parent
5b66f07f59
commit
766b50b5e0
|
@ -77,6 +77,19 @@ module Metasploit
|
|||
raise NotImplementedError
|
||||
end
|
||||
|
||||
|
||||
def each_cred_adjusted_for_realm(credential)
|
||||
unless credential.kind_of?(Metasploit::Framework::Credential) && credential.valid?
|
||||
raise ArgumentError, "#{credential.inspect} is not a valid Metasploit::Framework::Credential"
|
||||
end
|
||||
|
||||
if credential.realm.present? && REALM_KEY.present?
|
||||
credential.realm_key = REALM_KEY
|
||||
yield credential
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
# Attempt to login with every {Credential credential} in
|
||||
# {#cred_details}, by calling {#attempt_login} once for each.
|
||||
#
|
||||
|
|
|
@ -18,7 +18,7 @@ module Metasploit
|
|||
LIKELY_PORTS = [ DEFAULT_PORT, 2121 ]
|
||||
LIKELY_SERVICE_NAMES = [ 'ftp' ]
|
||||
PRIVATE_TYPES = [ :password ]
|
||||
REALM_TYPE = nil
|
||||
REALM_KEY = nil
|
||||
|
||||
# @!attribute ftp_timeout
|
||||
# @return [Fixnum] The timeout in seconds to wait for a response to an FTP command
|
||||
|
|
|
@ -23,7 +23,7 @@ module Metasploit
|
|||
# Lifted from lib/msf/core/exploit/mssql.rb
|
||||
LIKELY_SERVICE_NAMES = [ 'ms-sql-s', 'ms-sql2000', 'sybase' ]
|
||||
PRIVATE_TYPES = [ :password, :ntlm_hash ]
|
||||
REALM_TYPE = Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN
|
||||
REALM_KEY = Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN
|
||||
|
||||
# @!attribute windows_authentication
|
||||
# @return [Boolean] Whether to use Windows Authentication instead of SQL Server Auth.
|
||||
|
|
|
@ -19,7 +19,7 @@ module Metasploit
|
|||
LIKELY_PORTS = [ 3306 ]
|
||||
LIKELY_SERVICE_NAMES = [ 'mysql' ]
|
||||
PRIVATE_TYPES = [ :password ]
|
||||
REALM_TYPE = nil
|
||||
REALM_KEY = nil
|
||||
|
||||
def attempt_login(credential)
|
||||
result_options = {
|
||||
|
|
|
@ -18,7 +18,7 @@ module Metasploit
|
|||
LIKELY_PORTS = [ 110, 995 ]
|
||||
LIKELY_SERVICE_NAMES = [ 'pop3', 'pop3s' ]
|
||||
PRIVATE_TYPES = [ :password ]
|
||||
REALM_TYPE = nil
|
||||
REALM_KEY = nil
|
||||
|
||||
# This method attempts a single login with a single credential against the target
|
||||
# @param credential [Credential] The credential object to attempt to login with
|
||||
|
|
|
@ -16,7 +16,7 @@ module Metasploit
|
|||
LIKELY_PORTS = [ DEFAULT_PORT ]
|
||||
LIKELY_SERVICE_NAMES = [ 'postgres' ]
|
||||
PRIVATE_TYPES = [ :password ]
|
||||
REALM_TYPE = Metasploit::Model::Realm::Key::POSTGRESQL_DATABASE
|
||||
REALM_KEY = Metasploit::Model::Realm::Key::POSTGRESQL_DATABASE
|
||||
|
||||
# This method attempts a single login with a single credential against the target
|
||||
# @param credential [Credential] The credential object to attmpt to login with
|
||||
|
|
|
@ -22,7 +22,7 @@ module Metasploit
|
|||
LIKELY_PORTS = [ 139, 445 ]
|
||||
LIKELY_SERVICE_NAMES = [ "smb" ]
|
||||
PRIVATE_TYPES = [ :password, :ntlm_hash ]
|
||||
REALM_TYPE = Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN
|
||||
REALM_KEY = Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN
|
||||
|
||||
module StatusCodes
|
||||
CORRECT_CREDENTIAL_STATUS_CODES = [
|
||||
|
|
|
@ -15,7 +15,7 @@ module Metasploit
|
|||
LIKELY_PORTS = [ 161, 162 ]
|
||||
LIKELY_SERVICE_NAMES = [ 'snmp' ]
|
||||
PRIVATE_TYPES = [ :password ]
|
||||
REALM_TYPE = nil
|
||||
REALM_KEY = nil
|
||||
|
||||
# This method attempts a single login with a single credential against the target
|
||||
# @param credential [Credential] The credential object to attmpt to login with
|
||||
|
|
|
@ -21,7 +21,7 @@ module Metasploit
|
|||
LIKELY_PORTS = [ DEFAULT_PORT ]
|
||||
LIKELY_SERVICE_NAMES = [ 'ssh' ]
|
||||
PRIVATE_TYPES = [ :password, :ssh_key ]
|
||||
REALM_TYPE = nil
|
||||
REALM_KEY = nil
|
||||
|
||||
VERBOSITIES = [
|
||||
:debug,
|
||||
|
|
|
@ -18,7 +18,7 @@ module Metasploit
|
|||
LIKELY_PORTS = [ DEFAULT_PORT ]
|
||||
LIKELY_SERVICE_NAMES = [ 'telnet' ]
|
||||
PRIVATE_TYPES = [ :password ]
|
||||
REALM_TYPE = nil
|
||||
REALM_KEY = nil
|
||||
|
||||
# @!attribute verbosity
|
||||
# The timeout to wait for the telnet banner.
|
||||
|
|
|
@ -22,7 +22,7 @@ module Metasploit
|
|||
LIKELY_PORTS = (5900..5910).to_a
|
||||
LIKELY_SERVICE_NAMES = [ 'vnc' ]
|
||||
PRIVATE_TYPES = [ :password ]
|
||||
REALM_TYPE = nil
|
||||
REALM_KEY = nil
|
||||
|
||||
# Error indicating retry should occur for UltraVNC
|
||||
ULTRA_VNC_RETRY_ERROR = 'connection has been rejected'
|
||||
|
|
|
@ -25,7 +25,7 @@ module Metasploit
|
|||
|
||||
PRIVATE_TYPES = [ :password ]
|
||||
LIKELY_PORTS = [ 80, 443, 5985, 5986 ]
|
||||
REALM_TYPE = Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN
|
||||
REALM_KEY = Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN
|
||||
# Inherit LIKELY_SERVICE_NAMES, since a scanner will see it as
|
||||
# just HTTP.
|
||||
|
||||
|
|
|
@ -5,6 +5,8 @@ shared_examples_for 'Metasploit::Framework::LoginScanner::Base' do
|
|||
|
||||
let(:public) { 'root' }
|
||||
let(:private) { 'toor' }
|
||||
let(:realm) { 'myrealm' }
|
||||
let(:realm_key) { Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN }
|
||||
|
||||
let(:pub_blank) {
|
||||
Metasploit::Framework::Credential.new(
|
||||
|
@ -38,6 +40,16 @@ shared_examples_for 'Metasploit::Framework::LoginScanner::Base' do
|
|||
)
|
||||
}
|
||||
|
||||
let(:ad_cred) {
|
||||
Metasploit::Framework::Credential.new(
|
||||
paired: true,
|
||||
public: public,
|
||||
private: private,
|
||||
realm: realm,
|
||||
realm_key: realm_key
|
||||
)
|
||||
}
|
||||
|
||||
let(:detail_group) {
|
||||
[ pub_blank, pub_pub, pub_pri]
|
||||
}
|
||||
|
@ -280,4 +292,27 @@ shared_examples_for 'Metasploit::Framework::LoginScanner::Base' do
|
|||
end
|
||||
|
||||
end
|
||||
|
||||
context '#each_cred_adjusted_for_realm' do
|
||||
context 'when given an invalid credential' do
|
||||
it 'raises an ArgumentError' do
|
||||
expect{ login_scanner.each_cred_adjusted_for_realm(invalid_detail)}.to raise_error ArgumentError
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the credential has a realm' do
|
||||
if described_class::REALM_KEY.present?
|
||||
context 'when the login_scanner has a REALM_KEY' do
|
||||
it 'set the realm_key on the credential to that of the scanner' do
|
||||
output_cred = ad_cred.dup
|
||||
output_cred.realm_key = described_class::REALM_KEY
|
||||
expect{ |b| login_scanner.each_cred_adjusted_for_realm(ad_cred, &b)}.to yield_with_args(output_cred)
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue