infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #5935, final creds refactor

bug/bundler_fix
William Vu 2015-10-01 00:25:14 -05:00
parent 786273e0f8 8866b15f3b
commit 2e2d27d53a
No known key found for this signature in database
GPG Key ID: 68BD00CE25866743
28 changed files with 1020 additions and 203 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
modules/auxiliary/admin/mysql/mysql_enum.rb
View File

@ -27,6 +27,33 @@ class Metasploit3 < Msf::Auxiliary
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash,
jtr_format: 'mysql,mysql-sha1'
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def run def run
return if not mysql_login_datastore return if not mysql_login_datastore
print_status("Running MySQL Enumerator...") print_status("Running MySQL Enumerator...")
@ -86,15 +113,14 @@ class Metasploit3 < Msf::Auxiliary
print_status("\tList of Accounts with Password Hashes:") print_status("\tList of Accounts with Password Hashes:")
res.each do |row| res.each do |row|
print_status("\t\tUser: #{row[0]} Host: #{row[1]} Password Hash: #{row[2]}") print_status("\t\tUser: #{row[0]} Host: #{row[1]} Password Hash: #{row[2]}")
report_auth_info({ report_cred(
:host => rhost, ip: rhost,
:port => rport, port: rport,
:user => row[0], user: row[0],
:pass => row[2], password: row[2],
:type => "mysql_hash", service_name: 'mysql',
:sname => "mysql", proof: row.inspect
:active => true )
})
end end
end end
# Only list accounts that can log in with SSL if SSL is enabled # Only list accounts that can log in with SSL if SSL is enabled

43
modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb
View File

@ -175,15 +175,14 @@ class Metasploit3 < Msf::Auxiliary
@plain_passwords[i] << " (ISO-8859-1 hex chars)" @plain_passwords[i] << " (ISO-8859-1 hex chars)"
end end
report_auth_info({ report_cred(
:host => rhost, ip: rhost,
:port => rport, port: rport,
:user => @users[i][0], user: @users[i][0],
:pass => @plain_passwords[i], password: @plain_passwords[i],
:type => "password", service_name: (ssl ? "https" : "http"),
:sname => (ssl ? "https" : "http"), proof: "Leaked encrypted password from #{@users[i][3]}: #{@users[i][1]}:#{@users[i][2]}"
:proof => "Leaked encrypted password from #{@users[i][3]}: #{@users[i][1]}:#{@users[i][2]}" )
})
users_table << [@users[i][0], @users[i][1], @users[i][2], @plain_passwords[i], user_type(@users[i][3])] users_table << [@users[i][0], @users[i][1], @users[i][2], @plain_passwords[i], user_type(@users[i][3])]
end end
@ -191,6 +190,32 @@ class Metasploit3 < Msf::Auxiliary
print_line(users_table.to_s) print_line(users_table.to_s)
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def user_type(database) def user_type(database)
user_type = database user_type = database

45
modules/auxiliary/admin/scada/modicon_password_recovery.rb
View File

@ -90,18 +90,45 @@ class Metasploit3 < Msf::Auxiliary
end end
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
last_attempted_at: Time.now,
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::SUCCESSFUL,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def setup_ftp_connection def setup_ftp_connection
vprint_status "#{ip}:#{rport} - FTP - Connecting" vprint_status "#{ip}:#{rport} - FTP - Connecting"
if connect_login() conn = connect_login
if conn
print_status("#{ip}:#{rport} - FTP - Login succeeded") print_status("#{ip}:#{rport} - FTP - Login succeeded")
report_auth_info( report_cred(
:host => ip, ip: ip,
:port => rport, port: rport,
:proto => 'tcp', user: user,
:user => user, password: pass,
:pass => pass, service_name: 'modicon',
:ptype => 'password_ro', proof: "connect_login: #{conn}"
:active => true
) )
return true return true
else else

41
modules/auxiliary/analyze/jtr_oracle_fast.rb
View File

@ -37,6 +37,33 @@ class Metasploit3 < Msf::Auxiliary
crack("oracle11g") crack("oracle11g")
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash,
jtr_format: opts[:format]
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def crack(format) def crack(format)
@ -71,12 +98,14 @@ class Metasploit3 < Msf::Auxiliary
print_status("#{cracked[:cracked]} hashes were cracked!") print_status("#{cracked[:cracked]} hashes were cracked!")
cracked[:users].each_pair do |k,v| cracked[:users].each_pair do |k,v|
print_good("Host: #{v[1]} Port: #{v[2]} User: #{k} Pass: #{v[0]}") print_good("Host: #{v[1]} Port: #{v[2]} User: #{k} Pass: #{v[0]}")
report_auth_info( report_cred(
:host => v[1], ip: v[1],
:port => v[2], port: v[2],
:sname => 'oracle', service_name: 'oracle',
:user => k, user: k,
:pass => v[0] pass: v[0],
format: format,
proof: cracked.inspect
) )
end end
end end

