finishing converting the last of this to credentials

bug/bundler_fix
darkbushido 2016-07-28 16:20:02 -05:00
parent 0972005b24
commit 5a1cd24350
2 changed files with 54 additions and 32 deletions

View File

@ -391,34 +391,36 @@ module Auxiliary::Cisco
when /^\s*ppp chap (secret|password) (\d+) ([^\s]+)/i
stype = $2.to_i
shash = $3
spass = $3
if stype == 5
print_good("#{thost}:#{tport} PPP CHAP MD5 Encrypted Password: #{shash}")
store_loot("cisco.ios.ppp_password_hash", "text/plain", thost, shash, "ppp_password_hash.txt", "Cisco IOS PPP Password Hash (MD5)")
print_good("#{thost}:#{tport} PPP CHAP MD5 Encrypted Password: #{spass}")
store_loot("cisco.ios.ppp_password_hash", "text/plain", thost, spass, "ppp_password_hash.txt", "Cisco IOS PPP Password Hash (MD5)")
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
end
if stype == 0
print_good("#{thost}:#{tport} Password: #{shash}")
store_loot("cisco.ios.ppp_password", "text/plain", thost, shash, "ppp_password.txt", "Cisco IOS PPP Password")
print_good("#{thost}:#{tport} Password: #{spass}")
store_loot("cisco.ios.ppp_password", "text/plain", thost, spass, "ppp_password.txt", "Cisco IOS PPP Password")
cred = cred_info.dup
cred[:pass] = shash
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
end
if stype == 7
shash = cisco_ios_decrypt7(shash) rescue shash
print_good("#{thost}:#{tport} PPP Decrypted Password: #{shash}")
store_loot("cisco.ios.ppp_password", "text/plain", thost, shash, "ppp_password.txt", "Cisco IOS PPP Password")
spass = cisco_ios_decrypt7(spass) rescue spass
print_good("#{thost}:#{tport} PPP Decrypted Password: #{spass}")
store_loot("cisco.ios.ppp_password", "text/plain", thost, spass, "ppp_password.txt", "Cisco IOS PPP Password")
cred = cred_info.dup
cred[:pass] = shash
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :password
create_credential_and_login(cred)
end
end
end

View File

@ -756,15 +756,18 @@ RSpec.describe Msf::Auxiliary::Cisco do
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.ppp_password", "text/plain", "127.0.0.1", "1511021F0725", "ppp_password.txt", "Cisco IOS PPP Password"
)
expect(aux_cisco).to receive(:store_cred).with(
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
host: "127.0.0.1",
address: "127.0.0.1",
port: 1337,
user: "",
pass: "1511021F0725",
type: "password",
collect_type: "password",
active: true
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'ppp chap secret 0 1511021F0725')
@ -779,6 +782,20 @@ RSpec.describe Msf::Auxiliary::Cisco do
"cisco.ios.ppp_password_hash", "text/plain", "127.0.0.1", "1511021F0725", "ppp_password_hash.txt",
"Cisco IOS PPP Password Hash (MD5)"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'ppp chap secret 5 1511021F0725')
end
@ -791,15 +808,18 @@ RSpec.describe Msf::Auxiliary::Cisco do
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.ppp_password", "text/plain", "127.0.0.1", "cisco", "ppp_password.txt", "Cisco IOS PPP Password"
)
expect(aux_cisco).to receive(:store_cred).with(
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
host: "127.0.0.1",
address: "127.0.0.1",
port: 1337,
user: "",
pass: "cisco",
type: "password",
collect_type: "password",
active: true
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "cisco",
private_type: :password,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'ppp chap secret 7 1511021F0725')