diff --git a/modules/auxiliary/admin/mysql/mysql_enum.rb b/modules/auxiliary/admin/mysql/mysql_enum.rb index 92aef65a3b..5bb0e6830f 100644 --- a/modules/auxiliary/admin/mysql/mysql_enum.rb +++ b/modules/auxiliary/admin/mysql/mysql_enum.rb @@ -27,6 +27,33 @@ class Metasploit3 < Msf::Auxiliary end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :nonreplayable_hash, + jtr_format: 'mysql,mysql-sha1' + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def run return if not mysql_login_datastore print_status("Running MySQL Enumerator...") @@ -86,15 +113,14 @@ class Metasploit3 < Msf::Auxiliary print_status("\tList of Accounts with Password Hashes:") res.each do |row| print_status("\t\tUser: #{row[0]} Host: #{row[1]} Password Hash: #{row[2]}") - report_auth_info({ - :host => rhost, - :port => rport, - :user => row[0], - :pass => row[2], - :type => "mysql_hash", - :sname => "mysql", - :active => true - }) + report_cred( + ip: rhost, + port: rport, + user: row[0], + password: row[2], + service_name: 'mysql', + proof: row.inspect + ) end end # Only list accounts that can log in with SSL if SSL is enabled diff --git a/modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb b/modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb index ddafc1502c..7e77949291 100644 --- a/modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb +++ b/modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb @@ -175,15 +175,14 @@ class Metasploit3 < Msf::Auxiliary @plain_passwords[i] << " (ISO-8859-1 hex chars)" end - report_auth_info({ - :host => rhost, - :port => rport, - :user => @users[i][0], - :pass => @plain_passwords[i], - :type => "password", - :sname => (ssl ? "https" : "http"), - :proof => "Leaked encrypted password from #{@users[i][3]}: #{@users[i][1]}:#{@users[i][2]}" - }) + report_cred( + ip: rhost, + port: rport, + user: @users[i][0], + password: @plain_passwords[i], + service_name: (ssl ? "https" : "http"), + proof: "Leaked encrypted password from #{@users[i][3]}: #{@users[i][1]}:#{@users[i][2]}" + ) users_table << [@users[i][0], @users[i][1], @users[i][2], @plain_passwords[i], user_type(@users[i][3])] end @@ -191,6 +190,32 @@ class Metasploit3 < Msf::Auxiliary print_line(users_table.to_s) end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def user_type(database) user_type = database diff --git a/modules/auxiliary/admin/scada/modicon_password_recovery.rb b/modules/auxiliary/admin/scada/modicon_password_recovery.rb index ca0df87132..aabbdc4cc3 100644 --- a/modules/auxiliary/admin/scada/modicon_password_recovery.rb +++ b/modules/auxiliary/admin/scada/modicon_password_recovery.rb @@ -90,18 +90,45 @@ class Metasploit3 < Msf::Auxiliary end end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + last_attempted_at: Time.now, + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def setup_ftp_connection vprint_status "#{ip}:#{rport} - FTP - Connecting" - if connect_login() + conn = connect_login + if conn print_status("#{ip}:#{rport} - FTP - Login succeeded") - report_auth_info( - :host => ip, - :port => rport, - :proto => 'tcp', - :user => user, - :pass => pass, - :ptype => 'password_ro', - :active => true + report_cred( + ip: ip, + port: rport, + user: user, + password: pass, + service_name: 'modicon', + proof: "connect_login: #{conn}" ) return true else diff --git a/modules/auxiliary/analyze/jtr_oracle_fast.rb b/modules/auxiliary/analyze/jtr_oracle_fast.rb index d8d3fe790d..e41d6ff806 100644 --- a/modules/auxiliary/analyze/jtr_oracle_fast.rb +++ b/modules/auxiliary/analyze/jtr_oracle_fast.rb @@ -37,6 +37,33 @@ class Metasploit3 < Msf::Auxiliary crack("oracle11g") end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :nonreplayable_hash, + jtr_format: opts[:format] + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def crack(format) @@ -71,12 +98,14 @@ class Metasploit3 < Msf::Auxiliary print_status("#{cracked[:cracked]} hashes were cracked!") cracked[:users].each_pair do |k,v| print_good("Host: #{v[1]} Port: #{v[2]} User: #{k} Pass: #{v[0]}") - report_auth_info( - :host => v[1], - :port => v[2], - :sname => 'oracle', - :user => k, - :pass => v[0] + report_cred( + ip: v[1], + port: v[2], + service_name: 'oracle', + user: k, + pass: v[0], + format: format, + proof: cracked.inspect ) end end diff --git a/modules/auxiliary/dos/http/wordpress_long_password_dos.rb b/modules/auxiliary/dos/http/wordpress_long_password_dos.rb index 0601abe005..fb6d7094b0 100644 --- a/modules/auxiliary/dos/http/wordpress_long_password_dos.rb +++ b/modules/auxiliary/dos/http/wordpress_long_password_dos.rb @@ -68,16 +68,41 @@ class Metasploit3 < Msf::Auxiliary datastore['TIMEOUT'] end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user] + }.merge(service_data) + + login_data = { + last_attempted_at: DateTime.now, + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def user_exists(user) exists = wordpress_user_exists?