dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use metasploit-credential API instead of report_auth_info

This commit is contained in:
wchen-r7 2015-07-22 01:11:43 -05:00
parent 6a9c934c54
commit 4561850055
24 changed files with 1005 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
modules/auxiliary/admin/hp/hp_imc_som_create_account.rb
View File

@ -71,6 +71,32 @@ class Metasploit3 < Msf::Auxiliary
return nil
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def run
print_status("#{peer} - Trying to find the service desk service strong name...")
@ -232,15 +258,15 @@ class Metasploit3 < Msf::Auxiliary
login_url = ssl ? "https://" : "http://"
login_url << "#{rhost}:#{rport}/servicedesk/ServiceDesk.jsp"
report_auth_info({
:host => rhost,
:port => rport,
:user => datastore["USERNAME"],
:pass => datastore["PASSWORD"],
:type => "password",
:sname => (ssl ? "https" : "http"),
:proof => "#{login_url}\n#{res.body}"
})
report_cred(
ip: rhost,
port: rport,
service_name: (ssl ? "https" : "http"),
user: datastore['USERNAME'],
password: datastore['PASSWORD'],
proof: "#{login_url}\n#{res.body}"
)
print_good("#{peer} - Account #{datastore["USERNAME"]}/#{datastore["PASSWORD"]} created successfully.")
print_status("#{peer} - Use it to log into #{login_url}")
end

45
modules/auxiliary/admin/http/dlink_dir_645_password_extractor.rb
View File

@ -33,6 +33,35 @@ class Metasploit3 < Msf::Auxiliary
)
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
last_attempted_at: DateTime.now,
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def run
vprint_status("#{rhost}:#{rport} - Trying to access the configuration of the device")
@ -72,14 +101,14 @@ class Metasploit3 < Msf::Auxiliary
vprint_good("user: #{@user}")
vprint_good("pass: #{pass}")
report_auth_info(
:host => rhost,
:port => rport,
:sname => 'http',
:user => @user,
:pass => pass,
:active => true
)
report_cred(
ip: rhost,
port: rport,
service_name: 'http',
user: @user,
password: pass,
proof: line
)
end
end
end

41
modules/auxiliary/admin/http/dlink_dsl320b_password_extractor.rb
View File

@ -32,6 +32,33 @@ class Metasploit3 < Msf::Auxiliary
)
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
last_attempted_at: DateTime.now,
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def run
vprint_status("#{rhost}:#{rport} - Trying to access the configuration of the device")
@ -69,13 +96,13 @@ class Metasploit3 < Msf::Auxiliary
pass = $1
pass = Rex::Text.decode_base64(pass)
print_good("#{rhost}:#{rport} - Credentials found: #{user} / #{pass}")
report_auth_info(
:host => rhost,
:port => rport,
:sname => 'http',
:user => user,
:pass => pass,
:active => true
report_cred(
ip: rhost,
port: rport,
sname: 'http',
user: user,
password: pass,
proof: line
)
end
end

41
modules/auxiliary/admin/http/nexpose_xxe_file_read.rb
View File

@ -47,6 +47,32 @@ class Metasploit4 < Msf::Auxiliary
], self.class)
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
last_attempted_at: DateTime.now,
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED
}.merge(service_data)
create_credential_login(login_data)
end
def run
user = datastore['USERNAME']
pass = datastore['PASSWORD']
@ -57,14 +83,13 @@ class Metasploit4 < Msf::Auxiliary
print_status("Authenticating as: " << user)
begin
nsc.login
report_auth_info(
:host => rhost,
:port => rport,
:sname => prot,
:user => user,
:pass => pass,
:proof => '',
:active => true
report_cred(
ip: rhost,
port: rport,
service_name: prot,
user: user,
password: pass
)
rescue

42
modules/auxiliary/admin/http/vbulletin_upgrade_admin.rb
View File

@ -49,6 +49,33 @@ class Metasploit3 < Msf::Auxiliary
datastore["PASSWORD"]
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def run
if user == pass
@ -84,14 +111,13 @@ class Metasploit3 < Msf::Auxiliary
if res and res.code == 200 and res.body =~ /Administrator account created/
print_good("#{peer} - Admin account with credentials #{user}:#{pass} successfully created")
report_auth_info(
:host => rhost,
:port => rport,
:sname => 'http',
:user => user,
:pass => pass,
:active => true,
:proof => res.body
report_cred(
ip: rhost,
port: rport,
service_name: 'http',
user: user,
password: pass,
proof: res.body
)
else
print_error("#{peer} - Admin account creation failed")

