Update auxillary/scanner/ftp with Credential Gem

bug/bundler_fix
Tom Sellers 2014-08-04 22:32:30 -05:00 committed by Tod Beardsley
parent dc95b01cc5
commit 3fdad4dc91
No known key found for this signature in database
GPG Key ID: 1EFFB682ADB9F193
1 changed files with 51 additions and 24 deletions

View File

@ -35,40 +35,67 @@ class Metasploit3 < Msf::Auxiliary
begin
res = connect_login(true, false)
res = connect_login(true, false)
banner.strip! if banner
banner.strip! if banner
dir = Rex::Text.rand_text_alpha(8)
if res
write_check = send_cmd( ['MKD', dir] , true)
dir = Rex::Text.rand_text_alpha(8)
if res
write_check = send_cmd(['MKD', dir] , true)
if (write_check and write_check =~ /^2/)
send_cmd( ['RMD', dir] , true)
if write_check && write_check =~ /^2/
send_cmd( ['RMD', dir] , true)
print_status("#{target_host}:#{rport} Anonymous READ/WRITE (#{banner})")
access_type = "rw"
else
print_status("#{target_host}:#{rport} Anonymous READ (#{banner})")
access_type = "ro"
print_good("#{target_host}:#{rport} - Anonymous READ/WRITE (#{banner})")
access_type = 'Read/Write'
else
print_good("#{target_host}:#{rport} - Anonymous READ (#{banner})")
access_type = 'Read-only'
end
register_creds(target_host, access_type)
end
report_auth_info(
:host => target_host,
:port => rport,
:sname => 'ftp',
:user => datastore['FTPUSER'],
:pass => datastore['FTPPASS'],
:type => "password_#{access_type}",
:active => true
)
end
disconnect
disconnect
rescue ::Interrupt
raise $!
raise $ERROR_INFO
rescue ::Rex::ConnectionError, ::IOError
end
end
def register_creds(target_host, access_type)
# Build service information
service_data = {
address: target_host,
port: datastore['RPORT'],
service_name: 'ftp',
protocol: 'tcp',
workspace_id: myworkspace_id
}
# Build credential information
credential_data = {
origin_type: :service,
module_fullname: self.fullname,
private_data: datastore['FTPPASS'],
private_type: :password,
username: datastore['FTPUSER'],
workspace_id: myworkspace_id
}
credential_data.merge!(service_data)
credential_core = create_credential(credential_data)
# Assemble the options hash for creating the Metasploit::Credential::Login object
login_data = {
access_level: access_type,
core: credential_core,
last_attempted_at: DateTime.now,
status: Metasploit::Model::Login::Status::SUCCESSFUL,
workspace_id: myworkspace_id
}
login_data.merge!(service_data)
create_credential_login(login_data)
end
end