infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed the credential parsing and made output consistent 

So in the previous refactor, we made the dedicated method to parse
usernames and passwords from the split up config values. However, that
didn't work, because on a single iteration of the loop, you only have
access to a possible username OR password. The other matching key will
be another iteration of the loop. Because of this, no credential pairs
were being reported.

The only way I can see around this (maybe because I'm a ruby newb) would
be to iterate over configs, and if the user or password regex matches,
add the matching value to a hash, which is identified by a key for both
user & pass. Then upon completion of the loop, it'd iterate over the
hash, finding keys that had both user & pass values.
bug/bundler_fix
Matt Andreko 2014-01-13 22:57:25 -05:00
parent 804b26bac6
commit 42fb8c48d1
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
modules/auxiliary/admin/misc/sercomm_dump_config.rb
View File

@ -185,33 +185,34 @@ class Metasploit3 < Msf::Auxiliary
configs.each do |config|
parse_general_config(config)
parse_auth_config(config)
end
parse_auth_config(configs)
end
def parse_general_config(config)
SETTINGS['General'].each do |regex|
if config.match(regex[1])
value = $1
print_status("#{regex[0]}: #{value}")
print_status("#{peer} - #{regex[0]}: #{value}")
end
end
end
def parse_auth_config(config)
def parse_auth_config(configs)
SETTINGS['Creds'].each do |cred|
user = nil
pass = nil
# find the user/pass
if config.match(cred[1]['user'])
user = $1
u = configs.grep(cred[1]['user']) { $1 }
if u.any?
user = u[0]
end
if config.match(cred[1]['pass'])
pass = $1
p = configs.grep(cred[1]['pass']) { $1 }
if p.any?
pass = p[0]
end
# if user and pass are specified, report on them
if user and pass
print_status("#{peer} - #{cred[0]}: User: #{user} Pass: #{pass}")
auth = {
@ -225,6 +226,7 @@ class Metasploit3 < Msf::Auxiliary
}
report_auth_info(auth)
end
end
end