39
modules/auxiliary/admin/http/wp_custom_contact_forms.rb
View File

@ -62,6 +62,33 @@ class Metasploit3 < Msf::Auxiliary
table_prefix
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
last_attempted_at: DateTime.now,
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::SUCCESSFUL,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def run
username = Rex::Text.rand_text_alpha(10)
password = Rex::Text.rand_text_alpha(20)
@ -98,14 +125,14 @@ class Metasploit3 < Msf::Auxiliary
# login successfull
if cookie
print_status("#{peer} - User #{username} with password #{password} successfully created")
report_auth_info(
sname: 'WordPress',
host: rhost,
report_cred(
ip: rhost,
port: rport,
user: username,
pass: password,
active: true
)
password: password,
service_name: 'WordPress',
proof: cookie
)
else
print_error("#{peer} - User creation failed")
return

43
modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb
View File

@ -7,8 +7,8 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient
def initialize
super(
@ -33,6 +33,32 @@ class Metasploit3 < Msf::Auxiliary
)
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def run
begin
print_status("Trying to get 'admin' user password ...")
@ -62,13 +88,14 @@ class Metasploit3 < Msf::Auxiliary
else
admin_password = admin_password_matches[1];
print_good("Password for user 'admin' is: #{admin_password}")
report_auth_info(
:host => rhost,
:port => rport,
:sname => "ZyXEL GS1510-16",
:user => 'admin',
:pass => admin_password,
:active => true
report_cred(
ip: rhost,
port: rport,
service_name: 'ZyXEL GS1510-16',
user: 'admin',
password: admin_password,
proof: res.body
)
end
rescue ::Rex::ConnectionError

44
modules/auxiliary/admin/misc/sercomm_dump_config.rb
View File

@ -88,6 +88,32 @@ class Metasploit3 < Msf::Auxiliary
parse_configuration(config[:data])
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
private
def little_endian?
@ -200,16 +226,14 @@ class Metasploit3 < Msf::Auxiliary
@credentials.each do |k,v|
next unless v[:user] and v[:password]
print_status("#{peer} - #{k}: User: #{v[:user]} Pass: #{v[:password]}")
auth = {
:host => rhost,
:port => rport,
:user => v[:user],
:pass => v[:password],
:type => 'password',
:source_type => "exploit",
:active => true
}
report_auth_info(auth)
report_cred(
ip: rhost,
port: rport,
user: v[:user],
password: v[:password],
service_name: 'sercomm',
proof: v.inspect
)
end
end

39
modules/auxiliary/admin/oracle/oracle_login.rb
View File

@ -36,6 +36,32 @@ class Metasploit3 < Msf::Auxiliary
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash
}.merge(service_data)
login_data = {
last_attempted_at: Time.now,
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::SUCCESSFUL
}.merge(service_data)
create_credential_login(login_data)
end
def run
return if not check_dependencies
@ -56,13 +82,12 @@ class Metasploit3 < Msf::Auxiliary
break
end
else
report_auth_info(
:host => "#{datastore['RHOST']}",
:port => "#{datastore['RPORT']}",
:sname => 'oracle',
:user => "#{datastore['SID']}/#{datastore['DBUSER']}",
:pass => "#{datastore['DBPASS']}",
:active => true
report_cred(
ip: datastore['RHOST'],
port: datastore['RPORT'],
service_name: 'oracle',
user: "#{datastore['SID']}/#{datastore['DBUSER']}",
password: datastore['DBPASS']
)
print_status("Found user/pass of: #{datastore['DBUSER']}/#{datastore['DBPASS']} on #{datastore['RHOST']} with sid #{datastore['SID']}")
end

1
modules/auxiliary/scanner/http/drupal_views_user_enum.rb
View File

@ -79,7 +79,6 @@ class Metasploit3 < Msf::Auxiliary
}.merge(service_data)
login_data = {
last_attempted_at: DateTime.now,
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
}.merge(service_data)

45
modules/auxiliary/scanner/nexpose/nexpose_api_login.rb
View File

@ -66,6 +66,33 @@ class Metasploit3 < Msf::Auxiliary
end
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash
}.merge(service_data)
login_data = {
last_attempted_at: Time.now,
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::SUCCESSFUL,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def do_login(user='nxadmin', pass='nxadmin')
vprint_status("Trying username:'#{user}' with password:'#{pass}'")
headers = {
@ -100,16 +127,14 @@ class Metasploit3 < Msf::Auxiliary
if res.body =~ /LoginResponse.*success="1"/
print_good("SUCCESSFUL LOGIN. '#{user}' : '#{pass}'")
report_hash = {
:host => datastore['RHOST'],
:port => datastore['RPORT'],
:sname => 'nexpose',
:user => user,
:pass => pass,
:active => true,
:type => 'password'}
report_auth_info(report_hash)
report_cred(
ip: datastore['RHOST'],
port: datastore['RPORT'],
service_name: 'nexpose',
user: user,
password: pass,
proof: res.code.to_s
)
return :next_user
end
end

44
modules/auxiliary/scanner/openvas/openvas_gsad_login.rb
View File

@ -101,22 +101,46 @@ class Metasploit3 < Msf::Auxiliary
if res.code == 303
print_good("#{msg} SUCCESSFUL LOGIN. '#{user}' : '#{pass}'")
report_hash = {
:host => datastore['RHOST'],
:port => datastore['RPORT'],
:sname => 'openvas-gsa',
:user => user,
:pass => pass,
:active => true,
:type => 'password'}
report_auth_info(report_hash)
report_cred(
ip: datastore['RHOST'],
port: datastore['RPORT'],
service_name: 'openvas-gsa',
user: user,
password: pass,
proof: res.code.to_s
)
return :next_user
end
vprint_error("#{msg} FAILED LOGIN. '#{user}' : '#{pass}'")
return :skip_pass
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def msg
"#{vhost}:#{rport} OpenVAS gsad -"
end

42
modules/auxiliary/scanner/openvas/openvas_omp_login.rb
View File

@ -60,6 +60,33 @@ class Metasploit3 < Msf::Auxiliary
end
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash
}.merge(service_data)
login_data = {
last_attempted_at: Time.now,
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::SUCCESSFUL,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def do_login(user=nil,pass=nil)
begin
vprint_status("#{msg} Trying user:'#{user}' with password:'#{pass}'")
@ -67,14 +94,13 @@ class Metasploit3 < Msf::Auxiliary
omp_send(cmd,true) # send hello
if @result =~ /<authenticate_response.*status="200"/is
print_good("#{msg} SUCCESSFUL login for '#{user}' : '#{pass}'")
report_auth_info(
:host => rhost,
:port => rport,
:sname => 'openvas-omp',
:user => user,
:pass => pass,
:source_type => "user_supplied",
:active => true
report_cred(
ip: rhost,
port: rport,
service_name: 'openvas-omp',
user: user,
password: pass,
proof: @result
)
disconnect
@connected = false

42
modules/auxiliary/scanner/openvas/openvas_otp_login.rb
View File

@ -61,6 +61,33 @@ class Metasploit3 < Msf::Auxiliary
end
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash
}.merge(service_data)
login_data = {
last_attempted_at: Time.now,
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::SUCCESSFUL,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def do_login(user=nil,pass=nil)
begin
otp_send("< OTP/1.0 >\n",true) # send hello
@ -81,14 +108,13 @@ class Metasploit3 < Msf::Auxiliary
otp_send("#{pass}\n",!@connected)
if @result =~ /SERVER <|>.*<|> SERVER/is
print_good("#{msg} SUCCESSFUL login for '#{user}' : '#{pass}'")
report_auth_info(
:host => rhost,
:port => rport,
:sname => 'openvas-otp',
:user => user,
:pass => pass,
:source_type => "user_supplied",
:active => true
report_cred(
ip: rhost,
port: rport,
service_name: 'openvas-otp',
user: user,
password: pass,
proof: @result
)
disconnect
@connected = false

40
modules/auxiliary/scanner/scada/koyo_login.rb
View File

@ -114,19 +114,45 @@ class Metasploit3 < Msf::Auxiliary
next if not res
print_good "#{rhost}:#{rport} - KOYO - Found passcode: #{passcode}"
report_auth_info(
:host => rhost,
:port => rport.to_i,
:proto => 'udp',
:user => '',
:pass => passcode, # NOTE: Human readable
:active => true
report_cred(
ip: rhost,
port: rport.to_i,
service_name: 'koyo',
user: '',
password: passcode,
proof: res
)
break
end
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'udp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def crc16(buf, crc=0)
buf.each_byte{|x| crc = ((crc << 8) ^ @@CCITT_16[( crc >> 8) ^ x]) & 0xffff }
[crc].pack("v")

