Create a new mixin that changes SMBUser/SMBPass to normal options, include this mixin within SMB modules that more often than not require authentication

git-svn-id: file:///home/svn/framework3/trunk@9981 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-12 15:00:58 +00:00 · 2010-08-12 15:00:58 +00:00 · 040a292181
parent 929d7bd158
commit 040a292181
9 changed files with 31 additions and 10 deletions
--- a/lib/msf/core/exploit/smb.rb
+++ b/lib/msf/core/exploit/smb.rb
@ -27,12 +27,26 @@ module Exploit::Remote::SMB
 	DCERPCUUID     = Rex::Proto::DCERPC::UUID
 	NDR            = Rex::Encoder::NDR

+	# Mini-mixin for making SMBUser/SMBPass/SMBDomain regular options vs advanced
+	# Included when the module needs credentials to function
+	module Authenticated
+		def initialize(info = {})
+			super
+			register_options(
+			[
+				OptString.new('SMBUser', [ false, 'The username to authenticate as', '']),
+				OptString.new('SMBPass', [ false, 'The password for the specified username', '']),
+				OptString.new('SMBDomain',  [ false, 'The Windows domain to use for authentication', 'WORKGROUP']),
+			], Msf::Exploit::Remote::SMB::Authenticated)
+		end
+	end
+
 	def initialize(info = {})
 		super

 		register_evasion_options(
 		[
-			OptBool.new('SMB::pipe_evasion',     [ true, 'Enable segmented read/writes for SMB Pipes', 'False']),
+			OptBool.new('SMB::pipe_evasion',     [ true, 'Enable segmented read/writes for SMB Pipes', false]),
 			OptInt.new('SMB::pipe_write_min_size', [ true, 'Minimum buffer size for pipe writes',  1]),
 			OptInt.new('SMB::pipe_write_max_size', [ true, 'Maximum buffer size for pipe writes', 1024]),
 			OptInt.new('SMB::pipe_read_min_size',  [ true, 'Minimum buffer size for pipe reads',  1]),
@ -45,7 +59,7 @@ module Exploit::Remote::SMB

 		register_advanced_options(
 		[
-			OptBool.new('SMBDirect', [ true, 'The target port is a raw SMB service (not NetBIOS)', 'True' ]),
+			OptBool.new('SMBDirect', [ true, 'The target port is a raw SMB service (not NetBIOS)', true ]),
 			OptString.new('SMBUser', [ false, 'The username to authenticate as', '']),
 			OptString.new('SMBPass', [ false, 'The password for the specified username', '']),
 			OptString.new('SMBDomain',  [ false, 'The Windows domain to use for authentication', 'WORKGROUP']),
@ -112,7 +126,6 @@ module Exploit::Remote::SMB
 			datastore['SMBPass'],
 			datastore['SMBDomain']
 		)
-
 		simple.connect("\\\\#{datastore['RHOST']}\\IPC$")
 	end

@ -217,6 +230,8 @@ module Exploit::Remote::SMB
 			smb_login()
 		end

+
+
 		os = 'Unknown'
 		sp = ''

--- a/modules/auxiliary/scanner/smb/pipe_auditor.rb
+++ b/modules/auxiliary/scanner/smb/pipe_auditor.rb
@ -17,6 +17,7 @@ class Metasploit3 < Msf::Auxiliary

 	# Exploit mixins should be called first
 	include Msf::Exploit::Remote::SMB
+	include Msf::Exploit::Remote::SMB::Authenticated

 	# Scanner mixin should be near last
 	include Msf::Auxiliary::Scanner
--- a/modules/auxiliary/scanner/smb/pipe_dcerpc_auditor.rb
+++ b/modules/auxiliary/scanner/smb/pipe_dcerpc_auditor.rb
@ -17,6 +17,7 @@ class Metasploit3 < Msf::Auxiliary