37
modules/auxiliary/dos/http/wordpress_long_password_dos.rb
View File

@ -68,16 +68,41 @@ class Metasploit3 < Msf::Auxiliary
datastore['TIMEOUT'] datastore['TIMEOUT']
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user]
}.merge(service_data)
login_data = {
last_attempted_at: DateTime.now,
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::SUCCESSFUL,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def user_exists(user) def user_exists(user)
exists = wordpress_user_exists?(user) exists = wordpress_user_exists?(user)
if exists if exists
print_good("#{peer} - Username \"#{username}\" is valid") print_good("#{peer} - Username \"#{username}\" is valid")
report_auth_info( report_cred(
:host => rhost, ip: rhost,
:sname => (ssl ? 'https' : 'http'), port: rport,
:user => user, user: user,
:port => rport, service_name: (ssl ? 'https' : 'http'),
:proof => "WEBAPP=\"Wordpress\", VHOST=#{vhost}" proof: "WEBAPP=\"Wordpress\", VHOST=#{vhost}"
) )
return true return true

41
modules/auxiliary/gather/apache_rave_creds.rb
View File

@ -103,6 +103,33 @@ class Metasploit3 < Msf::Auxiliary
} }
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def run def run
print_status("#{rhost}:#{rport} - Fingerprinting...") print_status("#{rhost}:#{rport} - Fingerprinting...")
@ -183,13 +210,13 @@ class Metasploit3 < Msf::Auxiliary
print_status("#{rhost}:#{rport} - Recovering Hashes...") print_status("#{rhost}:#{rport} - Recovering Hashes...")
json_info["result"]["resultSet"].each { |result| json_info["result"]["resultSet"].each { |result|
print_good("#{rhost}:#{rport} - Found cred: #{result["username"]}:#{result["password"]}") print_good("#{rhost}:#{rport} - Found cred: #{result["username"]}:#{result["password"]}")
report_auth_info( report_cred(
:host => rhost, ip: rhost,
:port => rport, port: rport,
:sname => "Apache Rave", service_name: 'Apache Rave',
:user => result["username"], user: result["username"],
:pass => result["password"], password: result["password"],
:active => result["enabled"] proof: user_data
) )
} }

40
modules/auxiliary/gather/d20pass.rb
View File

@ -182,6 +182,32 @@ class Metasploit3 < Msf::Auxiliary
return res return res
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
# Parse the usernames, passwords, and security levels from the config # Parse the usernames, passwords, and security levels from the config
# It's a little ugly (lots of hard-coded offsets). # It's a little ugly (lots of hard-coded offsets).
# The userdata starts at an offset dictated by the B014USERS config # The userdata starts at an offset dictated by the B014USERS config
@ -213,13 +239,13 @@ class Metasploit3 < Msf::Auxiliary
break break
end end
logins << [accounttype, accountname, accountpass] logins << [accounttype, accountname, accountpass]
report_auth_info( report_cred(
:host => datastore['RHOST'], ip: datastore['RHOST'],
:port => 23, port: 23,
:sname => "telnet", service_name: 'telnet',
:user => accountname, user: accountname,
:pass => accountpass, password: accountpass,
:active => true proof: accounttype
) )
end end
if not logins.rows.empty? if not logins.rows.empty?

42
modules/auxiliary/gather/doliwamp_traversal_creds.rb
View File

@ -151,6 +151,32 @@ class Metasploit3 < Msf::Auxiliary
get_session_tokens ? Exploit::CheckCode::Vulnerable : Exploit::CheckCode::Safe get_session_tokens ? Exploit::CheckCode::Vulnerable : Exploit::CheckCode::Safe
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def run def run
return unless tokens = get_session_tokens return unless tokens = get_session_tokens
credentials = [] credentials = []
@ -172,14 +198,14 @@ class Metasploit3 < Msf::Auxiliary
'Columns' => ['Username', 'Password', 'Admin', 'E-mail'] 'Columns' => ['Username', 'Password', 'Admin', 'E-mail']
) )
credentials.each do |record| credentials.each do |record|
report_auth_info({ report_cred(
:host => rhost, ip: rhost,
:port => rport, port: rport,
:sname => (ssl ? 'https' : 'http'), service_name: (ssl ? 'https' : 'http'),
:user => record[0], user: record[0],
:pass => record[1], password: record[1],
:source_type => 'vuln' proof: @cookie
}) )
cred_table << [record[0], record[1], record[2], record[3]] cred_table << [record[0], record[1], record[2], record[3]]
end end
print_line print_line