41
modules/auxiliary/server/capture/drda.rb
View File

@ -216,14 +216,13 @@ class Metasploit3 < Msf::Auxiliary
if @state[c][:user] and @state[c][:pass]
print_status("DRDA LOGIN #{@state[c][:name]} Database: #{@state[c][:database]}; #{@state[c][:user]} / #{@state[c][:pass]}")
report_auth_info(
:host => @state[c][:ip],
:port => datastore['SRVPORT'],
:sname => 'db2_client',
:user => @state[c][:user],
:pass => @state[c][:pass],
:source_type => "captured",
:active => true
report_cred(
ip: @state[c][:ip],
port: datastore['SRVPORT'],
service_name: 'db2_client',
user: @state[c][:user],
password: @state[c][:pass],
proof: @state.inspect
)
params = []
@ -238,6 +237,32 @@ class Metasploit3 < Msf::Auxiliary
end
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def on_client_close(c)
@state.delete(c)
end

41
modules/auxiliary/server/capture/ftp.rb
View File

@ -51,6 +51,32 @@ class Metasploit3 < Msf::Auxiliary
c.put "220 FTP Server Ready\r\n"
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def on_client_data(c)
data = c.get_once
return if not data
@ -71,14 +97,13 @@ class Metasploit3 < Msf::Auxiliary
if(cmd.upcase == "PASS")
@state[c][:pass] = arg
report_auth_info(
:host => @state[c][:ip],
:port => datastore['SRVPORT'],
:sname => 'ftp',
:user => @state[c][:user],
:pass => @state[c][:pass],
:source_type => "captured",
:active => true
report_cred(
ip: @state[c][:ip],
port: datastore['SRVPORT'],
service_name: 'ftp',
user: @state[c][:user],
password: @state[c][:pass],
proof: arg
)
print_status("FTP LOGIN #{@state[c][:name]} #{@state[c][:user]} / #{@state[c][:pass]}")

41
modules/auxiliary/server/capture/http_basic.rb
View File

@ -58,19 +58,44 @@ class Metasploit3 < Msf::Auxiliary
exploit
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def on_request_uri(cli, req)
if(req['Authorization'] and req['Authorization'] =~ /basic/i)
basic,auth = req['Authorization'].split(/\s+/)
user,pass = Rex::Text.decode_base64(auth).split(':', 2)
report_auth_info(
:host => cli.peerhost,
:port => datastore['SRVPORT'],
:sname => 'HTTP',
:user => user,
:pass => pass,
:source_type => "captured",
:active => true
report_cred(
ip: cli.peerhost,
port: datastore['SRVPORT'],
service_name: 'HTTP',
user: user,
password: pass,
proof: req['Authorization']
)
print_good("#{cli.peerhost} - Credential collected: \"#{user}:#{pass}\" => #{req.resource}")

41
modules/auxiliary/server/capture/pop3.rb
View File

@ -56,6 +56,32 @@ class Metasploit3 < Msf::Auxiliary
c.put "+OK\r\n"
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def on_client_data(c)
data = c.get_once
return if not data
@ -71,14 +97,13 @@ class Metasploit3 < Msf::Auxiliary
if(cmd.upcase == "PASS")
@state[c][:pass] = arg
report_auth_info(
:host => @state[c][:ip],
:port => @myport,
:sname => 'pop3',
:user => @state[c][:user],
:pass => @state[c][:pass],
:source_type => "captured",
:active => true
report_cred(
ip: @state[c][:ip],
port: @myport,
service_name: 'pop3',
user: @state[c][:user],
password: @state[c][:pass],
proof: arg
)
print_status("POP3 LOGIN #{@state[c][:name]} #{@state[c][:user]} / #{@state[c][:pass]}")
@state[c][:pass] = data.strip

