infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add leixcal sorting to methods 

lexical sort the new methods except for
msf module entrypoint methods which should always be at
the top
bug/bundler_fix
David Maloney 2015-02-18 14:50:33 -06:00
parent 2847507f03
commit 804db0ff0c
No known key found for this signature in database
GPG Key ID: DEDBA9DC3A913DB2
4 changed files with 219 additions and 221 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
lib/metasploit/framework/login_scanner/chef_webui.rb
View File

@ -19,6 +19,22 @@ module Metasploit
# @return [String] Cookie value
attr_accessor :session_id
# Decides which login routine and returns the results
#
# @param credential [Metasploit::Framework::Credential] The credential object
# @return [Result]
def attempt_login(credential)
result_opts = { credential: credential }
begin
status = try_login(credential)
result_opts.merge!(status)
rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
end
Result.new(result_opts)
end
# (see Base#check_setup)
def check_setup
@ -120,23 +136,6 @@ module Metasploit
{:status => Metasploit::Model::Login::Status::INCORRECT, :proof => res.body}
end
# Decides which login routine and returns the results
#
# @param credential [Metasploit::Framework::Credential] The credential object
# @return [Result]
def attempt_login(credential)
result_opts = { credential: credential }
begin
status = try_login(credential)
result_opts.merge!(status)
rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
end
Result.new(result_opts)
end
end
end
end

35
lib/metasploit/framework/login_scanner/zabbix.rb
View File

@ -20,6 +20,24 @@ module Metasploit
# @return [String] Cookie session
attr_accessor :zsession
# Decides which login routine and returns the results
#
# @param credential [Metasploit::Framework::Credential] The credential object
# @return [Result]
def attempt_login(credential)
result_opts = { credential: credential }
begin
status = try_login(credential)
result_opts.merge!(status)
rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
end
Result.new(result_opts)
end
# (see Base#check_setup)
def check_setup
begin
@ -111,23 +129,6 @@ module Metasploit
{:status => Metasploit::Model::Login::Status::INCORRECT, :proof => res.body}
end
# Decides which login routine and returns the results
#
# @param credential [Metasploit::Framework::Credential] The credential object
# @return [Result]
def attempt_login(credential)
result_opts = { credential: credential }
begin
status = try_login(credential)
result_opts.merge!(status)
rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error => e
result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
end
Result.new(result_opts)
end
end
end
end

135
modules/auxiliary/scanner/http/chef_webui_login.rb
View File

@ -38,65 +38,19 @@ class Metasploit3 < Msf::Auxiliary
], self.class)
end
def init_loginscanner(ip)
@cred_collection = Metasploit::Framework::CredentialCollection.new(
blank_passwords: datastore['BLANK_PASSWORDS'],
pass_file: datastore['PASS_FILE'],
password: datastore['PASSWORD'],
user_file: datastore['USER_FILE'],
userpass_file: datastore['USERPASS_FILE'],
username: datastore['USERNAME'],
user_as_pass: datastore['USER_AS_PASS']
)
# Always try the default first
@cred_collection.prepend_cred(
Metasploit::Framework::Credential.new(public: 'admin', private: 'p@ssw0rd1')
)
@scanner = Metasploit::Framework::LoginScanner::ChefWebUI.new(
host: ip,
port: rport,
proxies: datastore['PROXIES'],
uri: datastore['TARGETURI'],
cred_details: @cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 5,
framework: framework,
framework_module: self,
)
@scanner.ssl = datastore['SSL']
@scanner.ssl_version = datastore['SSLVERSION']
#
# main
#
def run_host(ip)
init_loginscanner(ip)
msg = @scanner.check_setup
if msg
print_brute :level => :error, :ip => rhost, :msg => msg
return
end
def do_report(ip, port, result)
service_data = {
address: ip,
port: port,
service_name: 'http',
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
module_fullname: self.fullname,
origin_type: :service,
private_data: result.credential.private,
private_type: :password,
username: result.credential.public,
}.merge(service_data)
credential_core = create_credential(credential_data)
login_data = {
core: credential_core,
last_attempted_at: DateTime.now,
status: result.status
}.merge(service_data)
create_credential_login(login_data)
print_brute :level=>:status, :ip=>rhost, :msg=>("Found Chef Web UI application at #{datastore['TARGETURI']}")
bruteforce(ip)
end
def bruteforce(ip)
@ -143,20 +97,65 @@ class Metasploit3 < Msf::Auxiliary
end
end
def do_report(ip, port, result)
service_data = {
address: ip,
port: port,
service_name: 'http',
protocol: 'tcp',
workspace_id: myworkspace_id
}
#
# main
#
def run_host(ip)
init_loginscanner(ip)
msg = @scanner.check_setup
if msg
print_brute :level => :error, :ip => rhost, :msg => msg
return
credential_data = {
module_fullname: self.fullname,
origin_type: :service,
private_data: result.credential.private,
private_type: :password,
username: result.credential.public,
}.merge(service_data)
credential_core = create_credential(credential_data)
login_data = {
core: credential_core,
last_attempted_at: DateTime.now,
status: result.status
}.merge(service_data)
create_credential_login(login_data)
end
print_brute :level=>:status, :ip=>rhost, :msg=>("Found Chef Web UI application at #{datastore['TARGETURI']}")
bruteforce(ip)
def init_loginscanner(ip)
@cred_collection = Metasploit::Framework::CredentialCollection.new(
blank_passwords: datastore['BLANK_PASSWORDS'],
pass_file: datastore['PASS_FILE'],
password: datastore['PASSWORD'],
user_file: datastore['USER_FILE'],
userpass_file: datastore['USERPASS_FILE'],
username: datastore['USERNAME'],
user_as_pass: datastore['USER_AS_PASS']
)
# Always try the default first
@cred_collection.prepend_cred(
Metasploit::Framework::Credential.new(public: 'admin', private: 'p@ssw0rd1')
)
@scanner = Metasploit::Framework::LoginScanner::ChefWebUI.new(
host: ip,
port: rport,
proxies: datastore['PROXIES'],
uri: datastore['TARGETURI'],
cred_details: @cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 5,
framework: framework,
framework_module: self,
)
@scanner.ssl = datastore['SSL']
@scanner.ssl_version = datastore['SSLVERSION']
end
end

165
modules/auxiliary/scanner/http/zabbix_login.rb
View File

@ -39,78 +39,25 @@ class Metasploit3 < Msf::Auxiliary
end
#
# From the documentation:
# main
#
# "In case of five consecutive failed login attempts, Zabbix interface will pause for 30
# seconds in order to prevent brute force and dictionary attacks."
#
# Zabbix enables a Guest mode by default that allows access to the dashboard without auth
def is_guest_mode_enabled?
dashboard_uri = normalize_uri(datastore['TARGETURI'] + '/' + 'dashboard.php')
res = send_request_cgi({'uri'=>dashboard_uri})
!! (res && res.code == 200 && res.body.to_s =~ /<title>Zabbix .*: Dashboard<\/title>/)
def run_host(ip)
init_loginscanner(ip)
msg = @scanner.check_setup
if msg
print_brute :level => :error, :ip => rhost, :msg => msg
return
end
def init_loginscanner(ip)
@cred_collection = Metasploit::Framework::CredentialCollection.new(
blank_passwords: datastore['BLANK_PASSWORDS'],
pass_file: datastore['PASS_FILE'],
password: datastore['PASSWORD'],
user_file: datastore['USER_FILE'],
userpass_file: datastore['USERPASS_FILE'],
username: datastore['USERNAME'],
user_as_pass: datastore['USER_AS_PASS']
)
print_brute :level=>:status, :ip=>rhost, :msg=>("Found Zabbix version #{@scanner.version}")
# Always try the default first
@cred_collection.prepend_cred(
Metasploit::Framework::Credential.new(public: 'Admin', private: 'zabbix')
)
@scanner = Metasploit::Framework::LoginScanner::Zabbix.new(
host: ip,
port: rport,
proxies: datastore['PROXIES'],
uri: datastore['TARGETURI'],
cred_details: @cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 5,
framework: framework,
framework_module: self,
)
@scanner.ssl = datastore['SSL']
@scanner.ssl_version = datastore['SSLVERSION']
if is_guest_mode_enabled?
print_brute :level => :good, :ip => ip, :msg => "Note: This Zabbix instance has Guest mode enabled"
else
print_brute :level=>:status, :ip=>rhost, :msg=>("Zabbix has disabled Guest mode")
end
def do_report(ip, port, result)
service_data = {
address: ip,
port: port,
service_name: 'http',
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
module_fullname: self.fullname,
origin_type: :service,
private_data: result.credential.private,
private_type: :password,
username: result.credential.public,
}.merge(service_data)
credential_core = create_credential(credential_data)
login_data = {
core: credential_core,
last_attempted_at: DateTime.now,
status: result.status
}.merge(service_data)
create_credential_login(login_data)
bruteforce(ip)
end
def bruteforce(ip)
@ -157,27 +104,79 @@ class Metasploit3 < Msf::Auxiliary
end
end
def do_report(ip, port, result)
service_data = {
address: ip,
port: port,
service_name: 'http',
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
module_fullname: self.fullname,
origin_type: :service,
private_data: result.credential.private,
private_type: :password,
username: result.credential.public,
}.merge(service_data)
credential_core = create_credential(credential_data)
login_data = {
core: credential_core,
last_attempted_at: DateTime.now,
status: result.status
}.merge(service_data)
create_credential_login(login_data)
end
def init_loginscanner(ip)
@cred_collection = Metasploit::Framework::CredentialCollection.new(
blank_passwords: datastore['BLANK_PASSWORDS'],
pass_file: datastore['PASS_FILE'],
password: datastore['PASSWORD'],
user_file: datastore['USER_FILE'],
userpass_file: datastore['USERPASS_FILE'],
username: datastore['USERNAME'],
user_as_pass: datastore['USER_AS_PASS']
)
# Always try the default first
@cred_collection.prepend_cred(
Metasploit::Framework::Credential.new(public: 'Admin', private: 'zabbix')
)
@scanner = Metasploit::Framework::LoginScanner::Zabbix.new(
host: ip,
port: rport,
proxies: datastore['PROXIES'],
uri: datastore['TARGETURI'],
cred_details: @cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 5,
framework: framework,
framework_module: self,
)
@scanner.ssl = datastore['SSL']
@scanner.ssl_version = datastore['SSLVERSION']
end
#
# main
# From the documentation:
#
# "In case of five consecutive failed login attempts, Zabbix interface will pause for 30
# seconds in order to prevent brute force and dictionary attacks."
#
def run_host(ip)
init_loginscanner(ip)
msg = @scanner.check_setup
if msg
print_brute :level => :error, :ip => rhost, :msg => msg
return
end
print_brute :level=>:status, :ip=>rhost, :msg=>("Found Zabbix version #{@scanner.version}")
if is_guest_mode_enabled?
print_brute :level => :good, :ip => ip, :msg => "Note: This Zabbix instance has Guest mode enabled"
else
print_brute :level=>:status, :ip=>rhost, :msg=>("Zabbix has disabled Guest mode")
end
bruteforce(ip)
# Zabbix enables a Guest mode by default that allows access to the dashboard without auth
def is_guest_mode_enabled?
dashboard_uri = normalize_uri(datastore['TARGETURI'] + '/' + 'dashboard.php')
res = send_request_cgi({'uri'=>dashboard_uri})
!! (res && res.code == 200 && res.body.to_s =~ /<title>Zabbix .*: Dashboard<\/title>/)
end
end