add leixcal sorting to methods
lexical sort the new methods except for msf module entrypoint methods which should always be at the topbug/bundler_fix
parent
2847507f03
commit
804db0ff0c
|
@ -19,6 +19,22 @@ module Metasploit
|
|||
# @return [String] Cookie value
|
||||
attr_accessor :session_id
|
||||
|
||||
# Decides which login routine and returns the results
|
||||
#
|
||||
# @param credential [Metasploit::Framework::Credential] The credential object
|
||||
# @return [Result]
|
||||
def attempt_login(credential)
|
||||
result_opts = { credential: credential }
|
||||
|
||||
begin
|
||||
status = try_login(credential)
|
||||
result_opts.merge!(status)
|
||||
rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
|
||||
result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
|
||||
end
|
||||
|
||||
Result.new(result_opts)
|
||||
end
|
||||
|
||||
# (see Base#check_setup)
|
||||
def check_setup
|
||||
|
@ -120,23 +136,6 @@ module Metasploit
|
|||
{:status => Metasploit::Model::Login::Status::INCORRECT, :proof => res.body}
|
||||
end
|
||||
|
||||
# Decides which login routine and returns the results
|
||||
#
|
||||
# @param credential [Metasploit::Framework::Credential] The credential object
|
||||
# @return [Result]
|
||||
def attempt_login(credential)
|
||||
result_opts = { credential: credential }
|
||||
|
||||
begin
|
||||
status = try_login(credential)
|
||||
result_opts.merge!(status)
|
||||
rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
|
||||
result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
|
||||
end
|
||||
|
||||
Result.new(result_opts)
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -20,6 +20,24 @@ module Metasploit
|
|||
# @return [String] Cookie session
|
||||
attr_accessor :zsession
|
||||
|
||||
# Decides which login routine and returns the results
|
||||
#
|
||||
# @param credential [Metasploit::Framework::Credential] The credential object
|
||||
# @return [Result]
|
||||
def attempt_login(credential)
|
||||
result_opts = { credential: credential }
|
||||
|
||||
begin
|
||||
status = try_login(credential)
|
||||
result_opts.merge!(status)
|
||||
rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
|
||||
result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
|
||||
end
|
||||
|
||||
Result.new(result_opts)
|
||||
end
|
||||
|
||||
|
||||
# (see Base#check_setup)
|
||||
def check_setup
|
||||
begin
|
||||
|
@ -111,23 +129,6 @@ module Metasploit
|
|||
{:status => Metasploit::Model::Login::Status::INCORRECT, :proof => res.body}
|
||||
end
|
||||
|
||||
# Decides which login routine and returns the results
|
||||
#
|
||||
# @param credential [Metasploit::Framework::Credential] The credential object
|
||||
# @return [Result]
|
||||
def attempt_login(credential)
|
||||
result_opts = { credential: credential }
|
||||
|
||||
begin
|
||||
status = try_login(credential)
|
||||
result_opts.merge!(status)
|
||||
rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
|
||||
result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
|
||||
end
|
||||
|
||||
Result.new(result_opts)
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -38,65 +38,19 @@ class Metasploit3 < Msf::Auxiliary
|
|||
], self.class)
|
||||
end
|
||||
|
||||
def init_loginscanner(ip)
|
||||
@cred_collection = Metasploit::Framework::CredentialCollection.new(
|
||||
blank_passwords: datastore['BLANK_PASSWORDS'],
|
||||
pass_file: datastore['PASS_FILE'],
|
||||
password: datastore['PASSWORD'],
|
||||
user_file: datastore['USER_FILE'],
|
||||
userpass_file: datastore['USERPASS_FILE'],
|
||||
username: datastore['USERNAME'],
|
||||
user_as_pass: datastore['USER_AS_PASS']
|
||||
)
|
||||
|
||||
# Always try the default first
|
||||
@cred_collection.prepend_cred(
|
||||
Metasploit::Framework::Credential.new(public: 'admin', private: 'p@ssw0rd1')
|
||||
)
|
||||
|
||||
