infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

refactor vnc post module 

this adds Metasploit::Credential functionality to
the post/windows/gather/credentials/vnc module
it also fixes a hostname resolution issue on windows
hashdump that could occur when the peerhost is an unresolved
hostname
bug/bundler_fix
David Maloney 2014-05-30 14:27:44 -05:00
parent 782c8bd172
commit 1e2ae16713
No known key found for this signature in database
GPG Key ID: DEDBA9DC3A913DB2
2 changed files with 72 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
modules/post/windows/gather/credentials/vnc.rb
View File

@ -8,7 +8,7 @@
require 'msf/core'
require 'rex'
require 'msf/core/auxiliary/report'
require 'rex/proto/rfb'
class Metasploit3 < Msf::Post
@ -224,37 +224,79 @@ class Metasploit3 < Msf::Post
e[:port] = 5900
end
print_good("#{e[:name]} => #{e[:hash]} => #{e[:pass]} on port: #{e[:port]}")
if session.db_record
source_id = session.db_record.id
else
source_id = nil
end
report_auth_info(
:host => session.sock.peerhost,
:sname => 'vnc',
:pass => "#{e[:pass]}",
:port => "#{e[:port]}",
:source_id => source_id,
:source_type => "exploit",
:type => 'password'
)
service_data = {
address: ::Rex::Socket.getaddress(session.sock.peerhost, true),
port: e[:port],
service_name: 'vnc',
protocol: 'tcp',
workspace_id: myworkspace_id
}
# Assemble data about the credential objects we will be creating
credential_data = {
origin_type: :session,
session_id: session_db_id,
post_reference_name: self.refname,
private_type: :password,
private_data: "#{e[:pass]}"
}
# Merge the service data into the credential data
credential_data.merge!(service_data)
# Create the Metasploit::Credential::Core object
credential_core = create_credential(credential_data)
# Assemble the options hash for creating the Metasploit::Credential::Login object
login_data ={
access_level: 'interactive',
core: credential_core,
status: Metasploit::Credential::Login::Status::UNTRIED
}
# Merge in the service data and create our Login
login_data.merge!(service_data)
login = create_credential_login(login_data)
end
if e[:viewonly_pass] != nil
print_good("VIEW ONLY: #{e[:name]} => #{e[:viewonly_hash]} => #{e[:viewonly_pass]} on port: #{e[:port]}")
if session.db_record
source_id = session.db_record.id
else
source_id = nil
end
report_auth_info(
:host => session.sock.peerhost,
:sname => 'vnc',
:viewonly_pass => "#{e[:viewonly_pass]}",
:port => "#{e[:port]}",
:source_id => source_id,
:source_type => "exploit",
:type => 'password_ro'
)
service_data = {
address: ::Rex::Socket.getaddress(session.sock.peerhost, true),
port: e[:port],
service_name: 'vnc',
protocol: 'tcp',
workspace_id: myworkspace_id
}
# Assemble data about the credential objects we will be creating
credential_data = {
origin_type: :session,
session_id: session_db_id,
post_reference_name: self.refname,
private_type: :password,
private_data: "#{e[:viewonly_pass]}"
}
# Merge the service data into the credential data
credential_data.merge!(service_data)
# Create the Metasploit::Credential::Core object
credential_core = create_credential(credential_data)
# Assemble the options hash for creating the Metasploit::Credential::Login object
login_data ={
access_level: 'view_only',
core: credential_core,
status: Metasploit::Credential::Login::Status::UNTRIED
}
# Merge in the service data and create our Login
login_data.merge!(service_data)
login = create_credential_login(login_data)
end
}
unload_our_hives(userhives)

2
modules/post/windows/gather/hashdump.rb
View File

@ -69,7 +69,7 @@ class Metasploit3 < Msf::Post
# Assemble the information about the SMB service for this host
service_data = {
address: session.sock.peerhost,
address: ::Rex::Socket.getaddress(session.sock.peerhost, true),
port: 445,
service_name: 'smb',
protocol: 'tcp',