From 5fba54db9955dc3a651e74ffbe4e5b90009c7b6f Mon Sep 17 00:00:00 2001 From: Meatballs Date: Fri, 6 Feb 2015 17:48:49 +0000 Subject: [PATCH 1/5] Add addtional timing options --- .../framework/login_scanner/snmp.rb | 33 +++++++++++++++++-- modules/auxiliary/scanner/snmp/snmp_login.rb | 9 +++-- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/lib/metasploit/framework/login_scanner/snmp.rb b/lib/metasploit/framework/login_scanner/snmp.rb index a6ba854202..ee3ac8e93f 100644 --- a/lib/metasploit/framework/login_scanner/snmp.rb +++ b/lib/metasploit/framework/login_scanner/snmp.rb @@ -17,6 +17,35 @@ module Metasploit PRIVATE_TYPES = [ :password ] REALM_KEY = nil + # @!attribute retries + # @return [Fixnum] The number of retries + attr_accessor :retries + + validates :retries, + presence: true, + numericality: { + only_integer: true, + greater_than_or_equal_to: 0 + } + + # @!attribute version + # @return [String] The SNMP version to scan + attr_accessor :version + + validates :version, + presence: true, + inclusion: { in: ['1', '2c', 'all'] } + + # This method returns an array of versions to scan + # @return [Array] An array of versions + def versions + case version + when '1'; [:SNMPv1] + when '2c'; [:SNMPv2c] + when 'all'; [:SNMPv1,:SNMPv2c] + end + end + # This method attempts a single login with a single credential against the target # @param credential [Credential] The credential object to attmpt to login with # @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object @@ -29,14 +58,14 @@ module Metasploit service_name: 'snmp' } - [:SNMPv1, :SNMPv2c].each do |version| + versions.each do |version| snmp_client = ::SNMP::Manager.new( :Host => host, :Port => port, :Community => credential.public, :Version => version, :Timeout => connection_timeout, - :Retries => 2, + :Retries => retries, :Transport => ::SNMP::RexUDPTransport, :Socket => ::Rex::Socket::Udp.create('Context' => { 'Msf' => framework, 'MsfExploit' => framework_module }) ) diff --git a/modules/auxiliary/scanner/snmp/snmp_login.rb b/modules/auxiliary/scanner/snmp/snmp_login.rb index 223d5e7a75..17a4af375e 100644 --- a/modules/auxiliary/scanner/snmp/snmp_login.rb +++ b/modules/auxiliary/scanner/snmp/snmp_login.rb @@ -30,7 +30,10 @@ class Metasploit3 < Msf::Auxiliary [ Opt::RPORT(161), Opt::CHOST, + OptInt.new('CONNECTION_TIMEOUT', [true, 'The timeout value for each probe', 1]), + OptInt.new('RETRIES', [true, 'The number of retries per community string', 0]), OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256]), + OptEnum.new('VERSION', [true, 'The SNMP version to scan', 'all', ['1','2c','all']]), OptString.new('PASSWORD', [ false, 'The password to test' ]), OptPath.new('PASS_FILE', [ false, "File containing communities, one per line", File.join(Msf::Config.data_directory, "wordlists", "snmp_default_pass.txt") @@ -61,9 +64,11 @@ class Metasploit3 < Msf::Auxiliary cred_details: collection, stop_on_success: datastore['STOP_ON_SUCCESS'], bruteforce_speed: datastore['BRUTEFORCE_SPEED'], - connection_timeout: 2, + connection_timeout: datastore['CONNECTION_TIMEOUT'], + retries: datastore['RETRIES'], + version: datastore['VERSION'], framework: framework, - framework_module: self, + framework_module: self ) scanner.scan! do |result| From 22664e63ca7dee88c7bbb0d258cb0526d2835118 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Fri, 6 Feb 2015 19:51:55 +0000 Subject: [PATCH 2/5] Increase default timeout --- modules/auxiliary/scanner/snmp/snmp_login.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/auxiliary/scanner/snmp/snmp_login.rb b/modules/auxiliary/scanner/snmp/snmp_login.rb index 17a4af375e..3d1f3475c9 100644 --- a/modules/auxiliary/scanner/snmp/snmp_login.rb +++ b/modules/auxiliary/scanner/snmp/snmp_login.rb @@ -30,7 +30,7 @@ class Metasploit3 < Msf::Auxiliary [ Opt::RPORT(161), Opt::CHOST, - OptInt.new('CONNECTION_TIMEOUT', [true, 'The timeout value for each probe', 1]), + OptInt.new('CONNECTION_TIMEOUT', [true, 'The timeout value for each probe', 2]), OptInt.new('RETRIES', [true, 'The number of retries per community string', 0]), OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256]), OptEnum.new('VERSION', [true, 'The SNMP version to scan', 'all', ['1','2c','all']]), From 0debbbb948ac55685c2e2096081d5fe6c2771cdf Mon Sep 17 00:00:00 2001 From: Meatballs Date: Fri, 6 Feb 2015 20:21:32 +0000 Subject: [PATCH 3/5] Fixup spec --- spec/lib/metasploit/framework/login_scanner/snmp_spec.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/spec/lib/metasploit/framework/login_scanner/snmp_spec.rb b/spec/lib/metasploit/framework/login_scanner/snmp_spec.rb index 0dc0c8851c..30ae6fa46c 100644 --- a/spec/lib/metasploit/framework/login_scanner/snmp_spec.rb +++ b/spec/lib/metasploit/framework/login_scanner/snmp_spec.rb @@ -37,6 +37,8 @@ describe Metasploit::Framework::LoginScanner::SNMP do snmp_scanner.host = '127.0.0.1' snmp_scanner.port = 161 snmp_scanner.connection_timeout = 1 + snmp_scanner.retries = 0 + snmp_scanner.version = 'all' snmp_scanner.stop_on_success = true snmp_scanner.cred_details = detail_group end From fcc21ff928ca27c576fd1f5d7b400ff1b2cf6ef7 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Tue, 17 Mar 2015 11:44:02 +0000 Subject: [PATCH 4/5] Stylish like @limhoff-r7 --- lib/metasploit/framework/login_scanner/snmp.rb | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/lib/metasploit/framework/login_scanner/snmp.rb b/lib/metasploit/framework/login_scanner/snmp.rb index ee3ac8e93f..ebdc338394 100644 --- a/lib/metasploit/framework/login_scanner/snmp.rb +++ b/lib/metasploit/framework/login_scanner/snmp.rb @@ -17,21 +17,22 @@ module Metasploit PRIVATE_TYPES = [ :password ] REALM_KEY = nil - # @!attribute retries - # @return [Fixnum] The number of retries + # The number of retries + # @return [Fixnum] attr_accessor :retries + # The SNMAP version to scan + # + # @return [String] + attr_accessor :version + validates :retries, presence: true, numericality: { - only_integer: true, + only_integer: true, greater_than_or_equal_to: 0 } - # @!attribute version - # @return [String] The SNMP version to scan - attr_accessor :version - validates :version, presence: true, inclusion: { in: ['1', '2c', 'all'] } From 88062a578dae312ee78629ceeab5fce03833fcef Mon Sep 17 00:00:00 2001 From: William Vu Date: Thu, 16 Apr 2015 02:22:49 -0500 Subject: [PATCH 5/5] Clean up PR --- .../framework/login_scanner/snmp.rb | 20 +++++++++++-------- modules/auxiliary/scanner/snmp/snmp_login.rb | 2 +- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/lib/metasploit/framework/login_scanner/snmp.rb b/lib/metasploit/framework/login_scanner/snmp.rb index ebdc338394..b13d1bb7ad 100644 --- a/lib/metasploit/framework/login_scanner/snmp.rb +++ b/lib/metasploit/framework/login_scanner/snmp.rb @@ -17,12 +17,11 @@ module Metasploit PRIVATE_TYPES = [ :password ] REALM_KEY = nil - # The number of retries + # The number of retries per community string # @return [Fixnum] attr_accessor :retries - # The SNMAP version to scan - # + # The SNMP version to scan # @return [String] attr_accessor :version @@ -35,15 +34,20 @@ module Metasploit validates :version, presence: true, - inclusion: { in: ['1', '2c', 'all'] } + inclusion: { + in: ['1', '2c', 'all'] + } - # This method returns an array of versions to scan + # This method returns an array of versions to scan for # @return [Array] An array of versions def versions case version - when '1'; [:SNMPv1] - when '2c'; [:SNMPv2c] - when 'all'; [:SNMPv1,:SNMPv2c] + when '1' + [:SNMPv1] + when '2c' + [:SNMPv2c] + when 'all' + [:SNMPv1, :SNMPv2c] end end diff --git a/modules/auxiliary/scanner/snmp/snmp_login.rb b/modules/auxiliary/scanner/snmp/snmp_login.rb index 3d1f3475c9..0db2136f3b 100644 --- a/modules/auxiliary/scanner/snmp/snmp_login.rb +++ b/modules/auxiliary/scanner/snmp/snmp_login.rb @@ -33,7 +33,7 @@ class Metasploit3 < Msf::Auxiliary OptInt.new('CONNECTION_TIMEOUT', [true, 'The timeout value for each probe', 2]), OptInt.new('RETRIES', [true, 'The number of retries per community string', 0]), OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256]), - OptEnum.new('VERSION', [true, 'The SNMP version to scan', 'all', ['1','2c','all']]), + OptEnum.new('VERSION', [true, 'The SNMP version to scan', 'all', ['1', '2c', 'all']]), OptString.new('PASSWORD', [ false, 'The password to test' ]), OptPath.new('PASS_FILE', [ false, "File containing communities, one per line", File.join(Msf::Config.data_directory, "wordlists", "snmp_default_pass.txt")