infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixes #612. This adds an alternative syntax for nexpose_connect for when the password contains a ':' or an '@' 

git-svn-id: file:///home/svn/framework3/trunk@7712 4d416f70-5f16-0410-b530-b9f4589650da
unstable
HD Moore 2009-12-05 13:54:42 +00:00
parent 42e6486fb4
commit 12e8c97a97
1 changed files with 31 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
plugins/nexpose.rb
View File

@ -68,27 +68,47 @@ class Plugin::Nexpose < Msf::Plugin
def cmd_nexpose_connect(*args)
if(args.length == 0 or args[0].empty? or args[0] == "-h")
print_status("Usage: nexpose_connect user:pass@host[:port] <ssl-confirm>")
print_status("Usage: ")
print_status(" nexpose_connect username:password@host[:port] <ssl-confirm>")
print_status(" -OR- ")
print_status(" nexpose_connect username password host port <ssl-confirm>")
return
end
cred,targ = args[0].split('@', 2)
user,pass = cred.split(':', 2)
user = pass = host = port = sslv = nil
targ ||= '127.0.0.1:3780'
host,port = targ.split(':', 2)
port ||= '3780'
if ! ((user and user.length > 0) and (host and host.length > 0) and (port and port.length > 0) and (pass and pass.length > 0))
print_status("Usage: nexpose_connect user:pass@host[:port] <ssl-confirm>")
case args.length
when 1,2
cred,targ = args[0].split('@', 2)
user,pass = cred.split(':', 2)
targ ||= '127.0.0.1:3780'
host,port = targ.split(':', 2)
port ||= '3780'
sslv = args[1]
when 4,5
user,pass,host,port,sslv = args
else
print_status("Usage: ")
print_status(" nexpose_connect username:password@host[:port] <ssl-confirm>")
print_status(" -OR- ")
print_status(" nexpose_connect username password host port <ssl-confirm>")
return
end
if(host != "localhost" and host != "127.0.0.1" and args[1] != "ok")
if ! ((user and user.length > 0) and (host and host.length > 0) and (port and port.length > 0 and port.to_i > 0) and (pass and pass.length > 0))
print_status("Usage: ")
print_status(" nexpose_connect username:password@host[:port] <ssl-confirm>")
print_status(" -OR- ")
print_status(" nexpose_connect username password host port <ssl-confirm>")
return
end
if(host != "localhost" and host != "127.0.0.1" and sslv != "ok")
print_error("Warning: SSL connections are not verified in this release, it is possible for an attacker")
print_error(" with the ability to man-in-the-middle the NeXpose traffic to capture the NeXpose")
print_error(" credentials. If you are running this on a trusted network, please pass in 'ok'")
print_error(" an an additional parameter to this command.")
print_error(" as an additional parameter to this command.")
return
end