44
modules/auxiliary/gather/hp_snac_domain_creds.rb
View File

@ -88,6 +88,34 @@ class Metasploit3 < Msf::Auxiliary
return results return results
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def run def run
print_status("#{peer} - Get Domain Info") print_status("#{peer} - Get Domain Info")
@ -121,14 +149,14 @@ class Metasploit3 < Msf::Auxiliary
) )
credentials.each do |record| credentials.each do |record|
report_auth_info({ report_cred(
:host => record[0], ip: record[0],
:port => record[1], port: record[1],
:sname => record[2].downcase, service_name: record[2].downcase,
:user => record[3], user: record[3],
:pass => record[4], password: record[4],
:source_type => "vuln" proof: domain_info.inspect
}) )
cred_table << [record[0], record[3], record[4]] cred_table << [record[0], record[3], record[4]]
end end

44
modules/auxiliary/gather/vbulletin_vote_sqli.rb
View File

@ -145,6 +145,33 @@ class Metasploit3 < Msf::Auxiliary
Msf::Exploit::CheckCode::Safe Msf::Exploit::CheckCode::Safe
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash,
jtr_format: 'md5'
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def run def run
print_status("#{peer} - Checking for a valid node id...") print_status("#{peer} - Checking for a valid node id...")
node_id = get_node node_id = get_node
@ -171,15 +198,14 @@ class Metasploit3 < Msf::Auxiliary
for i in 0..count_users for i in 0..count_users
user = get_user_data(node_id, i) user = get_user_data(node_id, i)
unless user.join.empty? unless user.join.empty?
report_auth_info({ report_cred(
:host => rhost, ip: rhost,
:port => rport, port: rport,
:user => user[0], user: user[0],
:pass => user[1], password: user[1],
:type => "hash", service_name: (ssl ? "https" : "http"),
:sname => (ssl ? "https" : "http"), proof: "salt: #{user[2]}"
:proof => "salt: #{user[2]}" # Using proof to store the hash salt )
})
users_table << user users_table << user
end end
end end

42
modules/auxiliary/gather/windows_deployment_services_shares.rb
View File

@ -198,6 +198,32 @@ class Metasploit3 < Msf::Auxiliary
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def parse_client_unattend(data) def parse_client_unattend(data)
begin begin
@ -216,15 +242,13 @@ class Metasploit3 < Msf::Auxiliary
end end
def report_creds(domain, user, pass) def report_creds(domain, user, pass)
report_auth_info( report_cred(
:host => rhost, ip: rhost,
:port => 445, port: 445,
:sname => 'smb', service_name: 'smb',
:proto => 'tcp', user: "#{domain}\\#{user}",
:source_id => nil, password: pass,
:source_type => "aux", proof: domain
:user => "#{domain}\\#{user}",
:pass => pass
) )
end end

43
modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb
View File

@ -76,6 +76,34 @@ class Metasploit3 < Msf::Auxiliary
nil nil
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash,
jtr_format: 'md5,des'
}.merge(service_data)
login_data = {
last_attempted_at: Time.now,
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::SUCCESSFUL,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def run_host(ip) def run_host(ip)
users_found = false users_found = false
@ -117,14 +145,13 @@ class Metasploit3 < Msf::Auxiliary
unless match.nil? unless match.nil?
print_good("Username: #{match[0]}") print_good("Username: #{match[0]}")
print_good("Password Hash: #{match[1]}") print_good("Password Hash: #{match[1]}")
report_auth_info( report_cred(
host: rhost, ip: rhost,
port: rport, port: rport,
sname: ssl ? 'https' : 'http', service_name: ssl ? 'https' : 'http',
user: match[0], user: match[0],
pass: match[1], password: match[1],
active: true, proof: result.body
type: 'hash'
) )
users_found = true users_found = true
end end

45
modules/auxiliary/scanner/couchdb/couchdb_login.rb
View File

@ -74,6 +74,32 @@ class Metasploit3 < Msf::Auxiliary
vprint_error("'#{rhost}':'#{rport}' - Failed to connect to the web server") vprint_error("'#{rhost}':'#{rport}' - Failed to connect to the web server")
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def do_login(user, pass) def do_login(user, pass)
vprint_status("Trying username:'#{user}' with password:'#{pass}'") vprint_status("Trying username:'#{user}' with password:'#{pass}'")
begin begin
@ -91,17 +117,14 @@ class Metasploit3 < Msf::Auxiliary
return :skip_pass return :skip_pass
else else
vprint_good("#{rhost}:#{rport} - Successful login with. '#{user}' : '#{pass}'") vprint_good("#{rhost}:#{rport} - Successful login with. '#{user}' : '#{pass}'")
report_cred(
report_hash = { ip: datastore['RHOST'],
:host => datastore['RHOST'], port: datastore['RPORT'],
:port => datastore['RPORT'], service_name: 'couchdb',
:sname => 'couchdb', user: user,
:user => user, password: pass,
:pass => pass, proof: res.code.to_s
:active => true, )
:type => 'password'}
report_auth_info(report_hash)
return :next_user return :next_user
end end