 	# Exploit mixins should be called first
 	include Msf::Exploit::Remote::SMB
+	include Msf::Exploit::Remote::SMB::Authenticated
 	include Msf::Exploit::Remote::DCERPC

 	# Scanner mixin should be near last
@ -307,3 +308,4 @@ class Metasploit3 < Msf::Auxiliary


 end
+
--- a/modules/auxiliary/scanner/smb/smb_enumshares.rb
+++ b/modules/auxiliary/scanner/smb/smb_enumshares.rb
@ -17,6 +17,8 @@ class Metasploit3 < Msf::Auxiliary

 	# Exploit mixins should be called first
 	include Msf::Exploit::Remote::SMB
+	include Msf::Exploit::Remote::SMB::Authenticated
+
 	include Msf::Exploit::Remote::DCERPC

 	# Scanner mixin should be near last
--- a/modules/auxiliary/scanner/smb/smb_enumusers.rb
+++ b/modules/auxiliary/scanner/smb/smb_enumusers.rb
@ -17,6 +17,8 @@ class Metasploit3 < Msf::Auxiliary

 	# Exploit mixins should be called first
 	include Msf::Exploit::Remote::SMB
+	include Msf::Exploit::Remote::SMB::Authenticated
+
 	include Msf::Exploit::Remote::DCERPC

 	# Scanner mixin should be near last
--- a/modules/auxiliary/scanner/smb/smb_login.rb
+++ b/modules/auxiliary/scanner/smb/smb_login.rb
@ -18,6 +18,8 @@ class Metasploit3 < Msf::Auxiliary

 	include Msf::Exploit::Remote::DCERPC
 	include Msf::Exploit::Remote::SMB
+	include Msf::Exploit::Remote::SMB::Authenticated
+
 	include Msf::Auxiliary::Scanner
 	include Msf::Auxiliary::Report
 	include Msf::Auxiliary::AuthBrute
--- a/modules/auxiliary/scanner/smb/smb_lookupsid.rb
+++ b/modules/auxiliary/scanner/smb/smb_lookupsid.rb
@ -17,6 +17,8 @@ class Metasploit3 < Msf::Auxiliary

 	# Exploit mixins should be called first
 	include Msf::Exploit::Remote::SMB
+	include Msf::Exploit::Remote::SMB::Authenticated
+
 	include Msf::Exploit::Remote::DCERPC

 	# Scanner mixin should be near last
--- a/modules/auxiliary/scanner/smb/smb_version.rb
+++ b/modules/auxiliary/scanner/smb/smb_version.rb
@ -19,6 +19,7 @@ class Metasploit3 < Msf::Auxiliary
 	# Exploit mixins should be called first
 	include Msf::Exploit::Remote::DCERPC
 	include Msf::Exploit::Remote::SMB
+	include Msf::Exploit::Remote::SMB::Authenticated

 	# Scanner mixin should be near last
 	include Msf::Auxiliary::Scanner
--- a/modules/exploits/windows/smb/psexec.rb
+++ b/modules/exploits/windows/smb/psexec.rb
@ -30,6 +30,7 @@ class Metasploit3 < Msf::Exploit::Remote

 	include Msf::Exploit::Remote::DCERPC
 	include Msf::Exploit::Remote::SMB
+	include Msf::Exploit::Remote::SMB::Authenticated
 	include Msf::Auxiliary::Report

 	def initialize(info = {})
@ -78,13 +79,6 @@ class Metasploit3 < Msf::Exploit::Remote
 			'DisclosureDate' => 'Jan 01 1999'
 		))

-		# These should be regular options for this exploit
-		register_options(
-			[
-				OptString.new('SMBUser', [ true, 'The username to authenticate as', "Administrator"]),
-				OptString.new('SMBPass', [ false, 'The password for the specified username', ""])
-			], self.class)
-
 		register_advanced_options(
 			[
 				OptBool.new('DB_REPORT_AUTH', [true, "Report an auth_note upon a successful connection", true])