Land @2243, @wchen-r7's patch for [SeeRM #8312]
jvazquez-r7
commit
809b42984e
|
|
@ -32,59 +32,66 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def run
|
||||
wordlist = Rex::Quickfile.new("jtrtmp")
|
||||
|
||||
wordlist.write( build_seed().join("\n") + "\n" )
|
||||
wordlist.close
|
||||
|
||||
hashlist = Rex::Quickfile.new("jtrtmp")
|
||||
begin
|
||||
wordlist.write( build_seed().join("\n") + "\n" )
|
||||
ensure
|
||||
wordlist.close
|
||||
end
|
||||
|
||||
myloots = myworkspace.loots.find(:all, :conditions => ['ltype=?', 'aix.hashes'])
|
||||
unless myloots.nil? or myloots.empty?
|
||||
myloots.each do |myloot|
|
||||
begin
|
||||
usf = File.open(myloot.path, "rb")
|
||||
rescue Exception => e
|
||||
print_error("Unable to read #{myloot.path} \n #{e}")
|
||||
next
|
||||
end
|
||||
usf.each_line do |row|
|
||||
row.gsub!(/\n/, ":#{myloot.host.address}\n")
|
||||
hashlist.write(row)
|
||||
return if myloots.nil? or myloots.empty?
|
||||
|
||||
loot_data = ''
|
||||
|
||||
myloots.each do |myloot|
|
||||
usf = ''
|
||||
begin
|
||||
File.open(myloot.path, "rb") do |f|
|
||||
usf = f.read
|
||||
end
|
||||
rescue Exception => e
|
||||
print_error("Unable to read #{myloot.path} \n #{e}")
|
||||
next
|
||||
end
|
||||
hashlist.close
|
||||
|
||||
print_status("HashList: #{hashlist.path}")
|
||||
|
||||
print_status("Trying Format:des Wordlist: #{wordlist.path}")
|
||||
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'des')
|
||||
print_status("Trying Format:des Rule: All4...")
|
||||
john_crack(hashlist.path, :incremental => "All4", :format => 'des')
|
||||
print_status("Trying Format:des Rule: Digits5...")
|
||||
john_crack(hashlist.path, :incremental => "Digits5", :format => 'des')
|
||||
|
||||
cracked = john_show_passwords(hashlist.path)
|
||||
|
||||
|
||||
print_status("#{cracked[:cracked]} hashes were cracked!")
|
||||
|
||||
cracked[:users].each_pair do |k,v|
|
||||
if v[0] == "NO PASSWORD"
|
||||
passwd=""
|
||||
else
|
||||
passwd=v[0]
|
||||
end
|
||||
print_good("Host: #{v.last} User: #{k} Pass: #{passwd}")
|
||||
report_auth_info(
|
||||
:host => v.last,
|
||||
:port => 22,
|
||||
:sname => 'ssh',
|
||||
:user => k,
|
||||
:pass => passwd
|
||||
)
|
||||
usf.each_line do |row|
|
||||
row.gsub!(/\n/, ":#{myloot.host.address}\n")
|
||||
loot_data << row
|
||||
end
|
||||
end
|
||||
|
||||
hashlist = Rex::Quickfile.new("jtrtmp")
|
||||
hashlist.write(loot_data)
|
||||
hashlist.close
|
||||
|
||||
print_status("HashList: #{hashlist.path}")
|
||||
|
||||
print_status("Trying Format:des Wordlist: #{wordlist.path}")
|
||||
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'des')
|
||||
print_status("Trying Format:des Rule: All4...")
|
||||
john_crack(hashlist.path, :incremental => "All4", :format => 'des')
|
||||
print_status("Trying Format:des Rule: Digits5...")
|
||||
john_crack(hashlist.path, :incremental => "Digits5", :format => 'des')
|
||||
|
||||
cracked = john_show_passwords(hashlist.path)
|
||||
|
||||
|
||||
print_status("#{cracked[:cracked]} hashes were cracked!")
|
||||
|
||||
cracked[:users].each_pair do |k,v|
|
||||
if v[0] == "NO PASSWORD"
|
||||
passwd=""
|
||||
else
|
||||
passwd=v[0]
|
||||
end
|
||||
print_good("Host: #{v.last} User: #{k} Pass: #{passwd}")
|
||||
report_auth_info(
|
||||
:host => v.last,
|
||||
:port => 22,
|
||||
:sname => 'ssh',
|
||||
:user => k,
|
||||
:pass => passwd
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
|||
|
|
@ -41,84 +41,89 @@ class Metasploit3 < Msf::Auxiliary
|
|||
def run
|
||||
wordlist = Rex::Quickfile.new("jtrtmp")
|
||||
|
||||
wordlist.write( build_seed().join("\n") + "\n" )
|
||||
wordlist.close
|
||||
|
||||
hashlist = Rex::Quickfile.new("jtrtmp")
|
||||
begin
|
||||
wordlist.write( build_seed().join("\n") + "\n" )
|
||||
ensure
|
||||
wordlist.close
|
||||
end
|
||||
|
||||
myloots = myworkspace.loots.where('ltype=?', 'linux.hashes')
|
||||
unless myloots.nil? or myloots.empty?
|
||||
myloots.each do |myloot|
|
||||
begin
|
||||
usf = File.open(myloot.path, "rb")
|
||||
rescue Exception => e
|
||||
print_error("Unable to read #{myloot.path} \n #{e}")
|
||||
end
|
||||
usf.each_line do |row|
|
||||
row.gsub!(/\n/, ":#{myloot.host.address}\n")
|
||||
hashlist.write(row)
|
||||
return if myloots.nil? or myloots.empty?
|
||||
|
||||
loot_data = ''
|
||||
|
||||
myloots.each do |myloot|
|
||||
usf = ''
|
||||
begin
|
||||
File.open(myloot.path, "rb") do |f|
|
||||
usf = f.read
|
||||
end
|
||||
rescue Exception => e
|
||||
print_error("Unable to read #{myloot.path} \n #{e}")
|
||||
end
|
||||
hashlist.close
|
||||
|
||||
print_status("HashList: #{hashlist.path}")
|
||||
|
||||
print_status("Trying Format:md5 Wordlist: #{wordlist.path}")
|
||||
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'md5')
|
||||
print_status("Trying Format:md5 Rule: All4...")
|
||||
john_crack(hashlist.path, :incremental => "All4", :format => 'md5')
|
||||
print_status("Trying Format:md5 Rule: Digits5...")
|
||||
john_crack(hashlist.path, :incremental => "Digits5", :format => 'md5')
|
||||
|
||||
|
||||
print_status("Trying Format:des Wordlist: #{wordlist.path}")
|
||||
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'des')
|
||||
print_status("Trying Format:des Rule: All4...")
|
||||
john_crack(hashlist.path, :incremental => "All4", :format => 'des')
|
||||
print_status("Trying Format:des Rule: Digits5...")
|
||||
john_crack(hashlist.path, :incremental => "Digits5", :format => 'des')
|
||||
|
||||
print_status("Trying Format:bsdi Wordlist: #{wordlist.path}")
|
||||
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'bsdi')
|
||||
print_status("Trying Format:bsdi Rule: All4...")
|
||||
john_crack(hashlist.path, :incremental => "All4", :format => 'bsdi')
|
||||
print_status("Trying Format:bsdi Rule: Digits5...")
|
||||
john_crack(hashlist.path, :incremental => "Digits5", :format => 'bsdi')
|
||||
|
||||
if datastore['Crypt']
|
||||
print_status("Trying Format:crypt Wordlist: #{wordlist.path}")
|
||||
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'crypt')
|
||||
print_status("Trying Rule: All4...")
|
||||
john_crack(hashlist.path, :incremental => "All4", :format => 'crypt')
|
||||
print_status("Trying Rule: Digits5...")
|
||||
john_crack(hashlist.path, :incremental => "Digits5", :format => 'crypt')
|
||||
end
|
||||
|
||||
|
||||
cracked = john_show_passwords(hashlist.path)
|
||||
|
||||
|
||||
print_status("#{cracked[:cracked]} hashes were cracked!")
|
||||
|
||||
cracked[:users].each_pair do |k,v|
|
||||
if v[0] == "NO PASSWORD"
|
||||
passwd=""
|
||||
else
|
||||
passwd=v[0]
|
||||
end
|
||||
print_good("Host: #{v.last} User: #{k} Pass: #{passwd}")
|
||||
report_auth_info(
|
||||
:host => v.last,
|
||||
:port => 22,
|
||||
:sname => 'ssh',
|
||||
:user => k,
|
||||
:pass => passwd
|
||||
)
|
||||
usf.each_line do |row|
|
||||
row.gsub!(/\n/, ":#{myloot.host.address}\n")
|
||||
loot_data << row
|
||||
end
|
||||
end
|
||||
|
||||
hashlist = Rex::Quickfile.new("jtrtmp")
|
||||
hashlist.write(loot_data)
|
||||
hashlist.close
|
||||
|
||||
print_status("HashList: #{hashlist.path}")
|
||||
|
||||
print_status("Trying Format:md5 Wordlist: #{wordlist.path}")
|
||||
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'md5')
|
||||
print_status("Trying Format:md5 Rule: All4...")
|
||||
john_crack(hashlist.path, :incremental => "All4", :format => 'md5')
|
||||
print_status("Trying Format:md5 Rule: Digits5...")
|
||||
john_crack(hashlist.path, :incremental => "Digits5", :format => 'md5')
|
||||
|
||||
|
||||
print_status("Trying Format:des Wordlist: #{wordlist.path}")
|
||||
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'des')
|
||||
print_status("Trying Format:des Rule: All4...")
|
||||
john_crack(hashlist.path, :incremental => "All4", :format => 'des')
|
||||
print_status("Trying Format:des Rule: Digits5...")
|
||||
john_crack(hashlist.path, :incremental => "Digits5", :format => 'des')
|
||||
|
||||
print_status("Trying Format:bsdi Wordlist: #{wordlist.path}")
|
||||
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'bsdi')
|
||||
print_status("Trying Format:bsdi Rule: All4...")
|
||||
john_crack(hashlist.path, :incremental => "All4", :format => 'bsdi')
|
||||
print_status("Trying Format:bsdi Rule: Digits5...")
|
||||
john_crack(hashlist.path, :incremental => "Digits5", :format => 'bsdi')
|
||||
|
||||
if datastore['Crypt']
|
||||
print_status("Trying Format:crypt Wordlist: #{wordlist.path}")
|
||||
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'crypt')
|
||||
print_status("Trying Rule: All4...")
|
||||
john_crack(hashlist.path, :incremental => "All4", :format => 'crypt')
|
||||
print_status("Trying Rule: Digits5...")
|
||||
john_crack(hashlist.path, :incremental => "Digits5", :format => 'crypt')
|
||||
end
|
||||
|
||||
|
||||
cracked = john_show_passwords(hashlist.path)
|
||||
|
||||
|
||||
print_status("#{cracked[:cracked]} hashes were cracked!")
|
||||
|
||||
cracked[:users].each_pair do |k,v|
|
||||
if v[0] == "NO PASSWORD"
|
||||
passwd=""
|
||||
else
|
||||
passwd=v[0]
|
||||
end
|
||||
print_good("Host: #{v.last} User: #{k} Pass: #{passwd}")
|
||||
report_auth_info(
|
||||
:host => v.last,
|
||||
:port => 22,
|
||||
:sname => 'ssh',
|
||||
:user => k,
|
||||
:pass => passwd
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
|
||||
end
|
||||
|
|
|
|||
|
|
@ -46,42 +46,82 @@ class Metasploit3 < Msf::Auxiliary
|
|||
deregister_options('SUBJECT')
|
||||
end
|
||||
|
||||
def load_yaml_conf
|
||||
opts = {}
|
||||
|
||||
File.open(datastore['YAML_CONFIG'], "rb") do |f|
|
||||
yamlconf = YAML::load(f)
|
||||
|
||||
opts['to'] = yamlconf['to']
|
||||
opts['from'] = yamlconf['from']
|
||||
opts['subject'] = yamlconf['subject']
|
||||
opts['type'] = yamlconf['type']
|
||||
opts['msg_file'] = yamlconf['msg_file']
|
||||
opts['wait'] = yamlconf['wait']
|
||||
opts['add_name'] = yamlconf['add_name']
|
||||
opts['sig'] = yamlconf['sig']
|
||||
opts['sig_file'] = yamlconf['sig_file']
|
||||
opts['attachment'] = yamlconf['attachment']
|
||||
opts['attachment_file'] = yamlconf['attachment_file']
|
||||
opts['attachment_file_type'] = yamlconf['attachment_file_type']
|
||||
opts['attachment_file_name'] = yamlconf['attachment_file_name']
|
||||
|
||||
### payload options ###
|
||||
opts['make_payload'] = yamlconf['make_payload']
|
||||
opts['zip_payload'] = yamlconf['zip_payload']
|
||||
opts['msf_port'] = yamlconf['msf_port']
|
||||
opts['msf_ip'] = yamlconf['msf_ip']
|
||||
opts['msf_payload'] = yamlconf['msf_payload']
|
||||
opts['msf_filename'] = yamlconf['msf_filename']
|
||||
opts['msf_change_ext'] = yamlconf['msf_change_ext']
|
||||
opts['msf_payload_ext'] = yamlconf['msf_payload_ext']
|
||||
end
|
||||
|
||||
opts
|
||||
end
|
||||
|
||||
def load_file(fname)
|
||||
buf = ''
|
||||
File.open(fname, 'rb') do |f|
|
||||
buf = f.read
|
||||
end
|
||||
|
||||
buf
|
||||
end
|
||||
|
||||
def run
|
||||
|
||||
fileconf = File.open(datastore['YAML_CONFIG'], "rb")
|
||||
yamlconf = YAML::load(fileconf)
|
||||
yamlconf = load_yaml_conf
|
||||
|
||||
fileto = yamlconf['to']
|
||||
from = yamlconf['from']
|
||||
subject = yamlconf['subject']
|
||||
type = yamlconf['type']
|
||||
msg_file = yamlconf['msg_file']
|
||||
wait = yamlconf['wait']
|
||||
add_name = yamlconf['add_name']
|
||||
sig = yamlconf['sig']
|
||||
sig_file = yamlconf['sig_file']
|
||||
attachment = yamlconf['attachment']
|
||||
attachment_file = yamlconf['attachment_file']
|
||||
fileto = yamlconf['to']
|
||||
from = yamlconf['from']
|
||||
subject = yamlconf['subject']
|
||||
type = yamlconf['type']
|
||||
msg_file = yamlconf['msg_file']
|
||||
wait = yamlconf['wait']
|
||||
add_name = yamlconf['add_name']
|
||||
sig = yamlconf['sig']
|
||||
sig_file = yamlconf['sig_file']
|
||||
attachment = yamlconf['attachment']
|
||||
attachment_file = yamlconf['attachment_file']
|
||||
attachment_file_type = yamlconf['attachment_file_type']
|
||||
attachment_file_name = yamlconf['attachment_file_name']
|
||||
|
||||
### payload options ###
|
||||
make_payload = yamlconf['make_payload']
|
||||
zip_payload = yamlconf['zip_payload']
|
||||
msf_port = yamlconf['msf_port']
|
||||
msf_ip = yamlconf['msf_ip']
|
||||
msf_payload = yamlconf['msf_payload']
|
||||
msf_filename = yamlconf['msf_filename']
|
||||
msf_change_ext = yamlconf['msf_change_ext']
|
||||
msf_payload_ext = yamlconf['msf_payload_ext']
|
||||
|
||||
make_payload = yamlconf['make_payload']
|
||||
zip_payload = yamlconf['zip_payload']
|
||||
msf_port = yamlconf['msf_port']
|
||||
msf_ip = yamlconf['msf_ip']
|
||||
msf_payload = yamlconf['msf_payload']
|
||||
msf_filename = yamlconf['msf_filename']
|
||||
msf_change_ext = yamlconf['msf_change_ext']
|
||||
msf_payload_ext = yamlconf['msf_payload_ext']
|
||||
|
||||
tmp = Dir.tmpdir
|
||||
|
||||
datastore['MAILFROM'] = from
|
||||
|
||||
msg = File.open(msg_file, 'rb').read
|
||||
email_sig = File.open(sig_file, 'rb').read
|
||||
msg = load_file(msg_file)
|
||||
email_sig = load_file(sig_file)
|
||||
|
||||
if (type !~ /text/i and type !~ /text\/html/i)
|
||||
print_error("YAML config: #{type}")
|
||||
|
|
@ -154,7 +194,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
if sig
|
||||
data_sig = File.open(sig_file, 'rb').read
|
||||
data_sig = load_file(sig_file)
|
||||
email_msg_body = "#{email_msg_body}\n#{data_sig}"
|
||||
end
|
||||
|
||||
|
|
@ -172,7 +212,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
if attachment
|
||||
if attachment_file_name
|
||||
data_attachment = File.open(attachment_file, 'rb').read
|
||||
data_attachment = load_file(attachment_file)
|
||||
mime_msg.add_part(Rex::Text.encode_base64(data_attachment, "\r\n"), attachment_file_type, "base64", "attachment; filename=\"#{attachment_file_name}\"")
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -240,19 +240,20 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def parse(fh)
|
||||
print_status("Parsing file")
|
||||
f = File.open(fh.path, 'rb')
|
||||
used = f.read(4)
|
||||
if used != "USED"
|
||||
print_error "Invalid Configuration File!"
|
||||
return
|
||||
end
|
||||
f.seek(0x38)
|
||||
start = makefptr(f.read(4))
|
||||
userptr = findentry(f, "B014USER", start)
|
||||
if userptr != nil
|
||||
parseusers(f, userptr)
|
||||
else
|
||||
print_error "Error finding the user table in the configuration."
|
||||
File.open(fh.path, 'rb') do |f|
|
||||
used = f.read(4)
|
||||
if used != "USED"
|
||||
print_error "Invalid Configuration File!"
|
||||
return
|
||||
end
|
||||
f.seek(0x38)
|
||||
start = makefptr(f.read(4))
|
||||
userptr = findentry(f, "B014USER", start)
|
||||
if userptr != nil
|
||||
parseusers(f, userptr)
|
||||
else
|
||||
print_error "Error finding the user table in the configuration."
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -81,9 +81,10 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
# Load URLs
|
||||
urls_to_check = []
|
||||
f = File.open(url_file)
|
||||
f.each_line do |line|
|
||||
urls_to_check.push line
|
||||
File.open(url_file) do |f|
|
||||
f.each_line do |line|
|
||||
urls_to_check.push line
|
||||
end
|
||||
end
|
||||
|
||||
print_status("#{rhost}:#{rport} Beginning URL check")
|
||||
|
|
|
|||
|
|
@ -84,8 +84,8 @@ class Metasploit3 < Msf::Post
|
|||
|
||||
|
||||
def parse_prefs(username, filepath)
|
||||
f = File.open(filepath, 'rb')
|
||||
until f.eof
|
||||
prefs = ''
|
||||
File.open(filepath, 'rb') do |f|
|
||||
prefs = f.read
|
||||
end
|
||||
results = ActiveSupport::JSON.decode(prefs)
|
||||
|
|
|
|||
Loading…
Reference in New Issue