43
modules/auxiliary/scanner/dcerpc/windows_deployment_services.rb
View File

@ -216,15 +216,40 @@ class Metasploit3 < Msf::Auxiliary
print_status("Raw version of #{archi} saved as: #{p}") print_status("Raw version of #{archi} saved as: #{p}")
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def report_creds(domain, user, pass) def report_creds(domain, user, pass)
report_auth_info( report_cred(
:host => rhost, ip: rhost,
:port => 4050, port: 4050,
:sname => 'dcerpc', service_name: 'dcerpc',
:proto => 'tcp', user: "#{domain}\\#{user}",
:source_id => nil, password: pass,
:source_type => "aux", proof: domain
:user => "#{domain}\\#{user}", )
:pass => pass)
end end
end end

43
modules/auxiliary/scanner/http/dell_idrac.rb
View File

@ -69,22 +69,45 @@ class Metasploit3 < Msf::Auxiliary
if(auth and auth.body.to_s.match(/<authResult>[0|5]<\/authResult>/) != nil ) if(auth and auth.body.to_s.match(/<authResult>[0|5]<\/authResult>/) != nil )
print_good("#{target_url} - SUCCESSFUL login for user '#{user}' with password '#{pass}'") print_good("#{target_url} - SUCCESSFUL login for user '#{user}' with password '#{pass}'")
report_auth_info( report_cred(
:host => rhost, ip: rhost,
:port => rport, port: rport,
:proto => 'tcp', service_name: (ssl ? 'https' : 'http'),
:sname => (ssl ? 'https' : 'http'), user: user,
:user => user, password: pass,
:pass => pass, proof: auth.body.to_s
:active => true,
:source_type => "user_supplied",
:duplicate_ok => true
) )
else else
print_error("#{target_url} - Dell iDRAC - Failed to login as '#{user}' with password '#{pass}'") print_error("#{target_url} - Dell iDRAC - Failed to login as '#{user}' with password '#{pass}'")
end end
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::SUCCESSFUL,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def run_host(ip) def run_host(ip)
print_status("Verifying that login page exists at #{ip}") print_status("Verifying that login page exists at #{ip}")
uri = normalize_uri(target_uri.path) uri = normalize_uri(target_uri.path)

44
modules/auxiliary/scanner/http/openmind_messageos_login.rb
View File

@ -72,6 +72,32 @@ class Metasploit3 < Msf::Auxiliary
end end
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::SUCCESSFUL,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
# #
# Brute-force the login page # Brute-force the login page
# #
@ -96,16 +122,14 @@ class Metasploit3 < Msf::Auxiliary
if (res and res.code == 302 and res.headers['Location'].include?("frameset")) if (res and res.code == 302 and res.headers['Location'].include?("frameset"))
print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")
report_hash = { report_cred(
:host => rhost, ip: rhost,
:port => rport, port: rport,
:sname => 'OpenMind Message-OS Provisioning Portal', service_name: 'OpenMind Message-OS Provisioning Portal',
:user => user, user: user,
:pass => pass, password: pass,
:active => true, proof: res.headers['Location']
:type => 'password' )
}
report_auth_info(report_hash)
return :next_user return :next_user
else else
vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}") vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}")

