Add OKI Scanner (Feature #6125)

2011-12-20 03:09:09 -06:00 · 2011-12-20 03:09:09 -06:00 · 0200b6367a
parent ff03f2de8d
commit 0200b6367a
1 changed files with 107 additions and 0 deletions
--- a/modules/auxiliary/scanner/misc/oki_scanner.rb
+++ b/modules/auxiliary/scanner/misc/oki_scanner.rb
@ -0,0 +1,107 @@
 ##
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
 # http://metasploit.com/framework/
 ##
 require 'msf/core'
 class Metasploit3 < Msf::Auxiliary
 	include Msf::Exploit::Remote::SNMPClient
 	include Msf::Exploit::Remote::HttpClient
 	include Msf::Auxiliary::Scanner
 	def initialize(info={})
 		super(update_info(info,
 			'Name'          => 'OKI Scanner',
 			'Description'   => %q{
 				Look for OKI printers on the network and try to connect to them as default
 				admin credentials
 			},
 			'Author'        => 'antr6X <anthr6x[at]gmail.com>',
 			'License'       => MSF_LICENSE
 		))
 		register_options(
 			[
 				OptPort.new('SNMPPORT', [true, 'The SNMP Port', 161]),
 				OptPort.new('HTTPPORT', [true, 'The HTTP Port', 80])
 			], self.class)
 		deregister_options('RPORT', 'VHOST')
 	end
 	def cleanup
 		datastore['RPORT'] = @org_rport
 	end
 	def run_host(ip)
 		@org_rport = datastore['RPORT']
 		datastore['RPORT'] = datastore['SNMPPORT']
 		indexPage = "index_ad.htm"
 		authReqPage = "status_toc_ad.htm"
 		snmp = connect_snmp()
 		snmp.walk("1.3.6.1.2.1.2.2.1.6") do |mac|
 			lastSix  = mac.value.unpack("H2H2H2H2H2H2").join[-6,6].upcase
 			firstSix = mac.value.unpack("H2H2H2H2H2H2").join[0,6].upcase
 			#check if it is a OKI
 			#OUI list can be found at http://standards.ieee.org/develop/regauth/oui/oui.txt
 			if firstSix ==  "002536" || firstSix == "008087" || firstSix == "002536"
 				print_status("")
 				sysName = snmp.get_value('1.3.6.1.2.1.1.5.0').to_s
 				print_status("Found #{sysName}")
 				print_status("Trying to access #{ip}/#{authReqPage} with username: admin and password: #{lastSix}")
 				tcp = Rex::Socket::Tcp.create(
 					'PeerHost' => rhost,
 					'PeerPort' => datastore['HTTPPORT'],
 					'Context' =>
 						{
 							'Msf'=>framework,
 							'MsfExploit'=>self
 						}
 				)
 				auth = Rex::Text.encode_base64("admin:#{lastSix}")
 				tcp.put("GET /#{authReqPage} HTTP/1.1\r\nReferer: http://#{ip}/#{indexPage}\r\nAuthorization: Basic #{auth}\r\n\r\n")
 				data = tcp.recv(12)
 				responce = "#{data[9..11]}"
 				case responce
 				when "200"
 					message = "**Default credentials works** :)"
 				when "401"
 					message = "Default credentials failed :("
 				when "404"
 					message = "Page not found, try credentials manually. user: admin pass: #{lastSix}"
 				else
 					message = "Unexpected message"
 				end
 				print_status("#{message}\n")
 				disconnect()
 			end
 		end
 		disconnect_snmp()
 		rescue SNMP::RequestTimeout
 			print_status("#{ip}, SNMP request timeout.")
 		rescue ::Interrupt
 			raise $!
 		rescue ::Exception => e
 			print_status("Unknown error: #{e.class} #{e}")
 		end
 end
 =begin
 by default OKI network printers use the last six digits of the MAC as admin password
 this addon will search for OKI printers on the network and try to connect to them with
 the default password
 =end