@scanner = Metasploit::Framework::LoginScanner::ChefWebUI.new(
|
||||
host: ip,
|
||||
port: rport,
|
||||
proxies: datastore['PROXIES'],
|
||||
uri: datastore['TARGETURI'],
|
||||
cred_details: @cred_collection,
|
||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
|
||||
connection_timeout: 5,
|
||||
framework: framework,
|
||||
framework_module: self,
|
||||
)
|
||||
|
||||
@scanner.ssl = datastore['SSL']
|
||||
@scanner.ssl_version = datastore['SSLVERSION']
|
||||
#
|
||||
# main
|
||||
#
|
||||
def run_host(ip)
|
||||
init_loginscanner(ip)
|
||||
msg = @scanner.check_setup
|
||||
if msg
|
||||
print_brute :level => :error, :ip => rhost, :msg => msg
|
||||
return
|
||||
end
|
||||
|
||||
def do_report(ip, port, result)
|
||||
service_data = {
|
||||
address: ip,
|
||||
port: port,
|
||||
service_name: 'http',
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
module_fullname: self.fullname,
|
||||
origin_type: :service,
|
||||
private_data: result.credential.private,
|
||||
private_type: :password,
|
||||
username: result.credential.public,
|
||||
}.merge(service_data)
|
||||
|
||||
credential_core = create_credential(credential_data)
|
||||
|
||||
login_data = {
|
||||
core: credential_core,
|
||||
last_attempted_at: DateTime.now,
|
||||
status: result.status
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
print_brute :level=>:status, :ip=>rhost, :msg=>("Found Chef Web UI application at #{datastore['TARGETURI']}")
|
||||
bruteforce(ip)
|
||||
end
|
||||
|
||||
def bruteforce(ip)
|
||||
|
@ -143,20 +97,65 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
end
|
||||
|
||||
def do_report(ip, port, result)
|
||||
service_data = {
|
||||
address: ip,
|
||||
port: port,
|
||||
service_name: 'http',
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
#
|
||||
# main
|
||||
#
|
||||
def run_host(ip)
|
||||
init_loginscanner(ip)
|
||||
msg = @scanner.check_setup
|
||||
if msg
|
||||
print_brute :level => :error, :ip => rhost, :msg => msg
|
||||
return
|
||||
credential_data = {
|
||||
module_fullname: self.fullname,
|
||||
origin_type: :service,
|
||||
private_data: result.credential.private,
|
||||
private_type: :password,
|
||||
username: result.credential.public,
|
||||
}.merge(service_data)
|
||||
|
||||
credential_core = create_credential(credential_data)
|
||||
|
||||
login_data = {
|
||||
core: credential_core,
|
||||
last_attempted_at: DateTime.now,
|
||||
status: result.status
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
print_brute :level=>:status, :ip=>rhost, :msg=>("Found Chef Web UI application at #{datastore['TARGETURI']}")
|
||||
bruteforce(ip)
|
||||
def init_loginscanner(ip)
|
||||
@cred_collection = Metasploit::Framework::CredentialCollection.new(
|
||||
blank_passwords: datastore['BLANK_PASSWORDS'],
|
||||
pass_file: datastore['PASS_FILE'],
|
||||
password: datastore['PASSWORD'],
|
||||
user_file: datastore['USER_FILE'],
|
||||
userpass_file: datastore['USERPASS_FILE'],
|
||||
username: datastore['USERNAME'],
|
||||
user_as_pass: datastore['USER_AS_PASS']
|
||||
)
|
||||
|
||||
# Always try the default first
|
||||
@cred_collection.prepend_cred(
|
||||
Metasploit::Framework::Credential.new(public: 'admin', private: 'p@ssw0rd1')
|
||||
)
|
||||
|
||||
@scanner = Metasploit::Framework::LoginScanner::ChefWebUI.new(
|
||||
host: ip,
|
||||
port: rport,
|
||||
proxies: datastore['PROXIES'],
|
||||
uri: datastore['TARGETURI'],
|
||||
cred_details: @cred_collection,
|
||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
|
||||
connection_timeout: 5,
|
||||
framework: framework,
|
||||
framework_module: self,
|
||||
)
|
||||
|
||||
@scanner.ssl = datastore['SSL']
|
||||
@scanner.ssl_version = datastore['SSLVERSION']
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -39,78 +39,25 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
