commit
677ec341dd
|
@ -6,14 +6,16 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'Lansweeper Collector',
|
'Name' => 'Lansweeper Credential Collector',
|
||||||
'Description' => %q(
|
'Description' => %q(
|
||||||
Lansweeper stores the credentials it uses to scan the computers in its MSSQL database.
|
Lansweeper stores the credentials it uses to scan the computers
|
||||||
The passwords are XTea-encrypted with a 68 character long key, which first 8 character
|
in its Microsoft SQL database. The passwords are XTea-encrypted with a
|
||||||
are stored with the password in the database, and the other 60 is static. Lansweeper by
|
68 character long key, in which the first 8 characters are stored with
|
||||||
default creates an MSSQL user "lansweeperuser" whose password is "mysecretpassword0*",
|
the password in the database and the other 60 is static. Lansweeper, by
|
||||||
and stores its data in a database called "lansweeperdb". This module will query the MSSQL
|
default, creates an MSSQL user "lansweeperuser" with the password is
|
||||||
database for the credentials.
|
"mysecretpassword0*", and stores its data in a database called
|
||||||
|
"lansweeperdb". This module will query the MSSQL database for the
|
||||||
|
credentials.
|
||||||
),
|
),
|
||||||
'Author' =>
|
'Author' =>
|
||||||
[
|
[
|
||||||
|
|
|
@ -15,35 +15,29 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
This module will automatically serve browser exploits. Here are the options you can
|
This module will automatically serve browser exploits. Here are the options you can
|
||||||
configure:
|
configure:
|
||||||
|
|
||||||
The Include option allows you to specify the kind of exploits to be loaded. For example,
|
The INCLUDE_PATTERN option allows you to specify the kind of exploits to be loaded. For example,
|
||||||
if you wish to load just Adobe Flash exploits, then you can set Include to 'adobe_flash'.
|
if you wish to load just Adobe Flash exploits, then you can set Include to 'adobe_flash'.
|
||||||
|
|
||||||
The Exclude option will ignore exploits. For example, if you don't want any Adobe Flash
|
The EXCLUDE_PATTERN option will ignore exploits. For example, if you don't want any Adobe Flash
|
||||||
exploits, you can set this. Also note that the Exclude option will always be evaludated
|
exploits, you can set this. Also note that the Exclude option will always be evaludated
|
||||||
after the Include option.
|
after the Include option.
|
||||||
|
|
||||||
The MaxExploits option specifies the max number of exploits to load by Browser Autopwn.
|
The MaxExploitCount option specifies the max number of exploits to load by Browser Autopwn.
|
||||||
By default, 20 will be loaded. But note that the client will probably not be vulnerable
|
By default, 20 will be loaded. But note that the client will probably not be vulnerable
|
||||||
to all 20 of them, so only some will actually be served to the client.
|
to all 20 of them, so only some will actually be served to the client.
|
||||||
|
|
||||||
The Content option allows you to provide a basic webpage. This is what the user behind
|
The HTMLContent option allows you to provide a basic webpage. This is what the user behind
|
||||||
the vulnerable browser will see. You can simply set a string, or you can do the file://
|
the vulnerable browser will see. You can simply set a string, or you can do the file://
|
||||||
syntax to load an HTML file. Note this option might break exploits so try to keep it
|
syntax to load an HTML file. Note this option might break exploits so try to keep it
|
||||||
as simple as possible.
|
as simple as possible.
|
||||||
|
|
||||||
The WhiteList option can be used to avoid visitors that are outside the scope of your
|
The MaxSessionCount option is used to limit how many sessions Browser Autopwn is allowed to
|
||||||
pentest engagement. IPs that are not on the list will not be attacked.
|
|
||||||
|
|
||||||
The MaxSessions option is used to limit how many sessions Browser Autopwn is allowed to
|
|
||||||
get. The default -1 means unlimited. Combining this with other options such as RealList
|
get. The default -1 means unlimited. Combining this with other options such as RealList
|
||||||
and Custom404, you can get information about which visitors (IPs) clicked on your malicious
|
and Custom404, you can get information about which visitors (IPs) clicked on your malicious
|
||||||
link, what exploits they might be vulnerable to, redirect them to your own internal
|
link, what exploits they might be vulnerable to, redirect them to your own internal
|
||||||
training website without actually attacking them.
|
training website without actually attacking them.
|
||||||
|
|
||||||
The RealList is an option that will list what exploits the client might be vulnerable to
|
For more information about Browser Autopwn, please see the referenced blog post.
|
||||||
based on basic browser information. If possible, you can run the exploits for validation.
|
|
||||||
|
|
||||||
For more information about Browser Autopwn, please see the reference link.
|
|
||||||
},
|
},
|
||||||
'License' => MSF_LICENSE,
|
'License' => MSF_LICENSE,
|
||||||
'Author' => [ 'sinn3r' ],
|
'Author' => [ 'sinn3r' ],
|
||||||
|
|
|
@ -318,4 +318,5 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
res = data + [bkd_crc].pack('<L')
|
res = data + [bkd_crc].pack('<L')
|
||||||
res
|
res
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -14,11 +14,10 @@ class Metasploit3 < Msf::Post
|
||||||
This module suggests local meterpreter exploits that can be used. The
|
This module suggests local meterpreter exploits that can be used. The
|
||||||
exploits are suggested based on the architecture and platform that
|
exploits are suggested based on the architecture and platform that
|
||||||
the user has a shell opened as well as the available exploits in
|
the user has a shell opened as well as the available exploits in
|
||||||
meterpreter. Additionally, the ShowDescription option can be set
|
meterpreter.
|
||||||
to 'true' to a detailed description on the suggested exploits.
|
|
||||||
|
|
||||||
It's important to note that not all local exploits will be fired.
|
It's important to note that not all local exploits will be fired.
|
||||||
They are chosen based on these conditions: session type,
|
Exploits are chosen based on these conditions: session type,
|
||||||
platform, architecture, and required default options.
|
platform, architecture, and required default options.
|
||||||
},
|
},
|
||||||
'License' => MSF_LICENSE,
|
'License' => MSF_LICENSE,
|
||||||
|
|
Loading…
Reference in New Issue