Land #4057 - Bring back TCP::max_send_size and TCP::send_delay options
Fix #3967
This commit is contained in:
commit
42cd288bc0
|
@ -4,6 +4,7 @@ module Metasploit
|
|||
module Framework
|
||||
module Ftp
|
||||
module Client
|
||||
extend ActiveSupport::Concern
|
||||
include Metasploit::Framework::Tcp::Client
|
||||
|
||||
#
|
||||
|
|
|
@ -88,6 +88,7 @@ module Metasploit
|
|||
|
||||
def each_credential
|
||||
cred_details.each do |raw_cred|
|
||||
|
||||
# This could be a Credential object, or a Credential Core, or an Attempt object
|
||||
# so make sure that whatever it is, we end up with a Credential.
|
||||
credential = raw_cred.to_credential
|
||||
|
@ -101,6 +102,11 @@ module Metasploit
|
|||
credential.realm_key = self.class::REALM_KEY
|
||||
yield credential
|
||||
elsif credential.realm.blank? && self.class::REALM_KEY.present? && self.class::DEFAULT_REALM.present?
|
||||
# XXX: This is messing up the display for mssql when not using
|
||||
# Windows authentication, e.g.:
|
||||
# [+] 10.0.0.53:1433 - LOGIN SUCCESSFUL: WORKSTATION\sa:msfadmin
|
||||
# Realm gets ignored in that case, so it still functions, it
|
||||
# just gives the user bogus info
|
||||
credential.realm_key = self.class::REALM_KEY
|
||||
credential.realm = self.class::DEFAULT_REALM
|
||||
yield credential
|
||||
|
@ -144,8 +150,10 @@ module Metasploit
|
|||
successful_users = Set.new
|
||||
|
||||
each_credential do |credential|
|
||||
# For Pro bruteforce Reuse and Guess we need to note that we skipped an attempt.
|
||||
# Skip users for whom we've have already found a password
|
||||
if successful_users.include?(credential.public)
|
||||
# For Pro bruteforce Reuse and Guess we need to note that we
|
||||
# skipped an attempt.
|
||||
if credential.parent.respond_to?(:skipped)
|
||||
credential.parent.skipped = true
|
||||
credential.parent.save!
|
||||
|
|
|
@ -139,8 +139,6 @@ module Metasploit
|
|||
# like timeouts and TCP evasion options
|
||||
def set_sane_defaults
|
||||
self.connection_timeout ||= 20
|
||||
self.max_send_size = 0 if self.max_send_size.nil?
|
||||
self.send_delay = 0 if self.send_delay.nil?
|
||||
self.uri = '/' if self.uri.blank?
|
||||
self.method = 'GET' if self.method.blank?
|
||||
|
||||
|
|
|
@ -12,12 +12,6 @@ module Metasploit
|
|||
|
||||
included do
|
||||
|
||||
# @!attribute max_send_size
|
||||
# @return [Fixnum] The max size of the data to encapsulate in a single packet
|
||||
attr_accessor :max_send_size
|
||||
# @!attribute send_delay
|
||||
# @return [Fixnum] The delay between sending packets
|
||||
attr_accessor :send_delay
|
||||
# @!attribute ssl
|
||||
# @return [Boolean] Whether the socket should use ssl
|
||||
attr_accessor :ssl
|
||||
|
@ -25,21 +19,6 @@ module Metasploit
|
|||
# @return [String] The version of SSL to implement
|
||||
attr_accessor :ssl_version
|
||||
|
||||
validates :max_send_size,
|
||||
presence: true,
|
||||
numericality: {
|
||||
only_integer: true,
|
||||
greater_than_or_equal_to: 0
|
||||
}
|
||||
|
||||
validates :send_delay,
|
||||
presence: true,
|
||||
numericality: {
|
||||
only_integer: true,
|
||||
greater_than_or_equal_to: 0
|
||||
}
|
||||
|
||||
|
||||
private
|
||||
|
||||
def chost
|
||||
|
|
|
@ -105,12 +105,12 @@ module Metasploit
|
|||
# like timeouts and TCP evasion options
|
||||
def set_sane_defaults
|
||||
self.connection_timeout ||= 30
|
||||
self.max_send_size ||= 0
|
||||
self.port ||= DEFAULT_PORT
|
||||
self.send_delay ||= 0
|
||||
self.banner_timeout ||= 25
|
||||
self.telnet_timeout ||= 10
|
||||
self.connection_timeout ||= 30
|
||||
self.max_send_size ||= 0
|
||||
self.send_delay ||= 0
|
||||
# Shim to set up the ivars from the old Login mixin
|
||||
create_login_ivars
|
||||
end
|
||||
|
|
|
@ -56,7 +56,6 @@ module Metasploit
|
|||
# Create our VNC client overtop of the socket
|
||||
vnc = Rex::Proto::RFB::Client.new(sock, :allow_none => false)
|
||||
|
||||
|
||||
if vnc.handshake
|
||||
if vnc_auth(vnc,credential.private)
|
||||
result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL
|
||||
|
@ -77,6 +76,8 @@ module Metasploit
|
|||
proof: e.message,
|
||||
status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
|
||||
)
|
||||
ensure
|
||||
disconnect
|
||||
end
|
||||
|
||||
::Metasploit::Framework::LoginScanner::Result.new(result_options)
|
||||
|
|
|
@ -5,6 +5,7 @@ module Metasploit
|
|||
module MSSQL
|
||||
|
||||
module Client
|
||||
extend ActiveSupport::Concern
|
||||
include Metasploit::Framework::Tcp::Client
|
||||
|
||||
NTLM_CRYPT = Rex::Proto::NTLM::Crypt
|
||||
|
@ -725,4 +726,4 @@ module Metasploit
|
|||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -40,6 +40,33 @@ module Metasploit
|
|||
|
||||
module Client
|
||||
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
# @!attribute max_send_size
|
||||
# @return [Fixnum] The max size of the data to encapsulate in a single packet
|
||||
attr_accessor :max_send_size
|
||||
# @!attribute send_delay
|
||||
# @return [Fixnum] The delay between sending packets
|
||||
attr_accessor :send_delay
|
||||
|
||||
included do
|
||||
include ActiveModel::Validations
|
||||
validates :max_send_size,
|
||||
presence: true,
|
||||
numericality: {
|
||||
only_integer: true,
|
||||
greater_than_or_equal_to: 0
|
||||
}
|
||||
|
||||
validates :send_delay,
|
||||
presence: true,
|
||||
numericality: {
|
||||
only_integer: true,
|
||||
greater_than_or_equal_to: 0
|
||||
}
|
||||
|
||||
end
|
||||
|
||||
#
|
||||
# Establishes a TCP connection to the specified RHOST/RPORT
|
||||
#
|
||||
|
@ -64,7 +91,6 @@ module Metasploit
|
|||
'Proxies' => proxies,
|
||||
'Timeout' => (opts['ConnectTimeout'] || connection_timeout || 10).to_i
|
||||
)
|
||||
|
||||
# enable evasions on this socket
|
||||
set_tcp_evasions(nsock)
|
||||
|
||||
|
@ -121,14 +147,6 @@ module Metasploit
|
|||
#
|
||||
##
|
||||
|
||||
def max_send_size
|
||||
raise NotImplementedError
|
||||
end
|
||||
|
||||
def send_delay
|
||||
raise NotImplementedError
|
||||
end
|
||||
|
||||
#
|
||||
# Returns the target host
|
||||
#
|
||||
|
|
|
@ -4,6 +4,7 @@ module Metasploit
|
|||
module Framework
|
||||
module Telnet
|
||||
module Client
|
||||
extend ActiveSupport::Concern
|
||||
include Metasploit::Framework::Tcp::Client
|
||||
include Msf::Auxiliary::Login
|
||||
|
||||
|
@ -216,4 +217,4 @@ module Metasploit
|
|||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -63,7 +63,9 @@ class Metasploit3 < Msf::Auxiliary
|
|||
proxies: datastore['PROXIES'],
|
||||
cred_details: cred_collection,
|
||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||
connection_timeout: 30
|
||||
connection_timeout: 30,
|
||||
max_send_size: datastore['TCP::max_send_size'],
|
||||
send_delay: datastore['TCP::send_delay'],
|
||||
)
|
||||
|
||||
scanner.scan! do |result|
|
||||
|
|
|
@ -61,7 +61,9 @@ class Metasploit3 < Msf::Auxiliary
|
|||
proxies: datastore['PROXIES'],
|
||||
cred_details: cred_collection,
|
||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||
connection_timeout: 30
|
||||
connection_timeout: 30,
|
||||
max_send_size: datastore['TCP::max_send_size'],
|
||||
send_delay: datastore['TCP::send_delay'],
|
||||
)
|
||||
|
||||
scanner.scan! do |result|
|
||||
|
|
|
@ -75,6 +75,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
proxies: datastore['PROXIES'],
|
||||
cred_details: cred_collection,
|
||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||
max_send_size: datastore['TCP::max_send_size'],
|
||||
send_delay: datastore['TCP::send_delay'],
|
||||
connection_timeout: 30
|
||||
)
|
||||
|
||||
|
|
|