43
modules/auxiliary/server/capture/postgresql.rb
View File

@ -42,6 +42,32 @@ class Metasploit3 < Msf::Auxiliary
exploit()
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def on_client_connect(c)
@state[c] = {
:name => "#{c.peerhost}:#{c.peerport}",
@ -74,16 +100,13 @@ class Metasploit3 < Msf::Auxiliary
# Password message
data.slice!(0, 5).unpack("N")[0] # skip over length
@state[c][:password] = data.slice!(0, data.index("\x00") + 1).unpack("Z*")[0]
report_auth_info(
:host => c.peerhost,
:port => datastore['SRVPORT'],
:sname => 'psql_client',
:user => @state[c][:username],
:pass => @state[c][:password],
:type => "PostgreSQL credentials",
:proof => @state[c][:database],
:source_type => "captured",
:active => true
report_cred(
ip: c.peerhost,
port: datastore['SRVPORT'],
service_name: 'psql_client',
user: @state[c][:username],
password: @state[c][:password],
proof: @state[c][:database]
)
print_status("PostgreSQL LOGIN #{@state[c][:name]} #{@state[c][:username]} / #{@state[c][:password]} / #{@state[c][:database]}")
# send failure message

43
modules/auxiliary/server/capture/sip.rb
View File

@ -104,6 +104,32 @@ class Metasploit3 < Msf::Auxiliary
return addr
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def run
begin
@port = datastore['SRVPORT'].to_i
@ -141,16 +167,13 @@ class Metasploit3 < Msf::Auxiliary
proof = "client: #{client_ip}; username: #{username}; nonce: #{datastore['NONCE']}; response: #{response}; algorithm: #{algorithm}"
print_status("SIP LOGIN: #{proof}")
report_auth_info(
:host => @requestor[:ip],
:port => @requestor[:port],
:sname => 'sip_client',
:user => username,
:pass => response + ":" + auth_tokens['nonce'] + ":" + algorithm,
:type => "sip_hash",
:proof => proof,
:source_type => "captured",
:active => true
report_cred(
ip: @requestor[:ip],
port: @requestor[:port],
service_name: 'sip_client',
user: username,
password: response + ":" + auth_tokens['nonce'] + ":" + algorithm,
proof: proof
)
if datastore['JOHNPWFILE']

41
modules/auxiliary/server/capture/smtp.rb
View File

@ -118,14 +118,13 @@ class Metasploit3 < Msf::Auxiliary
@state[c][:pass] = arg
report_auth_info(
:host => @state[c][:ip],
:port => datastore['SRVPORT'],
:sname => 'pop3',
:user => @state[c][:user],
:pass => @state[c][:pass],
:source_type => "captured",
:active => true
report_cred(
ip: @state[c][:ip],
port: datastore['SRVPORT'],
service_name: 'pop3',
user: @state[c][:user],
password: @state[c][:pass],
proof: arg
)
print_status("SMTP LOGIN #{@state[c][:name]} #{@state[c][:user]} / #{@state[c][:pass]}")
end
@ -135,6 +134,32 @@ class Metasploit3 < Msf::Auxiliary
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def on_client_close(c)
@state.delete(c)
end

43
modules/auxiliary/server/capture/vnc.rb
View File

@ -61,6 +61,32 @@ class Metasploit3 < Msf::Auxiliary
c.put "RFB 003.007\n"
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def on_client_data(c)
data = c.get_once
return if not data
@ -91,16 +117,13 @@ class Metasploit3 < Msf::Auxiliary
c.close
print_status("#{peer} - Challenge: #{@challenge.unpack('H*')[0]}; Response: #{data.unpack('H*')[0]}")
hash_line = "$vnc$*#{@state[c][:chall].unpack("H*")[0]}*#{data.unpack('H*')[0]}"
report_auth_info(
:host => c.peerhost,
:port => datastore['SRVPORT'],
:sname => 'vnc_client',
:user => "",
:pass => hash_line,
:type => "vnc_hash",
:proof => hash_line,
:source_type => "captured",
:active => true
report_cred(
ip: c.peerhost,
port: datastore['SRVPORT'],
service_name: 'vnc_client',
user: '',
password: hash_line,
proof: hash_line
)
if(datastore['JOHNPWFILE'])