(user) if exists print_good("#{peer} - Username \"#{username}\" is valid") - report_auth_info( - :host => rhost, - :sname => (ssl ? 'https' : 'http'), - :user => user, - :port => rport, - :proof => "WEBAPP=\"Wordpress\", VHOST=#{vhost}" + report_cred( + ip: rhost, + port: rport, + user: user, + service_name: (ssl ? 'https' : 'http'), + proof: "WEBAPP=\"Wordpress\", VHOST=#{vhost}" ) return true diff --git a/modules/auxiliary/gather/apache_rave_creds.rb b/modules/auxiliary/gather/apache_rave_creds.rb index a5111b9875..eb9574bbff 100644 --- a/modules/auxiliary/gather/apache_rave_creds.rb +++ b/modules/auxiliary/gather/apache_rave_creds.rb @@ -103,6 +103,33 @@ class Metasploit3 < Msf::Auxiliary } end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + + def run print_status("#{rhost}:#{rport} - Fingerprinting...") @@ -183,13 +210,13 @@ class Metasploit3 < Msf::Auxiliary print_status("#{rhost}:#{rport} - Recovering Hashes...") json_info["result"]["resultSet"].each { |result| print_good("#{rhost}:#{rport} - Found cred: #{result["username"]}:#{result["password"]}") - report_auth_info( - :host => rhost, - :port => rport, - :sname => "Apache Rave", - :user => result["username"], - :pass => result["password"], - :active => result["enabled"] + report_cred( + ip: rhost, + port: rport, + service_name: 'Apache Rave', + user: result["username"], + password: result["password"], + proof: user_data ) } diff --git a/modules/auxiliary/gather/d20pass.rb b/modules/auxiliary/gather/d20pass.rb index 9ed0034a31..de42cb7159 100644 --- a/modules/auxiliary/gather/d20pass.rb +++ b/modules/auxiliary/gather/d20pass.rb @@ -182,6 +182,32 @@ class Metasploit3 < Msf::Auxiliary return res end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + # Parse the usernames, passwords, and security levels from the config # It's a little ugly (lots of hard-coded offsets). # The userdata starts at an offset dictated by the B014USERS config @@ -213,13 +239,13 @@ class Metasploit3 < Msf::Auxiliary break end logins << [accounttype, accountname, accountpass] - report_auth_info( - :host => datastore['RHOST'], - :port => 23, - :sname => "telnet", - :user => accountname, - :pass => accountpass, - :active => true + report_cred( + ip: datastore['RHOST'], + port: 23, + service_name: 'telnet', + user: accountname, + password: accountpass, + proof: accounttype ) end if not logins.rows.empty? diff --git a/modules/auxiliary/gather/doliwamp_traversal_creds.rb b/modules/auxiliary/gather/doliwamp_traversal_creds.rb index a922353060..ac02e16386 100644 --- a/modules/auxiliary/gather/doliwamp_traversal_creds.rb +++ b/modules/auxiliary/gather/doliwamp_traversal_creds.rb @@ -151,6 +151,32 @@ class Metasploit3 < Msf::Auxiliary get_session_tokens ? Exploit::CheckCode::Vulnerable : Exploit::CheckCode::Safe end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def run return unless tokens = get_session_tokens credentials = [] @@ -172,14 +198,14 @@ class Metasploit3 < Msf::Auxiliary 'Columns' => ['Username', 'Password', 'Admin', 'E-mail'] ) credentials.each do |record| - report_auth_info({ - :host => rhost, - :port => rport, - :sname => (ssl ? 'https' : 'http'), - :user => record[0], - :pass => record[1], - :source_type => 'vuln' - }) + report_cred( + ip: rhost, + port: rport, + service_name: (ssl ? 