@ -60,7 +60,9 @@ class Metasploit3 < Msf::Auxiliary
|
|||
proxies: datastore['PROXIES'],
|
||||
cred_details: cred_collection,
|
||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||
connection_timeout: 30
|
||||
connection_timeout: 30,
|
||||
max_send_size: datastore['TCP::max_send_size'],
|
||||
send_delay: datastore['TCP::send_delay'],
|
||||
)
|
||||
|
||||
scanner.scan! do |result|
|
||||
|
@ -74,7 +76,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
credential_data[:core] = credential_core
|
||||
create_credential_login(credential_data)
|
||||
|
||||
print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}"
|
||||
print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"
|
||||
else
|
||||
invalidate_login(credential_data)
|
||||
vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
|
||||
|
|
|
@ -71,6 +71,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
ssl: datastore['SSL'],
|
||||
cred_details: cred_collection,
|
||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||
max_send_size: datastore['TCP::max_send_size'],
|
||||
send_delay: datastore['TCP::send_delay'],
|
||||
)
|
||||
|
||||
scanner.scan! do |result|
|
||||
|
|
|
@ -74,6 +74,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
port: rport,
|
||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||
connection_timeout: 5,
|
||||
max_send_size: datastore['TCP::max_send_size'],
|
||||
send_delay: datastore['TCP::send_delay'],
|
||||
)
|
||||
|
||||
bogus_result = @scanner.attempt_bogus_login(domain)
|
||||
|
|
|
@ -7,7 +7,6 @@ require 'msf/core'
|
|||
require 'metasploit/framework/credential_collection'
|
||||
require 'metasploit/framework/login_scanner/telnet'
|
||||
|
||||
|
||||
class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
include Msf::Exploit::Remote::Telnet
|
||||
|
@ -27,7 +26,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
logins and hosts so you can track your access.
|
||||
},
|
||||
'Author' => 'egypt',
|
||||
'References' =>
|
||||
'References' =>
|
||||
[
|
||||
[ 'CVE', '1999-0502'] # Weak password
|
||||
],
|
||||
|
@ -66,6 +65,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
cred_details: cred_collection,
|
||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||
connection_timeout: datastore['Timeout'],
|
||||
max_send_size: datastore['TCP::max_send_size'],
|
||||
send_delay: datastore['TCP::send_delay'],
|
||||
banner_timeout: datastore['TelnetBannerTimeout'],
|
||||
telnet_timeout: datastore['TelnetTimeout']
|
||||
)
|
||||
|
|
|
@ -72,7 +72,9 @@ class Metasploit3 < Msf::Auxiliary
|
|||
proxies: datastore['PROXIES'],
|
||||
cred_details: cred_collection,
|
||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||
connection_timeout: 30
|
||||
connection_timeout: 30,
|
||||
max_send_size: datastore['TCP::max_send_size'],
|
||||
send_delay: datastore['TCP::send_delay'],
|
||||
)
|
||||
|
||||
scanner.scan! do |result|
|
||||
|
|
|
@ -77,7 +77,9 @@ class Metasploit3 < Msf::Auxiliary
|
|||
proxies: datastore['PROXIES'],
|
||||
cred_details: cred_collection,
|
||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||
connection_timeout: datastore['ConnectTimeout']
|
||||
connection_timeout: datastore['ConnectTimeout'],
|
||||
max_send_size: datastore['TCP::max_send_size'],
|
||||
send_delay: datastore['TCP::send_delay'],
|
||||
)
|
||||
|
||||
scanner.scan! do |result|
|
||||
|
|
|
@ -8,6 +8,7 @@ describe Metasploit::Framework::LoginScanner::AFP do
|
|||
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: false, has_default_realm: false
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
|
||||
it_behaves_like 'Metasploit::Framework::Tcp::Client'
|
||||
|
||||
it { should respond_to :login_timeout }
|
||||
|
||||
|
|
|
@ -11,6 +11,7 @@ describe Metasploit::Framework::LoginScanner::DB2 do
|
|||
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: true, has_default_realm: true
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
|
||||
it_behaves_like 'Metasploit::Framework::Tcp::Client'
|
||||
|
||||
context '#attempt_login' do
|
||||
|
||||
|
|
|
@ -47,6 +47,7 @@ describe Metasploit::Framework::LoginScanner::FTP do
|
|||
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: false, has_default_realm: false
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
|
||||
it_behaves_like 'Metasploit::Framework::Tcp::Client'
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -119,4 +119,4 @@ describe Metasploit::Framework::LoginScanner::IPBoard do
|
|||
end
|
||||
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -35,6 +35,7 @@ describe Metasploit::Framework::LoginScanner::MSSQL do
|
|||
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: true, has_default_realm: true
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::NTLM'
|
||||
it_behaves_like 'Metasploit::Framework::Tcp::Client'
|
||||
|
||||
it { should respond_to :windows_authentication }
|
||||
|
||||
|
|
|
@ -6,6 +6,7 @@ describe Metasploit::Framework::LoginScanner::POP3 do
|
|||
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: false, has_default_realm: false
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
|
||||
it_behaves_like 'Metasploit::Framework::Tcp::Client'
|
||||
|
||||
context "#attempt_login" do
|
||||
|
||||
|
|
|
@ -35,6 +35,7 @@ describe Metasploit::Framework::LoginScanner::SMB do
|
|||
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: true, has_default_realm: true
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::NTLM'
|
||||
it_behaves_like 'Metasploit::Framework::Tcp::Client'
|
||||
|
||||
it { should respond_to :smb_chunk_size }
|
||||
it { should respond_to :smb_name }
|
||||
|
|
|
@ -7,6 +7,7 @@ describe Metasploit::Framework::LoginScanner::Telnet do
|
|||
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: false, has_default_realm: false
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
|
||||
it_behaves_like 'Metasploit::Framework::Tcp::Client'
|
||||
|
||||
it { should respond_to :banner_timeout }
|
||||
it { should respond_to :telnet_timeout }
|
||||
|
|
|
@ -6,6 +6,7 @@ describe Metasploit::Framework::LoginScanner::VMAUTHD do
|
|||
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: false, has_default_realm: false
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
|
||||
it_behaves_like 'Metasploit::Framework::Tcp::Client'
|
||||
|
||||
context "#attempt_login" do
|
||||
|
||||
|
|
|
@ -14,6 +14,7 @@ describe Metasploit::Framework::LoginScanner::VNC do
|
|||
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::Base', has_realm_key: false, has_default_realm: false
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
|
||||
it_behaves_like 'Metasploit::Framework::Tcp::Client'
|
||||
|
||||
|
||||
context '#attempt_login' do
|
||||
|
|
|
@ -8,4 +8,4 @@ describe Metasploit::Framework::LoginScanner::WordpressRPC do
|
|||
it_behaves_like 'Metasploit::Framework::LoginScanner::HTTP'
|
||||
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,60 +1,7 @@
|
|||
shared_examples_for 'Metasploit::Framework::LoginScanner::RexSocket' do
|
||||
subject(:login_scanner) { described_class.new }
|
||||
|
||||
it { should respond_to :send_delay }
|
||||
it { should respond_to :max_send_size }
|
||||
it { should respond_to :ssl }
|
||||
it { should respond_to :ssl_version }
|
||||
|
||||
context 'send_delay' do
|
||||
it 'is not valid for a non-number' do
|
||||
login_scanner.send_delay = "a"
|
||||
expect(login_scanner).to_not be_valid
|
||||
expect(login_scanner.errors[:send_delay]).to include "is not a number"
|
||||
end
|
||||
|
||||
it 'is not valid for a floating point' do
|
||||
login_scanner.send_delay = 5.76
|
||||
expect(login_scanner).to_not be_valid
|
||||
expect(login_scanner.errors[:send_delay]).to include "must be an integer"
|
||||
end
|
||||
|
||||
it 'is not valid for a negative number' do
|
||||
login_scanner.send_delay = -8
|
||||
expect(login_scanner).to_not be_valid
|
||||
expect(login_scanner.errors[:send_delay]).to include "must be greater than or equal to 0"
|
||||
end
|
||||
|
||||
it 'is valid for a legitimate number' do
|
||||
login_scanner.send_delay = rand(1000) + 1
|
||||
expect(login_scanner.errors[:send_delay]).to be_empty
|
||||
end
|
||||
end
|
||||
|
||||
context 'max_send_size' do
|
||||
it 'is not valid for a non-number' do
|
||||
login_scanner.max_send_size = "a"
|
||||
expect(login_scanner).to_not be_valid
|
||||
expect(login_scanner.errors[:max_send_size]).to include "is not a number"
|
||||
end
|
||||
|
||||
it 'is not valid for a floating point' do
|
||||
login_scanner.max_send_size = 5.76
|
||||
expect(login_scanner).to_not be_valid
|
||||
expect(login_scanner.errors[:max_send_size]).to include "must be an integer"
|
||||
end
|
||||
|
||||
it 'is not valid for a negative number' do
|
||||
login_scanner.max_send_size = -8
|
||||
expect(login_scanner).to_not be_valid
|
||||
expect(login_scanner.errors[:max_send_size]).to include "must be greater than or equal to 0"
|
||||
end
|
||||
|
||||
it 'is valid for a legitimate number' do
|
||||
login_scanner.max_send_size = rand(1000) + 1
|
||||
expect(login_scanner.errors[:max_send_size]).to be_empty
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
|
|
|
@ -0,0 +1,58 @@
|
|||
|
||||
shared_examples_for 'Metasploit::Framework::Tcp::Client' do
|
||||
subject(:login_scanner) { described_class.new }
|
||||
|
||||
it { should respond_to :send_delay }
|
||||
it { should respond_to :max_send_size }
|
||||
|
||||
context 'send_delay' do
|
||||
it 'is not valid for a non-number' do
|
||||
login_scanner.send_delay = "a"
|
||||
expect(login_scanner).to_not be_valid
|
||||
expect(login_scanner.errors[:send_delay]).to include "is not a number"
|
||||
end
|
||||
|
||||
it 'is not valid for a floating point' do
|
||||
login_scanner.send_delay = 5.76
|
||||
expect(login_scanner).to_not be_valid
|
||||
expect(login_scanner.errors[:send_delay]).to include "must be an integer"
|
||||
end
|
||||
|
||||
it 'is not valid for a negative number' do
|
||||
login_scanner.send_delay = -8
|
||||
expect(login_scanner).to_not be_valid
|
||||
expect(login_scanner.errors[:send_delay]).to include "must be greater than or equal to 0"
|
||||
end
|
||||
|
||||
it 'is valid for a legitimate number' do
|
||||
login_scanner.send_delay = rand(1000) + 1
|
||||
expect(login_scanner.errors[:send_delay]).to be_empty
|
||||
end
|
||||
end
|
||||
|
||||
context 'max_send_size' do
|
||||
it 'is not valid for a non-number' do
|
||||
login_scanner.max_send_size = "a"
|
||||
expect(login_scanner).to_not be_valid
|
||||
expect(login_scanner.errors[:max_send_size]).to include "is not a number"
|
||||
end
|
||||
|
||||
it 'is not valid for a floating point' do
|
||||
login_scanner.max_send_size = 5.76
|
||||
expect(login_scanner).to_not be_valid
|
||||
expect(login_scanner.errors[:max_send_size]).to include "must be an integer"
|
||||
end
|
||||
|
||||
it 'is not valid for a negative number' do
|
||||
login_scanner.max_send_size = -8
|
||||
expect(login_scanner).to_not be_valid
|
||||
expect(login_scanner.errors[:max_send_size]).to include "must be greater than or equal to 0"
|
||||
end
|
||||
|
||||
it 'is valid for a legitimate number' do
|
||||
login_scanner.max_send_size = rand(1000) + 1
|
||||
expect(login_scanner.errors[:max_send_size]).to be_empty
|
||||
end
|
||||
end
|
||||
|
||||
end
|
Loading…
Reference in New Issue