From 4197f00701b0f956bf32eb371bab8e59c1538064 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Wed, 17 Feb 2010 21:55:02 +0000 Subject: [PATCH] Moves @credentials_tried and @credentials_good into auth_brute proper, though modules still need to handle them themselves... which telnet and ssh both do now. git-svn-id: file:///home/svn/framework3/trunk@8542 4d416f70-5f16-0410-b530-b9f4589650da --- lib/msf/core/auxiliary/auth_brute.rb | 4 ++++ modules/auxiliary/scanner/ssh/ssh_login.rb | 8 ++++---- modules/auxiliary/scanner/telnet/telnet_login.rb | 8 ++++++++ 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/lib/msf/core/auxiliary/auth_brute.rb b/lib/msf/core/auxiliary/auth_brute.rb index 15ce659fe2..7ccee52d85 100644 --- a/lib/msf/core/auxiliary/auth_brute.rb +++ b/lib/msf/core/auxiliary/auth_brute.rb @@ -8,6 +8,8 @@ module Msf module Auxiliary::AuthBrute + attr_accessor :credentials_tried, :credentials_good + def initialize(info = {}) super @@ -19,6 +21,8 @@ def initialize(info = {}) @user = nil @pass = nil + @credentials_tried = {} + @credentials_good = {} end diff --git a/modules/auxiliary/scanner/ssh/ssh_login.rb b/modules/auxiliary/scanner/ssh/ssh_login.rb index 0f44a3c802..1cab41abde 100644 --- a/modules/auxiliary/scanner/ssh/ssh_login.rb +++ b/modules/auxiliary/scanner/ssh/ssh_login.rb @@ -85,14 +85,14 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) print_status("#{ip}:#{rport} - SSH - Starting buteforce") - credentials_tried = {} each_user_pass do |user, pass| - next if credentials_tried[user] == pass || self.good_credentials[user] - credentials_tried[user] = pass + this_cred = [user,ip,rport].join(":") + next if self.credentials_tried[this_cred] == pass || self.credentials_good[this_cred] + self.credentials_tried[this_cred] = pass case do_login(ip,user,pass,rport) when :success print_good "#{ip}:#{rport} - SSH - Success: '#{user}':'#{pass}'" - self.good_credentials[user] = pass + self.credentials_good[this_cred] = pass do_report(ip,user,pass,rport) when :connection_error print_error "#{ip}:#{rport} - Could not connect" if datastore['VERBOSE'] diff --git a/modules/auxiliary/scanner/telnet/telnet_login.rb b/modules/auxiliary/scanner/telnet/telnet_login.rb index b6afc4ce3e..2c41f6e1b1 100644 --- a/modules/auxiliary/scanner/telnet/telnet_login.rb +++ b/modules/auxiliary/scanner/telnet/telnet_login.rb @@ -56,6 +56,7 @@ class Metasploit3 < Msf::Auxiliary @got_shell = false end + def run_host(ip) print_status("Starting host #{ip}") begin @@ -69,6 +70,12 @@ class Metasploit3 < Msf::Auxiliary end def try_user_pass(user, pass) + this_cred = [user,rhost,rport].join(":") + if self.credentials_tried[this_cred] == pass || self.credentials_good[this_cred] + return :tried + else + self.credentials_tried[this_cred] = pass + end print_status "#{rhost}:#{rport} Telnet - Attempting: '#{user}':'#{pass}'" if datastore['VERBOSE'] if @got_shell @got_shell = false @@ -96,6 +103,7 @@ class Metasploit3 < Msf::Auxiliary if (login_succeeded?) print_good("#{rhost} - SUCCESSFUL LOGIN #{user} : #{pass}") + self.credentials_good[this_cred] = pass report_auth_info( :host => rhost, :proto => 'telnet',