'https' : 'http'), + user: record[0], + password: record[1], + proof: @cookie + ) cred_table << [record[0], record[1], record[2], record[3]] end print_line diff --git a/modules/auxiliary/gather/hp_snac_domain_creds.rb b/modules/auxiliary/gather/hp_snac_domain_creds.rb index 4ff53b0ec7..7610799f2b 100644 --- a/modules/auxiliary/gather/hp_snac_domain_creds.rb +++ b/modules/auxiliary/gather/hp_snac_domain_creds.rb @@ -88,6 +88,34 @@ class Metasploit3 < Msf::Auxiliary return results end + + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + + def run print_status("#{peer} - Get Domain Info") @@ -121,14 +149,14 @@ class Metasploit3 < Msf::Auxiliary ) credentials.each do |record| - report_auth_info({ - :host => record[0], - :port => record[1], - :sname => record[2].downcase, - :user => record[3], - :pass => record[4], - :source_type => "vuln" - }) + report_cred( + ip: record[0], + port: record[1], + service_name: record[2].downcase, + user: record[3], + password: record[4], + proof: domain_info.inspect + ) cred_table << [record[0], record[3], record[4]] end diff --git a/modules/auxiliary/gather/vbulletin_vote_sqli.rb b/modules/auxiliary/gather/vbulletin_vote_sqli.rb index 1c28dfbf94..dbc12f74fc 100644 --- a/modules/auxiliary/gather/vbulletin_vote_sqli.rb +++ b/modules/auxiliary/gather/vbulletin_vote_sqli.rb @@ -145,6 +145,33 @@ class Metasploit3 < Msf::Auxiliary Msf::Exploit::CheckCode::Safe end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :nonreplayable_hash, + jtr_format: 'md5' + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def run print_status("#{peer} - Checking for a valid node id...") node_id = get_node @@ -171,15 +198,14 @@ class Metasploit3 < Msf::Auxiliary for i in 0..count_users user = get_user_data(node_id, i) unless user.join.empty? - report_auth_info({ - :host => rhost, - :port => rport, - :user => user[0], - :pass => user[1], - :type => "hash", - :sname => (ssl ? "https" : "http"), - :proof => "salt: #{user[2]}" # Using proof to store the hash salt - }) + report_cred( + ip: rhost, + port: rport, + user: user[0], + password: user[1], + service_name: (ssl ? "https" : "http"), + proof: "salt: #{user[2]}" + ) users_table << user end end diff --git a/modules/auxiliary/gather/windows_deployment_services_shares.rb b/modules/auxiliary/gather/windows_deployment_services_shares.rb index 6d25d5d1dd..c88ab1fc3f 100644 --- a/modules/auxiliary/gather/windows_deployment_services_shares.rb +++ b/modules/auxiliary/gather/windows_deployment_services_shares.rb @@ -198,6 +198,32 @@ class Metasploit3 < Msf::Auxiliary end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def parse_client_unattend(data) begin @@ -216,15 +242,13 @@ class Metasploit3 < Msf::Auxiliary end def report_creds(domain, user, pass) - report_auth_info( - :host => rhost, - :port => 445, - :sname => 'smb', - :proto => 'tcp', - :source_id => nil, - :source_type => "aux", - :user => "#{domain}\\#{user}", - :pass => pass + report_cred( + ip: rhost, + port: 445, + service_name: 'smb', + user: "#{domain}\\#{user}", + password: pass, + proof: domain ) end diff --git a/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb b/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb index dc014e4abe..907ecc4c5b 100644 --- a/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb +++ b/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb @@ -76,6 +76,34 @@ class Metasploit3 < Msf::Auxiliary nil end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :nonreplayable_hash, + jtr_format: 'md5,des' + }.merge(service_data) + + login_data = { + last_attempted_at: Time.now, + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def run_host(ip) users_found = false @@ -117,14 +145,13 @@ class Metasploit3 < Msf::Auxiliary unless match.nil? print_good("Username: #{match[0]}") print_good("Password Hash: #{match[1]}") - report_auth_info( - host: rhost, - port: rport, - sname: ssl ? 'https' : 'http', - user: match[0], - pass: match[1], - active: true, - type: 'hash' + report_cred( + ip: rhost, + port: rport, + service_name: ssl ? 'https' : 'http', + user: match[0], + password: match[1], + proof: result.body ) users_found = true end diff --git a/modules/auxiliary/scanner/couchdb/couchdb_login.rb b/modules/auxiliary/scanner/couchdb/couchdb_login.rb index 88caaa9995..5782874ac1 100644 --- a/modules/auxiliary/scanner/couchdb/couchdb_login.rb +++ b/modules/auxiliary/scanner/couchdb/couchdb_login.rb @@ -74,6 +74,32 @@ class Metasploit3 < Msf::Auxiliary vprint_error("'#{rhost}':'#{rport}' - Failed to connect to the web server") end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def do_login(user, pass) vprint_status("Trying username:'#{user}' with password:'#{pass}'") begin @@ -91,17 +117,14 @@ class Metasploit3 < Msf::Auxiliary return :skip_pass else vprint_good("#{rhost}:#{rport} - Successful login with. '#{user}' : '#{pass}'") - - report_hash = { - :host => datastore['RHOST'], - :port => datastore['RPORT'], - :sname => 'couchdb', - :user => user, - :pass => pass, - :active => true, - :type => 'password'} - - report_auth_info(report_hash) + report_cred( + ip: datastore['RHOST'], + port: datastore['RPORT'], + service_name: 'couchdb', + user: user, + password: pass, + proof: res.code.to_s + ) return :next_user end diff --git a/modules/auxiliary/scanner/dcerpc/windows_deployment_services.rb b/modules/auxiliary/scanner/dcerpc/windows_deployment_services.rb index 8bb5dfd750..d8f2d437cb 100644 --- a/modules/auxiliary/scanner/dcerpc/windows_deployment_services.rb +++ b/modules/auxiliary/scanner/dcerpc/windows_deployment_services.rb @@ -216,15 +216,40 @@ class Metasploit3 < Msf::Auxiliary print_status("Raw version of #{archi} saved as: #{p}") end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def report_creds(domain, user, pass) - report_auth_info( - :host => rhost, - :port => 4050, - :sname => 'dcerpc', - :proto => 'tcp', - :source_id => nil, - :source_type => "aux", - :user => "#{domain}\\#{user}", - :pass => pass) + report_cred( + ip: rhost, + port: 4050, + service_name: 'dcerpc', + user: "#{domain}\\#{user}", + password: pass, + proof: domain + ) end end diff --git a/modules/auxiliary/scanner/http/dell_idrac.rb b/modules/auxiliary/scanner/http/dell_idrac.rb index 71a0cc9d8d..0bbc7ecf82 100644 --- a/modules/auxiliary/scanner/http/dell_idrac.rb +++ b/modules/auxiliary/scanner/http/dell_idrac.rb @@ -69,22 +69,45 @@ class Metasploit3 < Msf::Auxiliary if(auth and auth.body.to_s.match(/[0|5]<\/authResult>/) != nil ) print_good("#{target_url} - SUCCESSFUL login for user '#{user}' with password '#{pass}'") - report_auth_info( - :host => rhost, - :port => rport, - :proto => 'tcp', - :sname => (ssl ? 'https' : 'http'), - :user => user, - :pass => pass, - :active => true, - :source_type => "user_supplied", - :duplicate_ok => true + report_cred( + ip: rhost, + port: rport, + service_name: (ssl ? 'https' : 'http'), + user: user, + password: pass, + proof: auth.body.to_s ) else print_error("#{target_url} - Dell iDRAC - Failed to login as '#{user}' with password '#{pass}'") end end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def run_host(ip) print_status("Verifying that login page exists at #{ip}") uri = normalize_uri(target_uri.path) diff --git a/modules/auxiliary/scanner/http/openmind_messageos_login.rb b/modules/auxiliary/scanner/http/openmind_messageos_login.rb index 31b186aaa1..f78d63b8c2 100644 --- a/modules/auxiliary/scanner/http/openmind_messageos_login.rb +++ b/modules/auxiliary/scanner/http/openmind_messageos_login.rb @@ -72,6 +72,32 @@ class Metasploit3 < Msf::Auxiliary end end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + # # Brute-force the login page # @@ -96,16 +122,14 @@ class Metasploit3 < Msf::Auxiliary if (res and res.code == 302 and res.headers['Location'].include?("frameset")) print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") - report_hash = { - :host => rhost, - :port => rport, - :sname => 'OpenMind Message-OS Provisioning Portal', - :user => user, - :pass => pass, - :active => true, - :type => 'password' - } - report_auth_info(report_hash) + report_cred( + ip: rhost, + port: rport, + service_name: 'OpenMind Message-OS Provisioning Portal', + user: user, + password: pass, + proof: res.headers['Location'] + ) return :next_user else vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}") diff --git a/modules/auxiliary/scanner/lotus/lotus_domino_login.rb b/modules/auxiliary/scanner/lotus/lotus_domino_login.rb index 1c30e026a7..c3e9ac94a5 100644 --- a/modules/auxiliary/scanner/lotus/lotus_domino_login.rb +++ b/modules/auxiliary/scanner/lotus/lotus_domino_login.rb @@ -33,6 +33,33 @@ class Metasploit3 < Msf::Auxiliary end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + last_attempted_at: Time.now, + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def do_login(user=nil,pass=nil) post_data = "username=#{Rex::Text.uri_encode(user.to_s)}&password=#{Rex::Text.uri_encode(pass.to_s)}&RedirectTo=%2Fnames.nsf" vprint_status("http://#{vhost}:#{rport} - Lotus Domino - Trying username:'#{user}' with password:'#{pass}'") @@ -48,15 +75,13 @@ class Metasploit3 < Msf::Auxiliary if res and res.code == 302 if res.get_cookies.match(/DomAuthSessId=(.