265
test/modules/auxiliary/test/report_auth_info.rb
View File

@ -9,7 +9,7 @@ class Metasploit3 < Msf::Auxiliary
FAKE_IP = '192.168.12.123'
FAKE_PORT = 80
FAKE_USER = 'username'
FAKE_USER = 'user'
FAKE_PASS = 'password'
def initialize(info = {})
@ -123,6 +123,269 @@ class Metasploit3 < Msf::Auxiliary
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS)
end
def test_hp_imc_som_create_account
mod = framework.auxiliary.create('admin/hp/hp_imc_som_create_account')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'https',
user: FAKE_USER,
password: FAKE_PASS,
proof: ''
)
end
def test_dlink_dir_645_password_extractor
mod = framework.auxiliary.create('admin/http/dlink_dir_645_password_extractor')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'http',
user: FAKE_USER,
password: FAKE_PASS,
proof: ''
)
end
def test_dlink_dsl320b_password_extractor
mod = framework.auxiliary.create('admin/http/dlink_dsl320b_password_extractor')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'http',
user: FAKE_USER,
password: FAKE_PASS,
proof: ''
)
end
def test_nexpose_xxe_file_read
mod = framework.auxiliary.create('admin/http/nexpose_xxe_file_read')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'http',
user: FAKE_USER,
password: FAKE_PASS,
proof: ''
)
end
def test_vbulletin_upgrade_admin
mod = framework.auxiliary.create('admin/http/vbulletin_upgrade_admin')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'http',
user: FAKE_USER,
password: FAKE_PASS,
proof: ''
)
end
def test_wp_custom_contact_forms
mod = framework.auxiliary.create('admin/http/wp_custom_contact_forms')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
user: FAKE_USER,
password: FAKE_PASS,
service_name: 'WordPress',
proof: ''
)
end
def test_zyxel_admin_password_extractor
mod = framework.auxiliary.create('admin/http/zyxel_admin_password_extractor')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'ZyXEL GS1510-16',
user: FAKE_USER,
password: FAKE_PASS,
proof: ''
)
end
def test_sercomm_dump_config
mod = framework.auxiliary.create('admin/misc/sercomm_dump_config')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
user: FAKE_USER,
password: FAKE_PASS,
service_name: 'sercomm',
proof: ''
)
end
def test_vnc
mod = framework.auxiliary.create('server/capture/vnc')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'vnc_client',
user: '',
password: FAKE_PASS,
proof: ''
)
end
def test_smtp
mod = framework.auxiliary.create('server/capture/smtp')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'pop3',
user: FAKE_USER,
password: FAKE_PASS,
proof: ''
)
end
def test_sip
mod = framework.auxiliary.create('server/capture/sip')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'sip_client',
user:FAKE_USER,
password: FAKE_PASS,
proof: ''
)
end
def test_oracle_login
mod = framework.auxiliary.create('admin/oracle/oracle_login')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'oracle',
user: FAKE_USER,
password: FAKE_PASS
)
end
def test_postgresql
mod = framework.auxiliary.create('server/capture/postgresql')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'psql_client',
user: FAKE_USER,
password: FAKE_PASS,
proof: ''
)
end
def test_pop3
mod = framework.auxiliary.create('server/capture/pop3')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'pop3',
user: FAKE_USER,
password: FAKE_PASS,
proof: ''
)
end
def test_http_basic
mod = framework.auxiliary.create('server/capture/http_basic')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'HTTP',
user: FAKE_USER,
password: FAKE_PASS,
proof: ''
)
end
def test_ftp
mod = framework.auxiliary.create('server/capture/ftp')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'ftp',
user: FAKE_USER,
password: FAKE_PASS,
proof: ''
)
end
def test_drda
mod = framework.auxiliary.create('server/capture/drda')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'db2_client',
user: FAKE_USER,
password: FAKE_PASS,
proof: ''
)
end
def test_koyo_login
mod = framework.auxiliary.create('scanner/scada/koyo_login')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'koyo',
user: '',
password: FAKE_PASS,
proof: ''
)
end
def test_openvas_otp_login
mod = framework.auxiliary.create('scanner/openvas/openvas_otp_login')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'openvas-otp',
user: FAKE_USER,
password: FAKE_PASS,
proof: ''
)
end
def test_openvas_omp_login
mod = framework.auxiliary.create('scanner/openvas/openvas_omp_login')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'openvas-omp',
user: FAKE_USER,
password: FAKE_PASS,
proof: @result
)
end
def test_openvas_gsad_login
mod = framework.auxiliary.create('scanner/openvas/openvas_gsad_login')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'openvas-gsa',
user: FAKE_USER,
password: FAKE_PASS,
proof: ''
)
end
def test_nexpose_api_login
mod = framework.auxiliary.create('scanner/nexpose/nexpose_api_login')
mod.report_cred(
ip: FAKE_IP,
port: FAKE_PORT,
service_name: 'nexpose',
user: FAKE_USER,
password: FAKE_PASS,
proof: ''
)
end
def run
self.methods.each do |m|
next if m.to_s !~ /^test_.+/