43
modules/auxiliary/scanner/lotus/lotus_domino_login.rb
View File

@ -33,6 +33,33 @@ class Metasploit3 < Msf::Auxiliary
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
last_attempted_at: Time.now,
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::SUCCESSFUL,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def do_login(user=nil,pass=nil) def do_login(user=nil,pass=nil)
post_data = "username=#{Rex::Text.uri_encode(user.to_s)}&password=#{Rex::Text.uri_encode(pass.to_s)}&RedirectTo=%2Fnames.nsf" post_data = "username=#{Rex::Text.uri_encode(user.to_s)}&password=#{Rex::Text.uri_encode(pass.to_s)}&RedirectTo=%2Fnames.nsf"
vprint_status("http://#{vhost}:#{rport} - Lotus Domino - Trying username:'#{user}' with password:'#{pass}'") vprint_status("http://#{vhost}:#{rport} - Lotus Domino - Trying username:'#{user}' with password:'#{pass}'")
@ -48,15 +75,13 @@ class Metasploit3 < Msf::Auxiliary
if res and res.code == 302 if res and res.code == 302
if res.get_cookies.match(/DomAuthSessId=(.*);(.*)/i) if res.get_cookies.match(/DomAuthSessId=(.*);(.*)/i)
print_good("http://#{vhost}:#{rport} - Lotus Domino - SUCCESSFUL login for '#{user}' : '#{pass}'") print_good("http://#{vhost}:#{rport} - Lotus Domino - SUCCESSFUL login for '#{user}' : '#{pass}'")
report_auth_info( report_cred(
:host => rhost, ip: rhost,
:port => rport, port: rport,
:sname => (ssl ? "https" : "http"), service_name: (ssl ? "https" : "http"),
:user => user, user: user,
:pass => pass, password: pass,
:proof => "WEBAPP=\"Lotus Domino\", VHOST=#{vhost}, COOKIE=#{res.get_cookies}", proof: "WEBAPP=\"Lotus Domino\", VHOST=#{vhost}, COOKIE=#{res.get_cookies}"
:source_type => "user_supplied",
:active => true
) )
return :next_user return :next_user
end end

44
modules/auxiliary/scanner/misc/dvr_config_disclosure.rb
View File

@ -200,18 +200,44 @@ class Metasploit3 < Msf::Auxiliary
user_active = true user_active = true
end end
report_auth_info({ report_cred(
:host => rhost, ip: rhost,
:port => rport, port: rport,
:sname => 'dvr', service_name: 'dvr',
:duplicate_ok => false, user: user,
:user => user, password: password,
:pass => password, service_name: 'http',
:active => user_active proof: "user_id: #{user_id}, active: #{active}"
}) )
} }
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def run_host(ip) def run_host(ip)
res = send_request_cgi({ res = send_request_cgi({

36
modules/auxiliary/scanner/oracle/isqlplus_login.rb
View File

@ -231,18 +231,46 @@ class Metasploit3 < Msf::Auxiliary
) )
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def report_isqlauth_info(ip,user,pass,sid) def report_isqlauth_info(ip,user,pass,sid)
ora_info = { ora_info = {
:host => ip, :port => rport, :proto => "tcp", ip: ip,
:pass => pass, :source_type => "user_supplied", port: rport,
:active => true password: pass,
proof: sid.inspect,
service_name: 'tcp'
} }
if sid.nil? || sid.empty? if sid.nil? || sid.empty?
ora_info.merge! :user => user ora_info.merge! :user => user
else else
ora_info.merge! :user => "#{sid}/#{user}" ora_info.merge! :user => "#{sid}/#{user}"
end end
report_auth_info(ora_info) report_cred(ora_info)
end end
end end

47
modules/auxiliary/scanner/oracle/oracle_login.rb
View File

@ -138,6 +138,32 @@ class Metasploit3 < Msf::Auxiliary
m[1,2] m[1,2]
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: opts[:status],
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def parse_script_output(addr,port,output) def parse_script_output(addr,port,output)
msg = "#{addr}:#{port} - Oracle -" msg = "#{addr}:#{port} - Oracle -"
@oracle_reported = false @oracle_reported = false
@ -156,10 +182,13 @@ class Metasploit3 < Msf::Auxiliary
user,pass = extract_creds(oline) user,pass = extract_creds(oline)
pass = "" if pass == "<empty>" pass = "" if pass == "<empty>"
print_good "#{msg} Success: #{user}:#{pass} (SID: #{sid})" print_good "#{msg} Success: #{user}:#{pass} (SID: #{sid})"
report_auth_info( report_cred(
:host => addr, :port => port, :proto => "tcp", ip: addr,
:user => "#{sid}/#{user}", :pass => pass, port: port,
:source_type => "user_supplied", :active => true user: "#{sid}/#{user}",
password: pass,
service_name: 'tcp',
status: Metasploit::Model::Login::Status::SUCCESSFUL
) )
elsif oline =~ /Account locked/ elsif oline =~ /Account locked/
if not @oracle_reported if not @oracle_reported
@ -169,10 +198,12 @@ class Metasploit3 < Msf::Auxiliary
end end
user = extract_creds(oline)[0] user = extract_creds(oline)[0]
print_status "#{msg} Locked: #{user} (SID: #{sid}) -- account valid but locked" print_status "#{msg} Locked: #{user} (SID: #{sid}) -- account valid but locked"
report_auth_info( report_cred(
:host => addr, :port => port, :proto => "tcp", ip: addr,
:user => "#{sid}/#{user}", port: port,
:source_type => "user_supplied", :active => false user: "#{sid}/#{user}",
service_name: 'tcp',
status: Metasploit::Model::Login::Status::DENIED_ACCESS
) )
elsif oline =~ /^\s+ERROR: (.*)/ elsif oline =~ /^\s+ERROR: (.*)/
print_error "#{msg} NSE script error: #{$1}" print_error "#{msg} NSE script error: #{$1}"

40
modules/auxiliary/scanner/postgres/postgres_version.rb
View File

@ -50,6 +50,32 @@ class Metasploit3 < Msf::Auxiliary
datastore['RPORT'] datastore['RPORT']
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def do_fingerprint(user=nil,pass=nil,database=nil) def do_fingerprint(user=nil,pass=nil,database=nil)
begin begin
msg = "#{rhost}:#{rport} Postgres -" msg = "#{rhost}:#{rport} Postgres -"
@ -79,13 +105,13 @@ class Metasploit3 < Msf::Auxiliary
) )
if self.postgres_conn if self.postgres_conn
report_auth_info( report_cred(
:host => rhost, ip: rhost,
:port => rport, port: rport,
:sname => "postgres", service_name: 'postgres',
:user => user, user: user,
:pass => password, password: password,
:active => true proof: "postgres_conn = #{self.postgres_conn.inspect}"
) )
end end

25
modules/auxiliary/scanner/rservices/rsh_login.rb
View File

@ -220,6 +220,31 @@ class Metasploit3 < Msf::Auxiliary
[ sd, lport ] [ sd, lport ]
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def start_rsh_session(host, port, user, luser, proof, stderr_sock) def start_rsh_session(host, port, user, luser, proof, stderr_sock)
report_auth_info( report_auth_info(

43
modules/auxiliary/scanner/sap/sap_ctc_verb_tampering_user_mgmt.rb
View File

@ -68,22 +68,49 @@ class Metasploit4 < Msf::Auxiliary
vprint_status("#{rhost}:#{rport} - Adding User to Group...") vprint_status("#{rhost}:#{rport} - Adding User to Group...")
uri = '/ctc/ConfigServlet?param=com.sap.ctc.util.UserConfig;ADD_USER_TO_GROUP;USERNAME=' + datastore['USERNAME'] + ',GROUPNAME=' + datastore['GROUP'] uri = '/ctc/ConfigServlet?param=com.sap.ctc.util.UserConfig;ADD_USER_TO_GROUP;USERNAME=' + datastore['USERNAME'] + ',GROUPNAME=' + datastore['GROUP']
if send_request(uri) res = send_request(uri)
if res
print_good("#{rhost}:#{rport} - User #{datastore['USERNAME']} added to group #{datastore['GROUP']}") print_good("#{rhost}:#{rport} - User #{datastore['USERNAME']} added to group #{datastore['GROUP']}")
else else
return return
end end
report_auth_info( report_cred(
:host => rhost, ip: rhost,
:port => rport, port: rport,
:user => datastore['USERNAME'], service_name: 'sap',
:pass => datastore['PASSWORD'], user: datastore['USERNAME'],
:ptype => "password", pass: datastore['PASSWORD'],
:active => true proof: res.body
) )
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def send_request(uri) def send_request(uri)
begin begin
res = send_request_cgi({ res = send_request_cgi({

43
modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb
View File

@ -61,6 +61,32 @@ class Metasploit4 < Msf::Auxiliary
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def enum_user(user, pass, uri) def enum_user(user, pass, uri)
# Replace placeholder with SAP SID, if present # Replace placeholder with SAP SID, if present
@ -140,16 +166,13 @@ class Metasploit4 < Msf::Auxiliary
vprint_error("#{peer} [SAP] Login '#{user}' NOT authorized to perform OSExecute calls") vprint_error("#{peer} [SAP] Login '#{user}' NOT authorized to perform OSExecute calls")
end end
report_auth_info( report_cred(
:host => rhost, ip: rhost,
:sname => 'sap-managementconsole', port: port,
:proto => 'tcp', user: user,
:port => rport, password: pass,
:user => user, service_name: 'sap-managementconsole',
:pass => pass, proof: res.body
:source_type => "user_supplied",
:target_host => rhost,
:target_port => rport
) )
else else
vprint_error("#{peer} [SAP] failed to login as '#{user}':'#{pass}'") vprint_error("#{peer} [SAP] failed to login as '#{user}':'#{pass}'")

2
modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb
View File

@ -124,7 +124,7 @@ class Metasploit4 < Msf::Auxiliary
return return
else else
print_good("[SAP] #{ip}:#{rport} - User '#{datastore['BAPI_USER']}' with password '#{datastore['BAPI_PASSWORD']}' created") print_good("[SAP] #{ip}:#{rport} - User '#{datastore['BAPI_USER']}' with password '#{datastore['BAPI_PASSWORD']}' created")
report_auth_info( report_auth(
ip: ip, ip: ip,
port: rport, port: rport,
service_name: 'sap', service_name: 'sap',

35
modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb
View File

@ -397,6 +397,33 @@ class Metasploit3 < Msf::Exploit::Remote
create_credential_login(login_data) create_credential_login(login_data)
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash,
jtr_format: 'md5,raw-md5'
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def exploit def exploit
print_status("#{peer} - Checking for a valid node id...") print_status("#{peer} - Checking for a valid node id...")
node_id = get_node node_id = get_node
@ -417,6 +444,14 @@ class Metasploit3 < Msf::Exploit::Remote
for i in 0..count_users - 1 for i in 0..count_users - 1
user = get_user_data(node_id, i) user = get_user_data(node_id, i)
report_cred(
ip: rhost,
port: rport,
user: user[0],
password: user[1],
service_name: (ssl ? "https" : "http"),
proof: "salt: #{user[2]}"
)
report_auth_info({ report_auth_info({
:host => rhost, :host => rhost,
:port => rport, :port => rport,

59
modules/post/linux/gather/mount_cifs_creds.rb
View File

@ -47,10 +47,10 @@ class Metasploit3 < Msf::Post
cred = {} cred = {}
# if the fstab line utilizies the credentials= option, read the credentials from that file # if the fstab line utilizies the credentials= option, read the credentials from that file
if (fstab_line =~ /\/\/([^\/]+)\/\S+\s+\S+\s+cifs\s+.*/) if (fstab_line =~ /\/\/([^\/]+)\/\S+\s+\S+\s+cifs\s+.*/)
host = $1 cred[:host] = $1
# IPs can occur using the ip option, which is a backup/alternative # IPs can occur using the ip option, which is a backup/alternative
# to letting UNC resolution do its thing # to letting UNC resolution do its thing
host = $1 if (fstab_line =~ /ip=([^, ]+)/) cred[:host] = $1 if (fstab_line =~ /ip=([^, ]+)/)
if (fstab_line =~ /cred(?:entials)?=([^, ]+)/) if (fstab_line =~ /cred(?:entials)?=([^, ]+)/)
file = $1 file = $1
# skip if we've already parsed this credentials file # skip if we've already parsed this credentials file
@ -58,11 +58,13 @@ class Metasploit3 < Msf::Post
# store it if we haven't # store it if we haven't
cred_files << file cred_files << file
# parse the credentials # parse the credentials
creds << parse_credentials_file(file) cred.merge!(parse_credentials_file(file))
# if the credentials are directly in /etc/fstab, parse them # if the credentials are directly in /etc/fstab, parse them
elsif (fstab_line =~ /\/\/([^\/]+)\/\S+\s+\S+\s+cifs\s+.*(?:user(?:name)?|pass(?:word)?)=/) elsif (fstab_line =~ /\/\/([^\/]+)\/\S+\s+\S+\s+cifs\s+.*(?:user(?:name)?|pass(?:word)?)=/)
creds << parse_fstab_credentials(fstab_line) cred.merge!(parse_fstab_credentials(fstab_line))
end end
creds << cred
end end
end end
@ -71,10 +73,15 @@ class Metasploit3 < Msf::Post
creds.compact! creds.compact!
creds.uniq! creds.uniq!
creds.each do |cred| creds.each do |cred|
# XXX: currently, you can only report_auth_info on an IP or a valid Host. in our case,
# host[:host] is *not* a Host. Fix this some day.
if (Rex::Socket.dotted_ip?(cred[:host])) if (Rex::Socket.dotted_ip?(cred[:host]))
report_auth_info({ :port => 445, :sname => 'smb', :type => 'password', :active => true }.merge(cred)) report_cred(
ip: cred[:host],
port: 445,
service_name: 'smb',
user: cred[:user],
password: cred[:pass],
proof: '/etc/fstab'
)
end end
cred_table << [ cred[:user], cred[:pass], cred[:host], cred[:file] ] cred_table << [ cred[:user], cred[:pass], cred[:host], cred[:file] ]
end end
@ -93,8 +100,37 @@ class Metasploit3 < Msf::Post
end end
end end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :session,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password,
module_fullname: fullname,
session_id: session_db_id,
post_reference_name: self.refname
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
# Parse mount.cifs credentials from +line+, assumed to be a line from /etc/fstab. # Parse mount.cifs credentials from +line+, assumed to be a line from /etc/fstab.
# Returns the username+domain and password as a hash, nil if nothing is found. # Returns the username+domain and password as a hash.
def parse_fstab_credentials(line, file="/etc/fstab") def parse_fstab_credentials(line, file="/etc/fstab")
creds = {} creds = {}
# get the username option, which comes in one of four ways # get the username option, which comes in one of four ways
@ -123,11 +159,12 @@ class Metasploit3 < Msf::Post
creds[:user] = "#{$1}\\#{creds[:user]}" if (line =~ /dom(?:ain)?=([^, ]+)/) creds[:user] = "#{$1}\\#{creds[:user]}" if (line =~ /dom(?:ain)?=([^, ]+)/)
creds[:file] = file unless (creds.empty?) creds[:file] = file unless (creds.empty?)
(creds.empty? ? nil : creds)
creds
end end
# Parse mount.cifs credentials from +file+, returning the username+domain and password # Parse mount.cifs credentials from +file+, returning the username+domain and password
# as a hash, nil if nothing is found. # as a hash.
def parse_credentials_file(file) def parse_credentials_file(file)
creds = {} creds = {}
domain = nil domain = nil
@ -145,6 +182,6 @@ class Metasploit3 < Msf::Post
creds[:user] = "#{domain}\\#{creds[:user]}" if (domain and creds[:user]) creds[:user] = "#{domain}\\#{creds[:user]}" if (domain and creds[:user])
creds[:file] = file unless (creds.empty?) creds[:file] = file unless (creds.empty?)
(creds.empty? ? nil : creds) creds
end end
end end

125
test/modules/auxiliary/test/report_auth_info.rb
View File

@ -359,7 +359,126 @@ class Metasploit3 < Msf::Auxiliary
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'sap', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'sap', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end end
def test_mount_cifs_creds
mod = framework.post.create('linux/gather/mount_cifs_creds')
mock_post_mod_session(mod)
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'smb', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_mysql_enum
mod = framework.auxiliary.create('admin/mysql/mysql_enum')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'mysql', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_jtr_oracle_fast
mod = framework.auxiliary.create('analyze/jtr_oracle_fast')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'oracle', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_vbulletin_vote_sqli_exec
mod = framework.exploits.create('unix/webapp/vbulletin_vote_sqli_exec')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_sap_mgmt_con_brute_login
mod = framework.auxiliary.create('scanner/sap/sap_mgmt_con_brute_login')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_sap_ctc_verb_tampering_user_mgmt
mod = framework.auxiliary.create('scanner/sap/sap_ctc_verb_tampering_user_mgmt')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_scanner_oracle_login
mod = framework.auxiliary.create('scanner/oracle/oracle_login')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'tcp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF, status: Metasploit::Model::Login::Status::SUCCESSFUL)
end
def test_isqlplus_login
mod = framework.auxiliary.create('scanner/oracle/isqlplus_login')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'tcp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_dvr_config_disclosure
mod = framework.auxiliary.create('scanner/misc/dvr_config_disclosure')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_lotus_domino_login
mod = framework.auxiliary.create('scanner/lotus/lotus_domino_login')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_openmind_messageos_login
mod = framework.auxiliary.create('scanner/http/openmind_messageos_login')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_dell_idrac
mod = framework.auxiliary.create('scanner/http/dell_idrac')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_windows_deployment_services
mod = framework.auxiliary.create('scanner/dcerpc/windows_deployment_services')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'dcerpc', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_couchdb_login
mod = framework.auxiliary.create('scanner/couchdb/couchdb_login')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'couchdb', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_wp_w3_total_cache_hash_extract
mod = framework.auxiliary.create('gather/wp_w3_total_cache_hash_extract')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_windows_deployment_services_shares
mod = framework.auxiliary.create('gather/windows_deployment_services_shares')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'smb', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_vbulletin_vote_sqli
mod = framework.auxiliary.create('gather/vbulletin_vote_sqli')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_hp_snac_domain_creds
mod = framework.auxiliary.create('gather/hp_snac_domain_creds')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'hp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_d20pass
mod = framework.auxiliary.create('gather/d20pass')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'hp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_doliwamp_traversal_creds
mod = framework.auxiliary.create('gather/doliwamp_traversal_creds')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'hp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_apache_rave_creds
mod = framework.auxiliary.create('gather/apache_rave_creds')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'Apache Rave', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_wordpress_long_password_dos
mod = framework.auxiliary.create('dos/http/wordpress_long_password_dos')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, proof: FAKE_PROOF)
end
def test_modicon_password_recovery
mod = framework.auxiliary.create('admin/scada/modicon_password_recovery')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def test_advantech_webaccess_dbvisitor_sqli
mod = framework.auxiliary.create('admin/scada/advantech_webaccess_dbvisitor_sqli')
mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
end
def run def run
counter_all = 0 counter_all = 0
@ -389,4 +508,8 @@ class Metasploit3 < Msf::Auxiliary
print_line print_line
end end
def mock_post_mod_session(mod)
mod.define_singleton_method(:session_db_id) { 1 }
end
end end