*);(.*)/i) print_good("http://#{vhost}:#{rport} - Lotus Domino - SUCCESSFUL login for '#{user}' : '#{pass}'") - report_auth_info( - :host => rhost, - :port => rport, - :sname => (ssl ? "https" : "http"), - :user => user, - :pass => pass, - :proof => "WEBAPP=\"Lotus Domino\", VHOST=#{vhost}, COOKIE=#{res.get_cookies}", - :source_type => "user_supplied", - :active => true + report_cred( + ip: rhost, + port: rport, + service_name: (ssl ? "https" : "http"), + user: user, + password: pass, + proof: "WEBAPP=\"Lotus Domino\", VHOST=#{vhost}, COOKIE=#{res.get_cookies}" ) return :next_user end diff --git a/modules/auxiliary/scanner/misc/dvr_config_disclosure.rb b/modules/auxiliary/scanner/misc/dvr_config_disclosure.rb index 69c134e532..d58eb79314 100644 --- a/modules/auxiliary/scanner/misc/dvr_config_disclosure.rb +++ b/modules/auxiliary/scanner/misc/dvr_config_disclosure.rb @@ -200,18 +200,44 @@ class Metasploit3 < Msf::Auxiliary user_active = true end - report_auth_info({ - :host => rhost, - :port => rport, - :sname => 'dvr', - :duplicate_ok => false, - :user => user, - :pass => password, - :active => user_active - }) + report_cred( + ip: rhost, + port: rport, + service_name: 'dvr', + user: user, + password: password, + service_name: 'http', + proof: "user_id: #{user_id}, active: #{active}" + ) } end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def run_host(ip) res = send_request_cgi({ diff --git a/modules/auxiliary/scanner/oracle/isqlplus_login.rb b/modules/auxiliary/scanner/oracle/isqlplus_login.rb index 361abf11ae..fa717b7ec0 100644 --- a/modules/auxiliary/scanner/oracle/isqlplus_login.rb +++ b/modules/auxiliary/scanner/oracle/isqlplus_login.rb @@ -231,18 +231,46 @@ class Metasploit3 < Msf::Auxiliary ) end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def report_isqlauth_info(ip,user,pass,sid) ora_info = { - :host => ip, :port => rport, :proto => "tcp", - :pass => pass, :source_type => "user_supplied", - :active => true + ip: ip, + port: rport, + password: pass, + proof: sid.inspect, + service_name: 'tcp' } if sid.nil? || sid.empty? ora_info.merge! :user => user else ora_info.merge! :user => "#{sid}/#{user}" end - report_auth_info(ora_info) + report_cred(ora_info) end end diff --git a/modules/auxiliary/scanner/oracle/oracle_login.rb b/modules/auxiliary/scanner/oracle/oracle_login.rb index 1f98486f44..b733440c72 100644 --- a/modules/auxiliary/scanner/oracle/oracle_login.rb +++ b/modules/auxiliary/scanner/oracle/oracle_login.rb @@ -138,6 +138,32 @@ class Metasploit3 < Msf::Auxiliary m[1,2] end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: opts[:status], + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def parse_script_output(addr,port,output) msg = "#{addr}:#{port} - Oracle -" @oracle_reported = false @@ -156,10 +182,13 @@ class Metasploit3 < Msf::Auxiliary user,pass = extract_creds(oline) pass = "" if pass == "" print_good "#{msg} Success: #{user}:#{pass} (SID: #{sid})" - report_auth_info( - :host => addr, :port => port, :proto => "tcp", - :user => "#{sid}/#{user}", :pass => pass, - :source_type => "user_supplied", :active => true + report_cred( + ip: addr, + port: port, + user: "#{sid}/#{user}", + password: pass, + service_name: 'tcp', + status: Metasploit::Model::Login::Status::SUCCESSFUL ) elsif oline =~ /Account locked/ if not @oracle_reported @@ -169,10 +198,12 @@ class Metasploit3 < Msf::Auxiliary end user = extract_creds(oline)[0] print_status "#{msg} Locked: #{user} (SID: #{sid}) -- account valid but locked" - report_auth_info( - :host => addr, :port => port, :proto => "tcp", - :user => "#{sid}/#{user}", - :source_type => "user_supplied", :active => false + report_cred( + ip: addr, + port: port, + user: "#{sid}/#{user}", + service_name: 'tcp', + status: Metasploit::Model::Login::Status::DENIED_ACCESS ) elsif oline =~ /^\s+ERROR: (.*)/ print_error "#{msg} NSE script error: #{$1}" diff --git a/modules/auxiliary/scanner/postgres/postgres_version.rb b/modules/auxiliary/scanner/postgres/postgres_version.rb index 50ce748fc4..8a2bea7d9c 100644 --- a/modules/auxiliary/scanner/postgres/postgres_version.rb +++ b/modules/auxiliary/scanner/postgres/postgres_version.rb @@ -50,6 +50,32 @@ class Metasploit3 < Msf::Auxiliary datastore['RPORT'] end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def do_fingerprint(user=nil,pass=nil,database=nil) begin msg = "#{rhost}:#{rport} Postgres -" @@ -79,13 +105,13 @@ class Metasploit3 < Msf::Auxiliary ) if self.postgres_conn - report_auth_info( - :host => rhost, - :port => rport, - :sname => "postgres", - :user => user, - :pass => password, - :active => true + report_cred( + ip: rhost, + port: rport, + service_name: 'postgres', + user: user, + password: password, + proof: "postgres_conn = #{self.postgres_conn.inspect}" ) end diff --git a/modules/auxiliary/scanner/rservices/rsh_login.rb b/modules/auxiliary/scanner/rservices/rsh_login.rb index 7bb64ca213..8892b023d5 100644 --- a/modules/auxiliary/scanner/rservices/rsh_login.rb +++ b/modules/auxiliary/scanner/rservices/rsh_login.rb @@ -220,6 +220,31 @@ class Metasploit3 < Msf::Auxiliary [ sd, lport ] end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end def start_rsh_session(host, port, user, luser, proof, stderr_sock) report_auth_info( diff --git a/modules/auxiliary/scanner/sap/sap_ctc_verb_tampering_user_mgmt.rb b/modules/auxiliary/scanner/sap/sap_ctc_verb_tampering_user_mgmt.rb index 91fad86182..3bff4eaa56 100644 --- a/modules/auxiliary/scanner/sap/sap_ctc_verb_tampering_user_mgmt.rb +++ b/modules/auxiliary/scanner/sap/sap_ctc_verb_tampering_user_mgmt.rb @@ -68,22 +68,49 @@ class Metasploit4 < Msf::Auxiliary vprint_status("#{rhost}:#{rport} - Adding User to Group...") uri = '/ctc/ConfigServlet?param=com.sap.ctc.util.UserConfig;ADD_USER_TO_GROUP;USERNAME=' + datastore['USERNAME'] + ',GROUPNAME=' + datastore['GROUP'] - if send_request(uri) + res = send_request(uri) + if res print_good("#{rhost}:#{rport} - User #{datastore['USERNAME']} added to group #{datastore['GROUP']}") else return end - report_auth_info( - :host => rhost, - :port => rport, - :user => datastore['USERNAME'], - :pass => datastore['PASSWORD'], - :ptype => "password", - :active => true + report_cred( + ip: rhost, + port: rport, + service_name: 'sap', + user: datastore['USERNAME'], + pass: datastore['PASSWORD'], + proof: res.body ) end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def send_request(uri) begin res = send_request_cgi({ diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb index 17423458d1..b7543c4122 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb @@ -61,6 +61,32 @@ class Metasploit4 < Msf::Auxiliary end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def enum_user(user, pass, uri) # Replace placeholder with SAP SID, if present @@ -140,16 +166,13 @@ class Metasploit4 < Msf::Auxiliary vprint_error("#{peer} [SAP] Login '#{user}' NOT authorized to perform OSExecute calls") end - report_auth_info( - :host => rhost, - :sname => 'sap-managementconsole', - :proto => 'tcp', - :port => rport, - :user => user, - :pass => pass, - :source_type => "user_supplied", - :target_host => rhost, - :target_port => rport + report_cred( + ip: rhost, + port: port, + user: user, + password: pass, + service_name: 'sap-managementconsole', + proof: res.body ) else vprint_error("#{peer} [SAP] failed to login as '#{user}':'#{pass}'") diff --git a/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb b/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb index fe6c3acb6d..1ae343ea5b 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb @@ -124,7 +124,7 @@ class Metasploit4 < Msf::Auxiliary return else print_good("[SAP] #{ip}:#{rport} - User '#{datastore['BAPI_USER']}' with password '#{datastore['BAPI_PASSWORD']}' created") - report_auth_info( + report_auth( ip: ip, port: rport, service_name: 'sap', diff --git a/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb b/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb index b3943cb4fb..da87cb4613 100644 --- a/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb +++ b/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb @@ -397,6 +397,33 @@ class Metasploit3 < Msf::Exploit::Remote create_credential_login(login_data) end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :nonreplayable_hash, + jtr_format: 'md5,raw-md5' + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def exploit print_status("#{peer} - Checking for a valid node id...") node_id = get_node @@ -417,6 +444,14 @@ class Metasploit3 < Msf::Exploit::Remote for i in 0..count_users - 1 user = get_user_data(node_id, i) + report_cred( + ip: rhost, + port: rport, + user: user[0], + password: user[1], + service_name: (ssl ? "https" : "http"), + proof: "salt: #{user[2]}" + ) report_auth_info({ :host => rhost, :port => rport, diff --git a/modules/post/linux/gather/mount_cifs_creds.rb b/modules/post/linux/gather/mount_cifs_creds.rb index 7378f2a109..3dd504f162 100644 --- a/modules/post/linux/gather/mount_cifs_creds.rb +++ b/modules/post/linux/gather/mount_cifs_creds.rb @@ -47,10 +47,10 @@ class Metasploit3 < Msf::Post cred = {} # if the fstab line utilizies the credentials= option, read the credentials from that file if (fstab_line =~ /\/\/([^\/]+)\/\S+\s+\S+\s+cifs\s+.*/) - host = $1 + cred[:host] = $1 # IPs can occur using the ip option, which is a backup/alternative # to letting UNC resolution do its thing - host = $1 if (fstab_line =~ /ip=([^, ]+)/) + cred[:host] = $1 if (fstab_line =~ /ip=([^, ]+)/) if (fstab_line =~ /cred(?:entials)?=([^, ]+)/) file = $1 # skip if we've already parsed this credentials file @@ -58,11 +58,13 @@ class Metasploit3 < Msf::Post # store it if we haven't cred_files << file # parse the credentials - creds << parse_credentials_file(file) + cred.merge!(parse_credentials_file(file)) # if the credentials are directly in /etc/fstab, parse them elsif (fstab_line =~ /\/\/([^\/]+)\/\S+\s+\S+\s+cifs\s+.*(?:user(?:name)?|pass(?:word)?)=/) - creds << parse_fstab_credentials(fstab_line) + cred.merge!(parse_fstab_credentials(fstab_line)) end + + creds << cred end end @@ -71,10 +73,15 @@ class Metasploit3 < Msf::Post creds.compact! creds.uniq! creds.each do |cred| - # XXX: currently, you can only report_auth_info on an IP or a valid Host. in our case, - # host[:host] is *not* a Host. Fix this some day. if (Rex::Socket.dotted_ip?(cred[:host])) - report_auth_info({ :port => 445, :sname => 'smb', :type => 'password', :active => true }.merge(cred)) + report_cred( + ip: cred[:host], + port: 445, + service_name: 'smb', + user: cred[:user], + password: cred[:pass], + proof: '/etc/fstab' + ) end cred_table << [ cred[:user], cred[:pass], cred[:host], cred[:file] ] end @@ -93,8 +100,37 @@ class Metasploit3 < Msf::Post end end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :session, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password, + module_fullname: fullname, + session_id: session_db_id, + post_reference_name: self.refname + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + # Parse mount.cifs credentials from +line+, assumed to be a line from /etc/fstab. - # Returns the username+domain and password as a hash, nil if nothing is found. + # Returns the username+domain and password as a hash. def parse_fstab_credentials(line, file="/etc/fstab") creds = {} # get the username option, which comes in one of four ways @@ -123,11 +159,12 @@ class Metasploit3 < Msf::Post creds[:user] = "#{$1}\\#{creds[:user]}" if (line =~ /dom(?:ain)?=([^, ]+)/) creds[:file] = file unless (creds.empty?) - (creds.empty? ? nil : creds) + + creds end # Parse mount.cifs credentials from +file+, returning the username+domain and password - # as a hash, nil if nothing is found. + # as a hash. def parse_credentials_file(file) creds = {} domain = nil @@ -145,6 +182,6 @@ class Metasploit3 < Msf::Post creds[:user] = "#{domain}\\#{creds[:user]}" if (domain and creds[:user]) creds[:file] = file unless (creds.empty?) - (creds.empty? ? nil : creds) + creds end end diff --git a/test/modules/auxiliary/test/report_auth_info.rb b/test/modules/auxiliary/test/report_auth_info.rb index ef63d59539..256f549059 100644 --- a/test/modules/auxiliary/test/report_auth_info.rb +++ b/test/modules/auxiliary/test/report_auth_info.rb @@ -359,7 +359,126 @@ class Metasploit3 < Msf::Auxiliary mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'sap', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end - + def test_mount_cifs_creds + mod = framework.post.create('linux/gather/mount_cifs_creds') + mock_post_mod_session(mod) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'smb', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_mysql_enum + mod = framework.auxiliary.create('admin/mysql/mysql_enum') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'mysql', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_jtr_oracle_fast + mod = framework.auxiliary.create('analyze/jtr_oracle_fast') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'oracle', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_vbulletin_vote_sqli_exec + mod = framework.exploits.create('unix/webapp/vbulletin_vote_sqli_exec') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_sap_mgmt_con_brute_login + mod = framework.auxiliary.create('scanner/sap/sap_mgmt_con_brute_login') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_sap_ctc_verb_tampering_user_mgmt + mod = framework.auxiliary.create('scanner/sap/sap_ctc_verb_tampering_user_mgmt') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_scanner_oracle_login + mod = framework.auxiliary.create('scanner/oracle/oracle_login') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'tcp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF, status: Metasploit::Model::Login::Status::SUCCESSFUL) + end + + def test_isqlplus_login + mod = framework.auxiliary.create('scanner/oracle/isqlplus_login') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'tcp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_dvr_config_disclosure + mod = framework.auxiliary.create('scanner/misc/dvr_config_disclosure') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_lotus_domino_login + mod = framework.auxiliary.create('scanner/lotus/lotus_domino_login') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_openmind_messageos_login + mod = framework.auxiliary.create('scanner/http/openmind_messageos_login') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_dell_idrac + mod = framework.auxiliary.create('scanner/http/dell_idrac') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_windows_deployment_services + mod = framework.auxiliary.create('scanner/dcerpc/windows_deployment_services') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'dcerpc', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_couchdb_login + mod = framework.auxiliary.create('scanner/couchdb/couchdb_login') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'couchdb', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_wp_w3_total_cache_hash_extract + mod = framework.auxiliary.create('gather/wp_w3_total_cache_hash_extract') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_windows_deployment_services_shares + mod = framework.auxiliary.create('gather/windows_deployment_services_shares') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'smb', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_vbulletin_vote_sqli + mod = framework.auxiliary.create('gather/vbulletin_vote_sqli') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_hp_snac_domain_creds + mod = framework.auxiliary.create('gather/hp_snac_domain_creds') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'hp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_d20pass + mod = framework.auxiliary.create('gather/d20pass') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'hp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_doliwamp_traversal_creds + mod = framework.auxiliary.create('gather/doliwamp_traversal_creds') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'hp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_apache_rave_creds + mod = framework.auxiliary.create('gather/apache_rave_creds') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'Apache Rave', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_wordpress_long_password_dos + mod = framework.auxiliary.create('dos/http/wordpress_long_password_dos') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, proof: FAKE_PROOF) + end + + def test_modicon_password_recovery + mod = framework.auxiliary.create('admin/scada/modicon_password_recovery') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_advantech_webaccess_dbvisitor_sqli + mod = framework.auxiliary.create('admin/scada/advantech_webaccess_dbvisitor_sqli') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end def run counter_all = 0 @@ -389,4 +508,8 @@ class Metasploit3 < Msf::Auxiliary print_line end + def mock_post_mod_session(mod) + mod.define_singleton_method(:session_db_id) { 1 } + end + end