77,9 @@ class Metasploit3 < Msf::Auxiliary
proxies: datastore['PROXIES'],
cred_details: cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
connection_timeout: datastore['ConnectTimeout']
connection_timeout: datastore['ConnectTimeout'],
max_send_size: datastore['TCP::max_send_size'],
send_delay: datastore['TCP::send_delay'],
)
scanner.scan! do |result|

1
spec/lib/metasploit/framework/login_scanner/afp_spec.rb
View File

@ -8,6 +8,7 @@ describe Metasploit::Framework::LoginScanner::AFP do
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: false, has_default_realm: false
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
it_behaves_like 'Metasploit::Framework::Tcp::Client'
it { should respond_to :login_timeout }

1
spec/lib/metasploit/framework/login_scanner/db2_spec.rb
View File

@ -11,6 +11,7 @@ describe Metasploit::Framework::LoginScanner::DB2 do
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: true, has_default_realm: true
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
it_behaves_like 'Metasploit::Framework::Tcp::Client'
context '#attempt_login' do

1
spec/lib/metasploit/framework/login_scanner/ftp_spec.rb
View File

@ -47,6 +47,7 @@ describe Metasploit::Framework::LoginScanner::FTP do
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: false, has_default_realm: false
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
it_behaves_like 'Metasploit::Framework::Tcp::Client'

2
spec/lib/metasploit/framework/login_scanner/ipboard_spec.rb
View File

@ -119,4 +119,4 @@ describe Metasploit::Framework::LoginScanner::IPBoard do
end
end
end

1
spec/lib/metasploit/framework/login_scanner/mssql_spec.rb
View File

@ -35,6 +35,7 @@ describe Metasploit::Framework::LoginScanner::MSSQL do
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: true, has_default_realm: true
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
it_behaves_like 'Metasploit::Framework::LoginScanner::NTLM'
it_behaves_like 'Metasploit::Framework::Tcp::Client'
it { should respond_to :windows_authentication }

1
spec/lib/metasploit/framework/login_scanner/pop3_spec.rb
View File

@ -6,6 +6,7 @@ describe Metasploit::Framework::LoginScanner::POP3 do
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: false, has_default_realm: false
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
it_behaves_like 'Metasploit::Framework::Tcp::Client'
context "#attempt_login" do

1
spec/lib/metasploit/framework/login_scanner/smb_spec.rb
View File

@ -35,6 +35,7 @@ describe Metasploit::Framework::LoginScanner::SMB do
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: true, has_default_realm: true
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
it_behaves_like 'Metasploit::Framework::LoginScanner::NTLM'
it_behaves_like 'Metasploit::Framework::Tcp::Client'
it { should respond_to :smb_chunk_size }
it { should respond_to :smb_name }

1
spec/lib/metasploit/framework/login_scanner/telnet_spec.rb
View File

@ -7,6 +7,7 @@ describe Metasploit::Framework::LoginScanner::Telnet do
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: false, has_default_realm: false
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
it_behaves_like 'Metasploit::Framework::Tcp::Client'
it { should respond_to :banner_timeout }
it { should respond_to :telnet_timeout }

1
spec/lib/metasploit/framework/login_scanner/vmauthd_spec.rb
View File

@ -6,6 +6,7 @@ describe Metasploit::Framework::LoginScanner::VMAUTHD do
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: false, has_default_realm: false
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
it_behaves_like 'Metasploit::Framework::Tcp::Client'
context "#attempt_login" do

1
spec/lib/metasploit/framework/login_scanner/vnc_spec.rb
View File

@ -14,6 +14,7 @@ describe Metasploit::Framework::LoginScanner::VNC do
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: false, has_default_realm: false
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
it_behaves_like 'Metasploit::Framework::Tcp::Client'
context '#attempt_login' do

2
spec/lib/metasploit/framework/login_scanner/wordpress_rpc_spec.rb
View File

@ -8,4 +8,4 @@ describe Metasploit::Framework::LoginScanner::WordpressRPC do
it_behaves_like 'Metasploit::Framework::LoginScanner::HTTP'
end
end

53
spec/support/shared/examples/metasploit/framework/login_scanner/rex_socket.rb
View File

@ -1,60 +1,7 @@
shared_examples_for 'Metasploit::Framework::LoginScanner::RexSocket' do
subject(:login_scanner) { described_class.new }
it { should respond_to :send_delay }
it { should respond_to :max_send_size }
it { should respond_to :ssl }
it { should respond_to :ssl_version }
context 'send_delay' do
it 'is not valid for a non-number' do
login_scanner.send_delay = "a"
expect(login_scanner).to_not be_valid
expect(login_scanner.errors[:send_delay]).to include "is not a number"
end
it 'is not valid for a floating point' do
login_scanner.send_delay = 5.76
expect(login_scanner).to_not be_valid
expect(login_scanner.errors[:send_delay]).to include "must be an integer"
end
it 'is not valid for a negative number' do
login_scanner.send_delay = -8
expect(login_scanner).to_not be_valid
expect(login_scanner.errors[:send_delay]).to include "must be greater than or equal to 0"
end
it 'is valid for a legitimate number' do
login_scanner.send_delay = rand(1000) + 1
expect(login_scanner.errors[:send_delay]).to be_empty
end
end
context 'max_send_size' do
it 'is not valid for a non-number' do
login_scanner.max_send_size = "a"
expect(login_scanner).to_not be_valid
expect(login_scanner.errors[:max_send_size]).to include "is not a number"
end
it 'is not valid for a floating point' do
login_scanner.max_send_size = 5.76
expect(login_scanner).to_not be_valid
expect(login_scanner.errors[:max_send_size]).to include "must be an integer"
end
it 'is not valid for a negative number' do
login_scanner.max_send_size = -8
expect(login_scanner).to_not be_valid
expect(login_scanner.errors[:max_send_size]).to include "must be greater than or equal to 0"
end
it 'is valid for a legitimate number' do
login_scanner.max_send_size = rand(1000) + 1
expect(login_scanner.errors[:max_send_size]).to be_empty
end
end
end

58
spec/support/shared/examples/metasploit/framework/tcp/client.rb Normal file
View File

@ -0,0 +1,58 @@
shared_examples_for 'Metasploit::Framework::Tcp::Client' do
subject(:login_scanner) { described_class.new }
it { should respond_to :send_delay }
it { should respond_to :max_send_size }
context 'send_delay' do
it 'is not valid for a non-number' do
login_scanner.send_delay = "a"
expect(login_scanner).to_not be_valid
expect(login_scanner.errors[:send_delay]).to include "is not a number"
end
it 'is not valid for a floating point' do
login_scanner.send_delay = 5.76
expect(login_scanner).to_not be_valid
expect(login_scanner.errors[:send_delay]).to include "must be an integer"
end
it 'is not valid for a negative number' do
login_scanner.send_delay = -8
expect(login_scanner).to_not be_valid
expect(login_scanner.errors[:send_delay]).to include "must be greater than or equal to 0"
end
it 'is valid for a legitimate number' do
login_scanner.send_delay = rand(1000) + 1
expect(login_scanner.errors[:send_delay]).to be_empty
end
end
context 'max_send_size' do
it 'is not valid for a non-number' do
login_scanner.max_send_size = "a"
expect(login_scanner).to_not be_valid
expect(login_scanner.errors[:max_send_size]).to include "is not a number"
end
it 'is not valid for a floating point' do
login_scanner.max_send_size = 5.76
expect(login_scanner).to_not be_valid
expect(login_scanner.errors[:max_send_size]).to include "must be an integer"
end
it 'is not valid for a negative number' do
login_scanner.max_send_size = -8
expect(login_scanner).to_not be_valid
expect(login_scanner.errors[:max_send_size]).to include "must be greater than or equal to 0"
end
it 'is valid for a legitimate number' do
login_scanner.max_send_size = rand(1000) + 1
expect(login_scanner.errors[:max_send_size]).to be_empty
end
end
end