#
|
||||
# From the documentation:
|
||||
# main
|
||||
#
|
||||
# "In case of five consecutive failed login attempts, Zabbix interface will pause for 30
|
||||
# seconds in order to prevent brute force and dictionary attacks."
|
||||
#
|
||||
|
||||
# Zabbix enables a Guest mode by default that allows access to the dashboard without auth
|
||||
def is_guest_mode_enabled?
|
||||
dashboard_uri = normalize_uri(datastore['TARGETURI'] + '/' + 'dashboard.php')
|
||||
res = send_request_cgi({'uri'=>dashboard_uri})
|
||||
!! (res && res.code == 200 && res.body.to_s =~ /<title>Zabbix .*: Dashboard<\/title>/)
|
||||
def run_host(ip)
|
||||
init_loginscanner(ip)
|
||||
msg = @scanner.check_setup
|
||||
if msg
|
||||
print_brute :level => :error, :ip => rhost, :msg => msg
|
||||
return
|
||||
end
|
||||
|
||||
def init_loginscanner(ip)
|
||||
@cred_collection = Metasploit::Framework::CredentialCollection.new(
|
||||
blank_passwords: datastore['BLANK_PASSWORDS'],
|
||||
pass_file: datastore['PASS_FILE'],
|
||||
password: datastore['PASSWORD'],
|
||||
user_file: datastore['USER_FILE'],
|
||||
userpass_file: datastore['USERPASS_FILE'],
|
||||
username: datastore['USERNAME'],
|
||||
user_as_pass: datastore['USER_AS_PASS']
|
||||
)
|
||||
print_brute :level=>:status, :ip=>rhost, :msg=>("Found Zabbix version #{@scanner.version}")
|
||||
|
||||
# Always try the default first
|
||||
@cred_collection.prepend_cred(
|
||||
Metasploit::Framework::Credential.new(public: 'Admin', private: 'zabbix')
|
||||
)
|
||||
|
||||
@scanner = Metasploit::Framework::LoginScanner::Zabbix.new(
|
||||
host: ip,
|
||||
port: rport,
|
||||
proxies: datastore['PROXIES'],
|
||||
uri: datastore['TARGETURI'],
|
||||
cred_details: @cred_collection,
|
||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
|
||||
connection_timeout: 5,
|
||||
framework: framework,
|
||||
framework_module: self,
|
||||
)
|
||||
|
||||
@scanner.ssl = datastore['SSL']
|
||||
@scanner.ssl_version = datastore['SSLVERSION']
|
||||
if is_guest_mode_enabled?
|
||||
print_brute :level => :good, :ip => ip, :msg => "Note: This Zabbix instance has Guest mode enabled"
|
||||
else
|
||||
print_brute :level=>:status, :ip=>rhost, :msg=>("Zabbix has disabled Guest mode")
|
||||
end
|
||||
|
||||
def do_report(ip, port, result)
|
||||
service_data = {
|
||||
address: ip,
|
||||
port: port,
|
||||
service_name: 'http',
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
module_fullname: self.fullname,
|
||||
origin_type: :service,
|
||||
private_data: result.credential.private,
|
||||
private_type: :password,
|
||||
username: result.credential.public,
|
||||
}.merge(service_data)
|
||||
|
||||
credential_core = create_credential(credential_data)
|
||||
|
||||
login_data = {
|
||||
core: credential_core,
|
||||
last_attempted_at: DateTime.now,
|
||||
status: result.status
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
bruteforce(ip)
|
||||
end
|
||||
|
||||
def bruteforce(ip)
|
||||
|
@ -157,27 +104,79 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
end
|
||||
|
||||
def do_report(ip, port, result)
|
||||
service_data = {
|
||||
address: ip,
|
||||
port: port,
|
||||
service_name: 'http',
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
module_fullname: self.fullname,
|
||||
origin_type: :service,
|
||||
private_data: result.credential.private,
|
||||
private_type: :password,
|
||||
username: result.credential.public,
|
||||
}.merge(service_data)
|
||||
|
||||
credential_core = create_credential(credential_data)
|
||||
|
||||
login_data = {
|
||||
core: credential_core,
|
||||
last_attempted_at: DateTime.now,
|
||||
status: result.status
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
def init_loginscanner(ip)
|
||||
@cred_collection = Metasploit::Framework::CredentialCollection.new(
|
||||
blank_passwords: datastore['BLANK_PASSWORDS'],
|
||||
pass_file: datastore['PASS_FILE'],
|
||||
password: datastore['PASSWORD'],
|
||||
user_file: datastore['USER_FILE'],
|
||||
userpass_file: datastore['USERPASS_FILE'],
|
||||
username: datastore['USERNAME'],
|
||||
user_as_pass: datastore['USER_AS_PASS']
|
||||
)
|
||||
|
||||
# Always try the default first
|
||||
@cred_collection.prepend_cred(
|
||||
Metasploit::Framework::Credential.new(public: 'Admin', private: 'zabbix')
|
||||
)
|
||||
|
||||
@scanner = Metasploit::Framework::LoginScanner::Zabbix.new(
|
||||
host: ip,
|
||||
port: rport,
|
||||
proxies: datastore['PROXIES'],
|
||||
uri: datastore['TARGETURI'],
|
||||
cred_details: @cred_collection,
|
||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
|
||||
connection_timeout: 5,
|
||||
framework: framework,
|
||||
framework_module: self,
|
||||
)
|
||||
|
||||
@scanner.ssl = datastore['SSL']
|
||||
@scanner.ssl_version = datastore['SSLVERSION']
|
||||
end
|
||||
|
||||
#
|
||||
# main
|
||||
# From the documentation:
|
||||
#
|
||||
# "In case of five consecutive failed login attempts, Zabbix interface will pause for 30
|
||||
# seconds in order to prevent brute force and dictionary attacks."
|
||||
#
|
||||
def run_host(ip)
|
||||
init_loginscanner(ip)
|
||||
msg = @scanner.check_setup
|
||||
if msg
|
||||
print_brute :level => :error, :ip => rhost, :msg => msg
|
||||
return
|
||||
end
|
||||
|
||||
print_brute :level=>:status, :ip=>rhost, :msg=>("Found Zabbix version #{@scanner.version}")
|
||||
|
||||
if is_guest_mode_enabled?
|
||||
print_brute :level => :good, :ip => ip, :msg => "Note: This Zabbix instance has Guest mode enabled"
|
||||
else
|
||||
print_brute :level=>:status, :ip=>rhost, :msg=>("Zabbix has disabled Guest mode")
|
||||
end
|
||||
|
||||
bruteforce(ip)
|
||||
# Zabbix enables a Guest mode by default that allows access to the dashboard without auth
|
||||
def is_guest_mode_enabled?
|
||||
dashboard_uri = normalize_uri(datastore['TARGETURI'] + '/' + 'dashboard.php')
|
||||
res = send_request_cgi({'uri'=>dashboard_uri})
|
||||
!! (res && res.code == 200 && res.body.to_s =~ /<title>Zabbix .*: Dashboard<\/title>/)
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue