Use the latest cred API, no more report_auth_info
This commit is contained in:
parent
d55757350d
commit
cf6d5fac2a
|
@ -175,15 +175,14 @@ class Metasploit3 < Msf::Auxiliary
|
|||
@plain_passwords[i] << " (ISO-8859-1 hex chars)"
|
||||
end
|
||||
|
||||
report_auth_info({
|
||||
:host => rhost,
|
||||
:port => rport,
|
||||
:user => @users[i][0],
|
||||
:pass => @plain_passwords[i],
|
||||
:type => "password",
|
||||
:sname => (ssl ? "https" : "http"),
|
||||
:proof => "Leaked encrypted password from #{@users[i][3]}: #{@users[i][1]}:#{@users[i][2]}"
|
||||
})
|
||||
report_cred(
|
||||
ip: rhost,
|
||||
port: rport,
|
||||
user: @users[i][0],
|
||||
password: @plain_passwords[i],
|
||||
service_name: (ssl ? "https" : "http"),
|
||||
proof: "Leaked encrypted password from #{@users[i][3]}: #{@users[i][1]}:#{@users[i][2]}"
|
||||
)
|
||||
|
||||
users_table << [@users[i][0], @users[i][1], @users[i][2], @plain_passwords[i], user_type(@users[i][3])]
|
||||
end
|
||||
|
@ -191,6 +190,32 @@ class Metasploit3 < Msf::Auxiliary
|
|||
print_line(users_table.to_s)
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: opts[:service_name],
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
def user_type(database)
|
||||
user_type = database
|
||||
|
||||
|
|
|
@ -90,18 +90,45 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: opts[:service_name],
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
last_attempted_at: Time.now,
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::SUCCESSFUL,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
def setup_ftp_connection
|
||||
vprint_status "#{ip}:#{rport} - FTP - Connecting"
|
||||
if connect_login()
|
||||
conn = connect_login
|
||||
if conn
|
||||
print_status("#{ip}:#{rport} - FTP - Login succeeded")
|
||||
report_auth_info(
|
||||
:host => ip,
|
||||
:port => rport,
|
||||
:proto => 'tcp',
|
||||
:user => user,
|
||||
:pass => pass,
|
||||
:ptype => 'password_ro',
|
||||
:active => true
|
||||
report_cred(
|
||||
ip: ip,
|
||||
port: rport,
|
||||
user: user,
|
||||
password: pass,
|
||||
service_name: 'modicon',
|
||||
proof: "connect_login: #{conn}"
|
||||
)
|
||||
return true
|
||||
else
|
||||
|
|
|
@ -68,16 +68,41 @@ class Metasploit3 < Msf::Auxiliary
|
|||
datastore['TIMEOUT']
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: opts[:service_name],
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user]
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
last_attempted_at: DateTime.now,
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::SUCCESSFUL,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
def user_exists(user)
|
||||
exists = wordpress_user_exists?(user)
|
||||
if exists
|
||||
print_good("#{peer} - Username \"#{username}\" is valid")
|
||||
report_auth_info(
|
||||
:host => rhost,
|
||||
:sname => (ssl ? 'https' : 'http'),
|
||||
:user => user,
|
||||
:port => rport,
|
||||
:proof => "WEBAPP=\"Wordpress\", VHOST=#{vhost}"
|
||||
report_cred(
|
||||
ip: rhost,
|
||||
port: rport,
|
||||
user: user,
|
||||
service_name: (ssl ? 'https' : 'http'),
|
||||
proof: "WEBAPP=\"Wordpress\", VHOST=#{vhost}"
|
||||
)
|
||||
|
||||
return true
|
||||
|
|
|
@ -103,6 +103,33 @@ class Metasploit3 < Msf::Auxiliary
|
|||
}
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: opts[:service_name],
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
|
||||
def run
|
||||
|
||||
print_status("#{rhost}:#{rport} - Fingerprinting...")
|
||||
|
@ -183,13 +210,13 @@ class Metasploit3 < Msf::Auxiliary
|
|||
print_status("#{rhost}:#{rport} - Recovering Hashes...")
|
||||
json_info["result"]["resultSet"].each { |result|
|
||||
print_good("#{rhost}:#{rport} - Found cred: #{result["username"]}:#{result["password"]}")
|
||||
report_auth_info(
|
||||
:host => rhost,
|
||||
:port => rport,
|
||||
:sname => "Apache Rave",
|
||||
:user => result["username"],
|
||||
:pass => result["password"],
|
||||
:active => result["enabled"]
|
||||
report_cred(
|
||||
ip: rhost,
|
||||
port: rport,
|
||||
service_name: 'Apache Rave',
|
||||
user: result["username"],
|
||||
password: result["password"],
|
||||
proof: user_data
|
||||
)
|
||||
}
|
||||
|
||||
|
|
|
@ -182,6 +182,32 @@ class Metasploit3 < Msf::Auxiliary
|
|||
return res
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: opts[:service_name],
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
# Parse the usernames, passwords, and security levels from the config
|
||||
# It's a little ugly (lots of hard-coded offsets).
|
||||
# The userdata starts at an offset dictated by the B014USERS config
|
||||
|
@ -213,13 +239,13 @@ class Metasploit3 < Msf::Auxiliary
|
|||
break
|
||||
end
|
||||
logins << [accounttype, accountname, accountpass]
|
||||
report_auth_info(
|
||||
:host => datastore['RHOST'],
|
||||
:port => 23,
|
||||
:sname => "telnet",
|
||||
:user => accountname,
|
||||
:pass => accountpass,
|
||||
:active => true
|
||||
report_cred(
|
||||
ip: datastore['RHOST'],
|
||||
port: 23,
|
||||
service_name: 'telnet',
|
||||
user: accountname,
|
||||
password: accountpass,
|
||||
proof: accounttype
|
||||
)
|
||||
end
|
||||
if not logins.rows.empty?
|
||||
|
|
|
@ -151,6 +151,32 @@ class Metasploit3 < Msf::Auxiliary
|
|||
get_session_tokens ? Exploit::CheckCode::Vulnerable : Exploit::CheckCode::Safe
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: opts[:service_name],
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
def run
|
||||
return unless tokens = get_session_tokens
|
||||
credentials = []
|
||||
|
@ -172,14 +198,14 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'Columns' => ['Username', 'Password', 'Admin', 'E-mail']
|
||||
)
|
||||
credentials.each do |record|
|
||||
report_auth_info({
|
||||
:host => rhost,
|
||||
:port => rport,
|
||||
:sname => (ssl ? 'https' : 'http'),
|
||||
:user => record[0],
|
||||
:pass => record[1],
|
||||
:source_type => 'vuln'
|
||||
})
|
||||
report_cred(
|
||||
ip: rhost,
|
||||
port: rport,
|
||||
service_name: (ssl ? 'https' : 'http'),
|
||||
user: record[0],
|
||||
password: record[1],
|
||||
proof: @cookie
|
||||
)
|
||||
cred_table << [record[0], record[1], record[2], record[3]]
|
||||
end
|
||||
print_line
|
||||
|
|
|
@ -450,6 +450,36 @@ class Metasploit3 < Msf::Auxiliary
|
|||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'hp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
|
||||
end
|
||||
|
||||
def test_d20pass
|
||||
mod = framework.auxiliary.create('gather/d20pass')
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'hp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
|
||||
end
|
||||
|
||||
def test_doliwamp_traversal_creds
|
||||
mod = framework.auxiliary.create('gather/doliwamp_traversal_creds')
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'hp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
|
||||
end
|
||||
|
||||
def test_apache_rave_creds
|
||||
mod = framework.auxiliary.create('gather/apache_rave_creds')
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'Apache Rave', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
|
||||
end
|
||||
|
||||
def test_wordpress_long_password_dos
|
||||
mod = framework.auxiliary.create('dos/http/wordpress_long_password_dos')
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, proof: FAKE_PROOF)
|
||||
end
|
||||
|
||||
def test_modicon_password_recovery
|
||||
mod = framework.auxiliary.create('admin/scada/modicon_password_recovery')
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
|
||||
end
|
||||
|
||||
def test_advantech_webaccess_dbvisitor_sqli
|
||||
mod = framework.auxiliary.create('admin/scada/advantech_webaccess_dbvisitor_sqli')
|
||||
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
|
||||
end
|
||||
|
||||
def run
|
||||
counter_all = 0
|
||||
counter_good = 0
|
||||
|
|
Loading…
Reference in New Issue