add leixcal sorting to methods

lexical sort the new methods except for msf module entrypoint methods which should always be at the top
2015-02-18 14:50:33 -06:00 · 2015-02-18 14:50:33 -06:00 · 804db0ff0c
parent 2847507f03
commit 804db0ff0c
4 changed files with 219 additions and 221 deletions
--- a/lib/metasploit/framework/login_scanner/chef_webui.rb
+++ b/lib/metasploit/framework/login_scanner/chef_webui.rb
@ -19,6 +19,22 @@ module Metasploit
        #   @return [String] Cookie value
        attr_accessor :session_id
        # Decides which login routine and returns the results
        #
        # @param credential [Metasploit::Framework::Credential] The credential object
        # @return [Result]
        def attempt_login(credential)
          result_opts = { credential: credential }
          begin
            status = try_login(credential)
            result_opts.merge!(status)
          rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
            result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
          end
          Result.new(result_opts)
        end
        # (see Base#check_setup)
        def check_setup
@ -120,23 +136,6 @@ module Metasploit
          {:status => Metasploit::Model::Login::Status::INCORRECT, :proof => res.body}
        end
        # Decides which login routine and returns the results
        #
        # @param credential [Metasploit::Framework::Credential] The credential object
        # @return [Result]
        def attempt_login(credential)
          result_opts = { credential: credential }
          begin
            status = try_login(credential)
            result_opts.merge!(status)
          rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
            result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
          end
          Result.new(result_opts)
        end
      end
    end
  end
--- a/lib/metasploit/framework/login_scanner/zabbix.rb
+++ b/lib/metasploit/framework/login_scanner/zabbix.rb
@ -20,6 +20,24 @@ module Metasploit
        #   @return [String] Cookie session
        attr_accessor :zsession
        # Decides which login routine and returns the results
        #
        # @param credential [Metasploit::Framework::Credential] The credential object
        # @return [Result]
        def attempt_login(credential)
          result_opts = { credential: credential }
          begin
            status = try_login(credential)
            result_opts.merge!(status)
          rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
            result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
          end
          Result.new(result_opts)
        end
        # (see Base#check_setup)
        def check_setup
          begin
@ -111,23 +129,6 @@ module Metasploit
          {:status => Metasploit::Model::Login::Status::INCORRECT, :proof => res.body}
        end
        # Decides which login routine and returns the results
        #
        # @param credential [Metasploit::Framework::Credential] The credential object
        # @return [Result]
        def attempt_login(credential)
          result_opts = { credential: credential }
          begin
            status = try_login(credential)
            result_opts.merge!(status)
          rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
            result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
          end
          Result.new(result_opts)
        end
      end
    end
  end
--- a/modules/auxiliary/scanner/http/chef_webui_login.rb
+++ b/modules/auxiliary/scanner/http/chef_webui_login.rb
@ -38,65 +38,19 @@ class Metasploit3 < Msf::Auxiliary
      ], self.class)
  end
-  def init_loginscanner(ip)
+  #
-    @cred_collection = Metasploit::Framework::CredentialCollection.new(
+  # main
-      blank_passwords: datastore['BLANK_PASSWORDS'],
+  #
-      pass_file:       datastore['PASS_FILE'],
+  def run_host(ip)
-      password:        datastore['PASSWORD'],
+    init_loginscanner(ip)
-      user_file:       datastore['USER_FILE'],
+    msg = @scanner.check_setup
-      userpass_file:   datastore['USERPASS_FILE'],
+    if msg
-      username:        datastore['USERNAME'],
+      print_brute :level => :error, :ip => rhost, :msg => msg
-      user_as_pass:    datastore['USER_AS_PASS']
+      return
    )
    # Always try the default first
    @cred_collection.prepend_cred(
      Metasploit::Framework::Credential.new(public: 'admin', private: 'p@ssw0rd1')
    )
    @scanner = Metasploit::Framework::LoginScanner::ChefWebUI.new(
      host:               ip,
      port:               rport,
      proxies:            datastore['PROXIES'],
      uri:                datastore['TARGETURI'],
      cred_details:       @cred_collection,
      stop_on_success:    datastore['STOP_ON_SUCCESS'],
      bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
      connection_timeout: 5,
      framework: framework,
      framework_module: self,
    )
    @scanner.ssl         = datastore['SSL']
    @scanner.ssl_version = datastore['SSLVERSION']
    end
-  def do_report(ip, port, result)
+    print_brute :level=>:status, :ip=>rhost, :msg=>("Found Chef Web UI application at #{datastore['TARGETURI']}")
-    service_data = {
+    bruteforce(ip)
      address: ip,
      port: port,
      service_name: 'http',
      protocol: 'tcp',
      workspace_id: myworkspace_id
    }
    credential_data = {
      module_fullname: self.fullname,
      origin_type: :service,
      private_data: result.credential.private,
      private_type: :password,
      username: result.credential.public,
    }.merge(service_data)
    credential_core = create_credential(credential_data)
    login_data = {
      core: credential_core,
      last_attempted_at: DateTime.now,
      status: result.status
    }.merge(service_data)
    create_credential_login(login_data)
  end
  def bruteforce(ip)
@ -143,20 +97,65 @@ class Metasploit3 < Msf::Auxiliary
    end
  end
  def do_report(ip, port, result)
    service_data = {
      address: ip,
      port: port,
      service_name: 'http',
      protocol: 'tcp',
      workspace_id: myworkspace_id
    }
-  #
+    credential_data = {
-  # main
+      module_fullname: self.fullname,
-  #
+      origin_type: :service,
-  def run_host(ip)
+      private_data: result.credential.private,
-    init_loginscanner(ip)
+      private_type: :password,
-    msg = @scanner.check_setup
+      username: result.credential.public,
-    if msg
+    }.merge(service_data)
-      print_brute :level => :error, :ip => rhost, :msg => msg
+
-      return
+    credential_core = create_credential(credential_data)
    login_data = {
      core: credential_core,
      last_attempted_at: DateTime.now,
      status: result.status
    }.merge(service_data)
    create_credential_login(login_data)
  end
-    print_brute :level=>:status, :ip=>rhost, :msg=>("Found Chef Web UI application at #{datastore['TARGETURI']}")
+  def init_loginscanner(ip)
-    bruteforce(ip)
+    @cred_collection = Metasploit::Framework::CredentialCollection.new(
      blank_passwords: datastore['BLANK_PASSWORDS'],
      pass_file:       datastore['PASS_FILE'],
      password:        datastore['PASSWORD'],
      user_file:       datastore['USER_FILE'],
      userpass_file:   datastore['USERPASS_FILE'],
      username:        datastore['USERNAME'],
      user_as_pass:    datastore['USER_AS_PASS']
    )
    # Always try the default first
    @cred_collection.prepend_cred(
      Metasploit::Framework::Credential.new(public: 'admin', private: 'p@ssw0rd1')
    )
    @scanner = Metasploit::Framework::LoginScanner::ChefWebUI.new(
      host:               ip,
      port:               rport,
      proxies:            datastore['PROXIES'],
      uri:                datastore['TARGETURI'],
      cred_details:       @cred_collection,
      stop_on_success:    datastore['STOP_ON_SUCCESS'],
      bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
      connection_timeout: 5,
      framework: framework,
      framework_module: self,
    )
    @scanner.ssl         = datastore['SSL']
    @scanner.ssl_version = datastore['SSLVERSION']
  end
 end
--- a/modules/auxiliary/scanner/http/zabbix_login.rb
+++ b/modules/auxiliary/scanner/http/zabbix_login.rb
@ -39,78 +39,25 @@ class Metasploit3 < Msf::Auxiliary
  end
  #
-  # From the documentation:
+  # main
  #
-  #  "In case of five consecutive failed login attempts, Zabbix interface will pause for 30
+  def run_host(ip)
-  #   seconds in order to prevent brute force and dictionary attacks."
+    init_loginscanner(ip)
-  #
+    msg = @scanner.check_setup
-
+    if msg
-  # Zabbix enables a Guest mode by default that allows access to the dashboard without auth
+      print_brute :level => :error, :ip => rhost, :msg => msg
-  def is_guest_mode_enabled?
+      return
    dashboard_uri = normalize_uri(datastore['TARGETURI'] + '/' + 'dashboard.php')
    res = send_request_cgi({'uri'=>dashboard_uri})
    !! (res && res.code == 200 && res.body.to_s =~ /<title>Zabbix .*: Dashboard<\/title>/)
    end
-  def init_loginscanner(ip)
+    print_brute :level=>:status, :ip=>rhost, :msg=>("Found Zabbix version #{@scanner.version}")
    @cred_collection = Metasploit::Framework::CredentialCollection.new(
      blank_passwords: datastore['BLANK_PASSWORDS'],
      pass_file:       datastore['PASS_FILE'],
      password:        datastore['PASSWORD'],
      user_file:       datastore['USER_FILE'],
      userpass_file:   datastore['USERPASS_FILE'],
      username:        datastore['USERNAME'],
      user_as_pass:    datastore['USER_AS_PASS']
    )
-    # Always try the default first
+    if is_guest_mode_enabled?
-    @cred_collection.prepend_cred(
+      print_brute :level => :good, :ip => ip, :msg => "Note: This Zabbix instance has Guest mode enabled"
-      Metasploit::Framework::Credential.new(public: 'Admin', private: 'zabbix')
+    else
-    )
+      print_brute :level=>:status, :ip=>rhost, :msg=>("Zabbix has disabled Guest mode")
    @scanner = Metasploit::Framework::LoginScanner::Zabbix.new(
      host:               ip,
      port:               rport,
      proxies:            datastore['PROXIES'],
      uri:                datastore['TARGETURI'],
      cred_details:       @cred_collection,
      stop_on_success:    datastore['STOP_ON_SUCCESS'],
      bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
      connection_timeout: 5,
      framework: framework,
      framework_module: self,
    )
    @scanner.ssl         = datastore['SSL']
    @scanner.ssl_version = datastore['SSLVERSION']
    end
-  def do_report(ip, port, result)
+    bruteforce(ip)
    service_data = {
      address: ip,
      port: port,
      service_name: 'http',
      protocol: 'tcp',
      workspace_id: myworkspace_id
    }
    credential_data = {
      module_fullname: self.fullname,
      origin_type: :service,
      private_data: result.credential.private,
      private_type: :password,
      username: result.credential.public,
    }.merge(service_data)
    credential_core = create_credential(credential_data)
    login_data = {
      core: credential_core,
      last_attempted_at: DateTime.now,
      status: result.status
    }.merge(service_data)
    create_credential_login(login_data)
  end
  def bruteforce(ip)
@ -157,27 +104,79 @@ class Metasploit3 < Msf::Auxiliary
    end
  end
  def do_report(ip, port, result)
    service_data = {
      address: ip,
      port: port,
      service_name: 'http',
      protocol: 'tcp',
      workspace_id: myworkspace_id
    }
    credential_data = {
      module_fullname: self.fullname,
      origin_type: :service,
      private_data: result.credential.private,
      private_type: :password,
      username: result.credential.public,
    }.merge(service_data)
    credential_core = create_credential(credential_data)
    login_data = {
      core: credential_core,
      last_attempted_at: DateTime.now,
      status: result.status
    }.merge(service_data)
    create_credential_login(login_data)
  end
  def init_loginscanner(ip)
    @cred_collection = Metasploit::Framework::CredentialCollection.new(
      blank_passwords: datastore['BLANK_PASSWORDS'],
      pass_file:       datastore['PASS_FILE'],
      password:        datastore['PASSWORD'],
      user_file:       datastore['USER_FILE'],
      userpass_file:   datastore['USERPASS_FILE'],
      username:        datastore['USERNAME'],
      user_as_pass:    datastore['USER_AS_PASS']
    )
    # Always try the default first
    @cred_collection.prepend_cred(
      Metasploit::Framework::Credential.new(public: 'Admin', private: 'zabbix')
    )
    @scanner = Metasploit::Framework::LoginScanner::Zabbix.new(
      host:               ip,
      port:               rport,
      proxies:            datastore['PROXIES'],
      uri:                datastore['TARGETURI'],
      cred_details:       @cred_collection,
      stop_on_success:    datastore['STOP_ON_SUCCESS'],
      bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
      connection_timeout: 5,
      framework: framework,
      framework_module: self,
    )
    @scanner.ssl         = datastore['SSL']
    @scanner.ssl_version = datastore['SSLVERSION']
  end
  #
-  # main
+  # From the documentation:
  #
  #  "In case of five consecutive failed login attempts, Zabbix interface will pause for 30
  #   seconds in order to prevent brute force and dictionary attacks."
  #
  def run_host(ip)
    init_loginscanner(ip)
    msg = @scanner.check_setup
    if msg
      print_brute :level => :error, :ip => rhost, :msg => msg
      return
    end
-    print_brute :level=>:status, :ip=>rhost, :msg=>("Found Zabbix version #{@scanner.version}")
+  # Zabbix enables a Guest mode by default that allows access to the dashboard without auth
-
+  def is_guest_mode_enabled?
-    if is_guest_mode_enabled?
+    dashboard_uri = normalize_uri(datastore['TARGETURI'] + '/' + 'dashboard.php')
-      print_brute :level => :good, :ip => ip, :msg => "Note: This Zabbix instance has Guest mode enabled"
+    res = send_request_cgi({'uri'=>dashboard_uri})
-    else
+    !! (res && res.code == 200 && res.body.to_s =~ /<title>Zabbix .*: Dashboard<\/title>/)
      print_brute :level=>:status, :ip=>rhost, :msg=>("Zabbix has disabled Guest mode")
    end
    bruteforce(ip)
  end
 end