add leixcal sorting to methods
lexical sort the new methods except for msf module entrypoint methods which should always be at the topbug/bundler_fix
parent
2847507f03
commit
804db0ff0c
|
@ -19,6 +19,22 @@ module Metasploit
|
||||||
# @return [String] Cookie value
|
# @return [String] Cookie value
|
||||||
attr_accessor :session_id
|
attr_accessor :session_id
|
||||||
|
|
||||||
|
# Decides which login routine and returns the results
|
||||||
|
#
|
||||||
|
# @param credential [Metasploit::Framework::Credential] The credential object
|
||||||
|
# @return [Result]
|
||||||
|
def attempt_login(credential)
|
||||||
|
result_opts = { credential: credential }
|
||||||
|
|
||||||
|
begin
|
||||||
|
status = try_login(credential)
|
||||||
|
result_opts.merge!(status)
|
||||||
|
rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
|
||||||
|
result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
|
||||||
|
end
|
||||||
|
|
||||||
|
Result.new(result_opts)
|
||||||
|
end
|
||||||
|
|
||||||
# (see Base#check_setup)
|
# (see Base#check_setup)
|
||||||
def check_setup
|
def check_setup
|
||||||
|
@ -120,23 +136,6 @@ module Metasploit
|
||||||
{:status => Metasploit::Model::Login::Status::INCORRECT, :proof => res.body}
|
{:status => Metasploit::Model::Login::Status::INCORRECT, :proof => res.body}
|
||||||
end
|
end
|
||||||
|
|
||||||
# Decides which login routine and returns the results
|
|
||||||
#
|
|
||||||
# @param credential [Metasploit::Framework::Credential] The credential object
|
|
||||||
# @return [Result]
|
|
||||||
def attempt_login(credential)
|
|
||||||
result_opts = { credential: credential }
|
|
||||||
|
|
||||||
begin
|
|
||||||
status = try_login(credential)
|
|
||||||
result_opts.merge!(status)
|
|
||||||
rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
|
|
||||||
result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
|
|
||||||
end
|
|
||||||
|
|
||||||
Result.new(result_opts)
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -20,6 +20,24 @@ module Metasploit
|
||||||
# @return [String] Cookie session
|
# @return [String] Cookie session
|
||||||
attr_accessor :zsession
|
attr_accessor :zsession
|
||||||
|
|
||||||
|
# Decides which login routine and returns the results
|
||||||
|
#
|
||||||
|
# @param credential [Metasploit::Framework::Credential] The credential object
|
||||||
|
# @return [Result]
|
||||||
|
def attempt_login(credential)
|
||||||
|
result_opts = { credential: credential }
|
||||||
|
|
||||||
|
begin
|
||||||
|
status = try_login(credential)
|
||||||
|
result_opts.merge!(status)
|
||||||
|
rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
|
||||||
|
result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
|
||||||
|
end
|
||||||
|
|
||||||
|
Result.new(result_opts)
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
# (see Base#check_setup)
|
# (see Base#check_setup)
|
||||||
def check_setup
|
def check_setup
|
||||||
begin
|
begin
|
||||||
|
@ -111,23 +129,6 @@ module Metasploit
|
||||||
{:status => Metasploit::Model::Login::Status::INCORRECT, :proof => res.body}
|
{:status => Metasploit::Model::Login::Status::INCORRECT, :proof => res.body}
|
||||||
end
|
end
|
||||||
|
|
||||||
# Decides which login routine and returns the results
|
|
||||||
#
|
|
||||||
# @param credential [Metasploit::Framework::Credential] The credential object
|
|
||||||
# @return [Result]
|
|
||||||
def attempt_login(credential)
|
|
||||||
result_opts = { credential: credential }
|
|
||||||
|
|
||||||
begin
|
|
||||||
status = try_login(credential)
|
|
||||||
result_opts.merge!(status)
|
|
||||||
rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
|
|
||||||
result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
|
|
||||||
end
|
|
||||||
|
|
||||||
Result.new(result_opts)
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -38,65 +38,19 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
], self.class)
|
], self.class)
|
||||||
end
|
end
|
||||||
|
|
||||||
def init_loginscanner(ip)
|
#
|
||||||
@cred_collection = Metasploit::Framework::CredentialCollection.new(
|
# main
|
||||||
blank_passwords: datastore['BLANK_PASSWORDS'],
|
#
|
||||||
pass_file: datastore['PASS_FILE'],
|
def run_host(ip)
|
||||||
password: datastore['PASSWORD'],
|
init_loginscanner(ip)
|
||||||
user_file: datastore['USER_FILE'],
|
msg = @scanner.check_setup
|
||||||
userpass_file: datastore['USERPASS_FILE'],
|
if msg
|
||||||
username: datastore['USERNAME'],
|
print_brute :level => :error, :ip => rhost, :msg => msg
|
||||||
user_as_pass: datastore['USER_AS_PASS']
|
return
|
||||||
)
|
|
||||||
|
|
||||||
# Always try the default first
|
|
||||||
@cred_collection.prepend_cred(
|
|
||||||
Metasploit::Framework::Credential.new(public: 'admin', private: 'p@ssw0rd1')
|
|
||||||
)
|
|
||||||
|
|
||||||
@scanner = Metasploit::Framework::LoginScanner::ChefWebUI.new(
|
|
||||||
host: ip,
|
|
||||||
port: rport,
|
|
||||||
proxies: datastore['PROXIES'],
|
|
||||||
uri: datastore['TARGETURI'],
|
|
||||||
cred_details: @cred_collection,
|
|
||||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
|
||||||
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
|
|
||||||
connection_timeout: 5,
|
|
||||||
framework: framework,
|
|
||||||
framework_module: self,
|
|
||||||
)
|
|
||||||
|
|
||||||
@scanner.ssl = datastore['SSL']
|
|
||||||
@scanner.ssl_version = datastore['SSLVERSION']
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def do_report(ip, port, result)
|
print_brute :level=>:status, :ip=>rhost, :msg=>("Found Chef Web UI application at #{datastore['TARGETURI']}")
|
||||||
service_data = {
|
bruteforce(ip)
|
||||||
address: ip,
|
|
||||||
port: port,
|
|
||||||
service_name: 'http',
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data = {
|
|
||||||
module_fullname: self.fullname,
|
|
||||||
origin_type: :service,
|
|
||||||
private_data: result.credential.private,
|
|
||||||
private_type: :password,
|
|
||||||
username: result.credential.public,
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
credential_core = create_credential(credential_data)
|
|
||||||
|
|
||||||
login_data = {
|
|
||||||
core: credential_core,
|
|
||||||
last_attempted_at: DateTime.now,
|
|
||||||
status: result.status
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
create_credential_login(login_data)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def bruteforce(ip)
|
def bruteforce(ip)
|
||||||
|
@ -143,20 +97,65 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def do_report(ip, port, result)
|
||||||
|
service_data = {
|
||||||
|
address: ip,
|
||||||
|
port: port,
|
||||||
|
service_name: 'http',
|
||||||
|
protocol: 'tcp',
|
||||||
|
workspace_id: myworkspace_id
|
||||||
|
}
|
||||||
|
|
||||||
#
|
credential_data = {
|
||||||
# main
|
module_fullname: self.fullname,
|
||||||
#
|
origin_type: :service,
|
||||||
def run_host(ip)
|
private_data: result.credential.private,
|
||||||
init_loginscanner(ip)
|
private_type: :password,
|
||||||
msg = @scanner.check_setup
|
username: result.credential.public,
|
||||||
if msg
|
}.merge(service_data)
|
||||||
print_brute :level => :error, :ip => rhost, :msg => msg
|
|
||||||
return
|
credential_core = create_credential(credential_data)
|
||||||
|
|
||||||
|
login_data = {
|
||||||
|
core: credential_core,
|
||||||
|
last_attempted_at: DateTime.now,
|
||||||
|
status: result.status
|
||||||
|
}.merge(service_data)
|
||||||
|
|
||||||
|
create_credential_login(login_data)
|
||||||
end
|
end
|
||||||
|
|
||||||
print_brute :level=>:status, :ip=>rhost, :msg=>("Found Chef Web UI application at #{datastore['TARGETURI']}")
|
def init_loginscanner(ip)
|
||||||
bruteforce(ip)
|
@cred_collection = Metasploit::Framework::CredentialCollection.new(
|
||||||
|
blank_passwords: datastore['BLANK_PASSWORDS'],
|
||||||
|
pass_file: datastore['PASS_FILE'],
|
||||||
|
password: datastore['PASSWORD'],
|
||||||
|
user_file: datastore['USER_FILE'],
|
||||||
|
userpass_file: datastore['USERPASS_FILE'],
|
||||||
|
username: datastore['USERNAME'],
|
||||||
|
user_as_pass: datastore['USER_AS_PASS']
|
||||||
|
)
|
||||||
|
|
||||||
|
# Always try the default first
|
||||||
|
@cred_collection.prepend_cred(
|
||||||
|
Metasploit::Framework::Credential.new(public: 'admin', private: 'p@ssw0rd1')
|
||||||
|
)
|
||||||
|
|
||||||
|
@scanner = Metasploit::Framework::LoginScanner::ChefWebUI.new(
|
||||||
|
host: ip,
|
||||||
|
port: rport,
|
||||||
|
proxies: datastore['PROXIES'],
|
||||||
|
uri: datastore['TARGETURI'],
|
||||||
|
cred_details: @cred_collection,
|
||||||
|
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||||
|
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
|
||||||
|
connection_timeout: 5,
|
||||||
|
framework: framework,
|
||||||
|
framework_module: self,
|
||||||
|
)
|
||||||
|
|
||||||
|
@scanner.ssl = datastore['SSL']
|
||||||
|
@scanner.ssl_version = datastore['SSLVERSION']
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -39,78 +39,25 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
# From the documentation:
|
# main
|
||||||
#
|
#
|
||||||
# "In case of five consecutive failed login attempts, Zabbix interface will pause for 30
|
def run_host(ip)
|
||||||
# seconds in order to prevent brute force and dictionary attacks."
|
init_loginscanner(ip)
|
||||||
#
|
msg = @scanner.check_setup
|
||||||
|
if msg
|
||||||
# Zabbix enables a Guest mode by default that allows access to the dashboard without auth
|
print_brute :level => :error, :ip => rhost, :msg => msg
|
||||||
def is_guest_mode_enabled?
|
return
|
||||||
dashboard_uri = normalize_uri(datastore['TARGETURI'] + '/' + 'dashboard.php')
|
|
||||||
res = send_request_cgi({'uri'=>dashboard_uri})
|
|
||||||
!! (res && res.code == 200 && res.body.to_s =~ /<title>Zabbix .*: Dashboard<\/title>/)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def init_loginscanner(ip)
|
print_brute :level=>:status, :ip=>rhost, :msg=>("Found Zabbix version #{@scanner.version}")
|
||||||
@cred_collection = Metasploit::Framework::CredentialCollection.new(
|
|
||||||
blank_passwords: datastore['BLANK_PASSWORDS'],
|
|
||||||
pass_file: datastore['PASS_FILE'],
|
|
||||||
password: datastore['PASSWORD'],
|
|
||||||
user_file: datastore['USER_FILE'],
|
|
||||||
userpass_file: datastore['USERPASS_FILE'],
|
|
||||||
username: datastore['USERNAME'],
|
|
||||||
user_as_pass: datastore['USER_AS_PASS']
|
|
||||||
)
|
|
||||||
|
|
||||||
# Always try the default first
|
if is_guest_mode_enabled?
|
||||||
@cred_collection.prepend_cred(
|
print_brute :level => :good, :ip => ip, :msg => "Note: This Zabbix instance has Guest mode enabled"
|
||||||
Metasploit::Framework::Credential.new(public: 'Admin', private: 'zabbix')
|
else
|
||||||
)
|
print_brute :level=>:status, :ip=>rhost, :msg=>("Zabbix has disabled Guest mode")
|
||||||
|
|
||||||
@scanner = Metasploit::Framework::LoginScanner::Zabbix.new(
|
|
||||||
host: ip,
|
|
||||||
port: rport,
|
|
||||||
proxies: datastore['PROXIES'],
|
|
||||||
uri: datastore['TARGETURI'],
|
|
||||||
cred_details: @cred_collection,
|
|
||||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
|
||||||
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
|
|
||||||
connection_timeout: 5,
|
|
||||||
framework: framework,
|
|
||||||
framework_module: self,
|
|
||||||
)
|
|
||||||
|
|
||||||
@scanner.ssl = datastore['SSL']
|
|
||||||
@scanner.ssl_version = datastore['SSLVERSION']
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def do_report(ip, port, result)
|
bruteforce(ip)
|
||||||
service_data = {
|
|
||||||
address: ip,
|
|
||||||
port: port,
|
|
||||||
service_name: 'http',
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data = {
|
|
||||||
module_fullname: self.fullname,
|
|
||||||
origin_type: :service,
|
|
||||||
private_data: result.credential.private,
|
|
||||||
private_type: :password,
|
|
||||||
username: result.credential.public,
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
credential_core = create_credential(credential_data)
|
|
||||||
|
|
||||||
login_data = {
|
|
||||||
core: credential_core,
|
|
||||||
last_attempted_at: DateTime.now,
|
|
||||||
status: result.status
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
create_credential_login(login_data)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def bruteforce(ip)
|
def bruteforce(ip)
|
||||||
|
@ -157,27 +104,79 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def do_report(ip, port, result)
|
||||||
|
service_data = {
|
||||||
|
address: ip,
|
||||||
|
port: port,
|
||||||
|
service_name: 'http',
|
||||||
|
protocol: 'tcp',
|
||||||
|
workspace_id: myworkspace_id
|
||||||
|
}
|
||||||
|
|
||||||
|
credential_data = {
|
||||||
|
module_fullname: self.fullname,
|
||||||
|
origin_type: :service,
|
||||||
|
private_data: result.credential.private,
|
||||||
|
private_type: :password,
|
||||||
|
username: result.credential.public,
|
||||||
|
}.merge(service_data)
|
||||||
|
|
||||||
|
credential_core = create_credential(credential_data)
|
||||||
|
|
||||||
|
login_data = {
|
||||||
|
core: credential_core,
|
||||||
|
last_attempted_at: DateTime.now,
|
||||||
|
status: result.status
|
||||||
|
}.merge(service_data)
|
||||||
|
|
||||||
|
create_credential_login(login_data)
|
||||||
|
end
|
||||||
|
|
||||||
|
def init_loginscanner(ip)
|
||||||
|
@cred_collection = Metasploit::Framework::CredentialCollection.new(
|
||||||
|
blank_passwords: datastore['BLANK_PASSWORDS'],
|
||||||
|
pass_file: datastore['PASS_FILE'],
|
||||||
|
password: datastore['PASSWORD'],
|
||||||
|
user_file: datastore['USER_FILE'],
|
||||||
|
userpass_file: datastore['USERPASS_FILE'],
|
||||||
|
username: datastore['USERNAME'],
|
||||||
|
user_as_pass: datastore['USER_AS_PASS']
|
||||||
|
)
|
||||||
|
|
||||||
|
# Always try the default first
|
||||||
|
@cred_collection.prepend_cred(
|
||||||
|
Metasploit::Framework::Credential.new(public: 'Admin', private: 'zabbix')
|
||||||
|
)
|
||||||
|
|
||||||
|
@scanner = Metasploit::Framework::LoginScanner::Zabbix.new(
|
||||||
|
host: ip,
|
||||||
|
port: rport,
|
||||||
|
proxies: datastore['PROXIES'],
|
||||||
|
uri: datastore['TARGETURI'],
|
||||||
|
cred_details: @cred_collection,
|
||||||
|
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||||
|
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
|
||||||
|
connection_timeout: 5,
|
||||||
|
framework: framework,
|
||||||
|
framework_module: self,
|
||||||
|
)
|
||||||
|
|
||||||
|
@scanner.ssl = datastore['SSL']
|
||||||
|
@scanner.ssl_version = datastore['SSLVERSION']
|
||||||
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
# main
|
# From the documentation:
|
||||||
|
#
|
||||||
|
# "In case of five consecutive failed login attempts, Zabbix interface will pause for 30
|
||||||
|
# seconds in order to prevent brute force and dictionary attacks."
|
||||||
#
|
#
|
||||||
def run_host(ip)
|
|
||||||
init_loginscanner(ip)
|
|
||||||
msg = @scanner.check_setup
|
|
||||||
if msg
|
|
||||||
print_brute :level => :error, :ip => rhost, :msg => msg
|
|
||||||
return
|
|
||||||
end
|
|
||||||
|
|
||||||
print_brute :level=>:status, :ip=>rhost, :msg=>("Found Zabbix version #{@scanner.version}")
|
# Zabbix enables a Guest mode by default that allows access to the dashboard without auth
|
||||||
|
def is_guest_mode_enabled?
|
||||||
if is_guest_mode_enabled?
|
dashboard_uri = normalize_uri(datastore['TARGETURI'] + '/' + 'dashboard.php')
|
||||||
print_brute :level => :good, :ip => ip, :msg => "Note: This Zabbix instance has Guest mode enabled"
|
res = send_request_cgi({'uri'=>dashboard_uri})
|
||||||
else
|
!! (res && res.code == 200 && res.body.to_s =~ /<title>Zabbix .*: Dashboard<\/title>/)
|
||||||
print_brute :level=>:status, :ip=>rhost, :msg=>("Zabbix has disabled Guest mode")
|
|
||||||
end
|
|
||||||
|
|
||||||
bruteforce(ip)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue