refactor vnc post module
this adds Metasploit::Credential functionality to the post/windows/gather/credentials/vnc module it also fixes a hostname resolution issue on windows hashdump that could occur when the peerhost is an unresolved hostnamebug/bundler_fix
David Maloney
parent
782c8bd172
commit
1e2ae16713
|
|
@ -8,7 +8,7 @@
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
require 'rex'
|
require 'rex'
|
||||||
require 'msf/core/auxiliary/report'
|
require 'msf/core/auxiliary/report'
|
||||||
|
require 'rex/proto/rfb'
|
||||||
|
|
||||||
class Metasploit3 < Msf::Post
|
class Metasploit3 < Msf::Post
|
||||||
|
|
||||||
|
|
@ -224,37 +224,79 @@ class Metasploit3 < Msf::Post
|
||||||
e[:port] = 5900
|
e[:port] = 5900
|
||||||
end
|
end
|
||||||
print_good("#{e[:name]} => #{e[:hash]} => #{e[:pass]} on port: #{e[:port]}")
|
print_good("#{e[:name]} => #{e[:hash]} => #{e[:pass]} on port: #{e[:port]}")
|
||||||
if session.db_record
|
|
||||||
source_id = session.db_record.id
|
service_data = {
|
||||||
else
|
address: ::Rex::Socket.getaddress(session.sock.peerhost, true),
|
||||||
source_id = nil
|
port: e[:port],
|
||||||
end
|
service_name: 'vnc',
|
||||||
report_auth_info(
|
protocol: 'tcp',
|
||||||
:host => session.sock.peerhost,
|
workspace_id: myworkspace_id
|
||||||
:sname => 'vnc',
|
}
|
||||||
:pass => "#{e[:pass]}",
|
|
||||||
:port => "#{e[:port]}",
|
# Assemble data about the credential objects we will be creating
|
||||||
:source_id => source_id,
|
credential_data = {
|
||||||
:source_type => "exploit",
|
origin_type: :session,
|
||||||
:type => 'password'
|
session_id: session_db_id,
|
||||||
)
|
post_reference_name: self.refname,
|
||||||
|
private_type: :password,
|
||||||
|
private_data: "#{e[:pass]}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Merge the service data into the credential data
|
||||||
|
credential_data.merge!(service_data)
|
||||||
|
|
||||||
|
# Create the Metasploit::Credential::Core object
|
||||||
|
credential_core = create_credential(credential_data)
|
||||||
|
|
||||||
|
# Assemble the options hash for creating the Metasploit::Credential::Login object
|
||||||
|
login_data ={
|
||||||
|
access_level: 'interactive',
|
||||||
|
core: credential_core,
|
||||||
|
status: Metasploit::Credential::Login::Status::UNTRIED
|
||||||
|
}
|
||||||
|
|
||||||
|
# Merge in the service data and create our Login
|
||||||
|
login_data.merge!(service_data)
|
||||||
|
login = create_credential_login(login_data)
|
||||||
|
|
||||||
end
|
end
|
||||||
if e[:viewonly_pass] != nil
|
if e[:viewonly_pass] != nil
|
||||||
print_good("VIEW ONLY: #{e[:name]} => #{e[:viewonly_hash]} => #{e[:viewonly_pass]} on port: #{e[:port]}")
|
print_good("VIEW ONLY: #{e[:name]} => #{e[:viewonly_hash]} => #{e[:viewonly_pass]} on port: #{e[:port]}")
|
||||||
if session.db_record
|
|
||||||
source_id = session.db_record.id
|
service_data = {
|
||||||
else
|
address: ::Rex::Socket.getaddress(session.sock.peerhost, true),
|
||||||
source_id = nil
|
port: e[:port],
|
||||||
end
|
service_name: 'vnc',
|
||||||
report_auth_info(
|
protocol: 'tcp',
|
||||||
:host => session.sock.peerhost,
|
workspace_id: myworkspace_id
|
||||||
:sname => 'vnc',
|
}
|
||||||
:viewonly_pass => "#{e[:viewonly_pass]}",
|
|
||||||
:port => "#{e[:port]}",
|
# Assemble data about the credential objects we will be creating
|
||||||
:source_id => source_id,
|
credential_data = {
|
||||||
:source_type => "exploit",
|
origin_type: :session,
|
||||||
:type => 'password_ro'
|
session_id: session_db_id,
|
||||||
)
|
post_reference_name: self.refname,
|
||||||
|
private_type: :password,
|
||||||
|
private_data: "#{e[:viewonly_pass]}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Merge the service data into the credential data
|
||||||
|
credential_data.merge!(service_data)
|
||||||
|
|
||||||
|
# Create the Metasploit::Credential::Core object
|
||||||
|
credential_core = create_credential(credential_data)
|
||||||
|
|
||||||
|
# Assemble the options hash for creating the Metasploit::Credential::Login object
|
||||||
|
login_data ={
|
||||||
|
access_level: 'view_only',
|
||||||
|
core: credential_core,
|
||||||
|
status: Metasploit::Credential::Login::Status::UNTRIED
|
||||||
|
}
|
||||||
|
|
||||||
|
# Merge in the service data and create our Login
|
||||||
|
login_data.merge!(service_data)
|
||||||
|
login = create_credential_login(login_data)
|
||||||
|
|
||||||
end
|
end
|
||||||
}
|
}
|
||||||
unload_our_hives(userhives)
|
unload_our_hives(userhives)
|
||||||
|
|
|
||||||
|
|
@ -69,7 +69,7 @@ class Metasploit3 < Msf::Post
|
||||||
|
|
||||||
# Assemble the information about the SMB service for this host
|
# Assemble the information about the SMB service for this host
|
||||||
service_data = {
|
service_data = {
|
||||||
address: session.sock.peerhost,
|
address: ::Rex::Socket.getaddress(session.sock.peerhost, true),
|
||||||
port: 445,
|
port: 445,
|
||||||
service_name: 'smb',
|
service_name: 'smb',
|
||||||
protocol: 'tcp',
|
protocol: 'tcp',
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue