diff --git a/modules/auxiliary/analyze/jtr_aix.rb b/modules/auxiliary/analyze/jtr_aix.rb index 1f172392f9..18548665e5 100644 --- a/modules/auxiliary/analyze/jtr_aix.rb +++ b/modules/auxiliary/analyze/jtr_aix.rb @@ -32,59 +32,66 @@ class Metasploit3 < Msf::Auxiliary def run wordlist = Rex::Quickfile.new("jtrtmp") - - wordlist.write( build_seed().join("\n") + "\n" ) - wordlist.close - - hashlist = Rex::Quickfile.new("jtrtmp") + begin + wordlist.write( build_seed().join("\n") + "\n" ) + ensure + wordlist.close + end myloots = myworkspace.loots.find(:all, :conditions => ['ltype=?', 'aix.hashes']) - unless myloots.nil? or myloots.empty? - myloots.each do |myloot| - begin - usf = File.open(myloot.path, "rb") - rescue Exception => e - print_error("Unable to read #{myloot.path} \n #{e}") - next - end - usf.each_line do |row| - row.gsub!(/\n/, ":#{myloot.host.address}\n") - hashlist.write(row) + return if myloots.nil? or myloots.empty? + + loot_data = '' + + myloots.each do |myloot| + usf = '' + begin + File.open(myloot.path, "rb") do |f| + usf = f.read end + rescue Exception => e + print_error("Unable to read #{myloot.path} \n #{e}") + next end - hashlist.close - - print_status("HashList: #{hashlist.path}") - - print_status("Trying Format:des Wordlist: #{wordlist.path}") - john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'des') - print_status("Trying Format:des Rule: All4...") - john_crack(hashlist.path, :incremental => "All4", :format => 'des') - print_status("Trying Format:des Rule: Digits5...") - john_crack(hashlist.path, :incremental => "Digits5", :format => 'des') - - cracked = john_show_passwords(hashlist.path) - - - print_status("#{cracked[:cracked]} hashes were cracked!") - - cracked[:users].each_pair do |k,v| - if v[0] == "NO PASSWORD" - passwd="" - else - passwd=v[0] - end - print_good("Host: #{v.last} User: #{k} Pass: #{passwd}") - report_auth_info( - :host => v.last, - :port => 22, - :sname => 'ssh', - :user => k, - :pass => passwd - ) + usf.each_line do |row| + row.gsub!(/\n/, ":#{myloot.host.address}\n") + loot_data << row end end + hashlist = Rex::Quickfile.new("jtrtmp") + hashlist.write(loot_data) + hashlist.close + + print_status("HashList: #{hashlist.path}") + + print_status("Trying Format:des Wordlist: #{wordlist.path}") + john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'des') + print_status("Trying Format:des Rule: All4...") + john_crack(hashlist.path, :incremental => "All4", :format => 'des') + print_status("Trying Format:des Rule: Digits5...") + john_crack(hashlist.path, :incremental => "Digits5", :format => 'des') + + cracked = john_show_passwords(hashlist.path) + + + print_status("#{cracked[:cracked]} hashes were cracked!") + + cracked[:users].each_pair do |k,v| + if v[0] == "NO PASSWORD" + passwd="" + else + passwd=v[0] + end + print_good("Host: #{v.last} User: #{k} Pass: #{passwd}") + report_auth_info( + :host => v.last, + :port => 22, + :sname => 'ssh', + :user => k, + :pass => passwd + ) + end end end diff --git a/modules/auxiliary/analyze/jtr_linux.rb b/modules/auxiliary/analyze/jtr_linux.rb index 6f724bcd85..e01325887f 100644 --- a/modules/auxiliary/analyze/jtr_linux.rb +++ b/modules/auxiliary/analyze/jtr_linux.rb @@ -41,84 +41,89 @@ class Metasploit3 < Msf::Auxiliary def run wordlist = Rex::Quickfile.new("jtrtmp") - wordlist.write( build_seed().join("\n") + "\n" ) - wordlist.close - - hashlist = Rex::Quickfile.new("jtrtmp") + begin + wordlist.write( build_seed().join("\n") + "\n" ) + ensure + wordlist.close + end myloots = myworkspace.loots.where('ltype=?', 'linux.hashes') - unless myloots.nil? or myloots.empty? - myloots.each do |myloot| - begin - usf = File.open(myloot.path, "rb") - rescue Exception => e - print_error("Unable to read #{myloot.path} \n #{e}") - end - usf.each_line do |row| - row.gsub!(/\n/, ":#{myloot.host.address}\n") - hashlist.write(row) + return if myloots.nil? or myloots.empty? + + loot_data = '' + + myloots.each do |myloot| + usf = '' + begin + File.open(myloot.path, "rb") do |f| + usf = f.read end + rescue Exception => e + print_error("Unable to read #{myloot.path} \n #{e}") end - hashlist.close - - print_status("HashList: #{hashlist.path}") - - print_status("Trying Format:md5 Wordlist: #{wordlist.path}") - john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'md5') - print_status("Trying Format:md5 Rule: All4...") - john_crack(hashlist.path, :incremental => "All4", :format => 'md5') - print_status("Trying Format:md5 Rule: Digits5...") - john_crack(hashlist.path, :incremental => "Digits5", :format => 'md5') - - - print_status("Trying Format:des Wordlist: #{wordlist.path}") - john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'des') - print_status("Trying Format:des Rule: All4...") - john_crack(hashlist.path, :incremental => "All4", :format => 'des') - print_status("Trying Format:des Rule: Digits5...") - john_crack(hashlist.path, :incremental => "Digits5", :format => 'des') - - print_status("Trying Format:bsdi Wordlist: #{wordlist.path}") - john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'bsdi') - print_status("Trying Format:bsdi Rule: All4...") - john_crack(hashlist.path, :incremental => "All4", :format => 'bsdi') - print_status("Trying Format:bsdi Rule: Digits5...") - john_crack(hashlist.path, :incremental => "Digits5", :format => 'bsdi') - - if datastore['Crypt'] - print_status("Trying Format:crypt Wordlist: #{wordlist.path}") - john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'crypt') - print_status("Trying Rule: All4...") - john_crack(hashlist.path, :incremental => "All4", :format => 'crypt') - print_status("Trying Rule: Digits5...") - john_crack(hashlist.path, :incremental => "Digits5", :format => 'crypt') - end - - - cracked = john_show_passwords(hashlist.path) - - - print_status("#{cracked[:cracked]} hashes were cracked!") - - cracked[:users].each_pair do |k,v| - if v[0] == "NO PASSWORD" - passwd="" - else - passwd=v[0] - end - print_good("Host: #{v.last} User: #{k} Pass: #{passwd}") - report_auth_info( - :host => v.last, - :port => 22, - :sname => 'ssh', - :user => k, - :pass => passwd - ) + usf.each_line do |row| + row.gsub!(/\n/, ":#{myloot.host.address}\n") + loot_data << row end end + hashlist = Rex::Quickfile.new("jtrtmp") + hashlist.write(loot_data) + hashlist.close + + print_status("HashList: #{hashlist.path}") + + print_status("Trying Format:md5 Wordlist: #{wordlist.path}") + john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'md5') + print_status("Trying Format:md5 Rule: All4...") + john_crack(hashlist.path, :incremental => "All4", :format => 'md5') + print_status("Trying Format:md5 Rule: Digits5...") + john_crack(hashlist.path, :incremental => "Digits5", :format => 'md5') + + + print_status("Trying Format:des Wordlist: #{wordlist.path}") + john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'des') + print_status("Trying Format:des Rule: All4...") + john_crack(hashlist.path, :incremental => "All4", :format => 'des') + print_status("Trying Format:des Rule: Digits5...") + john_crack(hashlist.path, :incremental => "Digits5", :format => 'des') + + print_status("Trying Format:bsdi Wordlist: #{wordlist.path}") + john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'bsdi') + print_status("Trying Format:bsdi Rule: All4...") + john_crack(hashlist.path, :incremental => "All4", :format => 'bsdi') + print_status("Trying Format:bsdi Rule: Digits5...") + john_crack(hashlist.path, :incremental => "Digits5", :format => 'bsdi') + + if datastore['Crypt'] + print_status("Trying Format:crypt Wordlist: #{wordlist.path}") + john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'crypt') + print_status("Trying Rule: All4...") + john_crack(hashlist.path, :incremental => "All4", :format => 'crypt') + print_status("Trying Rule: Digits5...") + john_crack(hashlist.path, :incremental => "Digits5", :format => 'crypt') + end + + + cracked = john_show_passwords(hashlist.path) + + + print_status("#{cracked[:cracked]} hashes were cracked!") + + cracked[:users].each_pair do |k,v| + if v[0] == "NO PASSWORD" + passwd="" + else + passwd=v[0] + end + print_good("Host: #{v.last} User: #{k} Pass: #{passwd}") + report_auth_info( + :host => v.last, + :port => 22, + :sname => 'ssh', + :user => k, + :pass => passwd + ) + end end - - - end diff --git a/modules/auxiliary/client/smtp/emailer.rb b/modules/auxiliary/client/smtp/emailer.rb index 34b17c2937..4b108bf068 100644 --- a/modules/auxiliary/client/smtp/emailer.rb +++ b/modules/auxiliary/client/smtp/emailer.rb @@ -46,42 +46,82 @@ class Metasploit3 < Msf::Auxiliary deregister_options('SUBJECT') end + def load_yaml_conf + opts = {} + + File.open(datastore['YAML_CONFIG'], "rb") do |f| + yamlconf = YAML::load(f) + + opts['to'] = yamlconf['to'] + opts['from'] = yamlconf['from'] + opts['subject'] = yamlconf['subject'] + opts['type'] = yamlconf['type'] + opts['msg_file'] = yamlconf['msg_file'] + opts['wait'] = yamlconf['wait'] + opts['add_name'] = yamlconf['add_name'] + opts['sig'] = yamlconf['sig'] + opts['sig_file'] = yamlconf['sig_file'] + opts['attachment'] = yamlconf['attachment'] + opts['attachment_file'] = yamlconf['attachment_file'] + opts['attachment_file_type'] = yamlconf['attachment_file_type'] + opts['attachment_file_name'] = yamlconf['attachment_file_name'] + + ### payload options ### + opts['make_payload'] = yamlconf['make_payload'] + opts['zip_payload'] = yamlconf['zip_payload'] + opts['msf_port'] = yamlconf['msf_port'] + opts['msf_ip'] = yamlconf['msf_ip'] + opts['msf_payload'] = yamlconf['msf_payload'] + opts['msf_filename'] = yamlconf['msf_filename'] + opts['msf_change_ext'] = yamlconf['msf_change_ext'] + opts['msf_payload_ext'] = yamlconf['msf_payload_ext'] + end + + opts + end + + def load_file(fname) + buf = '' + File.open(fname, 'rb') do |f| + buf = f.read + end + + buf + end + def run - fileconf = File.open(datastore['YAML_CONFIG'], "rb") - yamlconf = YAML::load(fileconf) + yamlconf = load_yaml_conf - fileto = yamlconf['to'] - from = yamlconf['from'] - subject = yamlconf['subject'] - type = yamlconf['type'] - msg_file = yamlconf['msg_file'] - wait = yamlconf['wait'] - add_name = yamlconf['add_name'] - sig = yamlconf['sig'] - sig_file = yamlconf['sig_file'] - attachment = yamlconf['attachment'] - attachment_file = yamlconf['attachment_file'] + fileto = yamlconf['to'] + from = yamlconf['from'] + subject = yamlconf['subject'] + type = yamlconf['type'] + msg_file = yamlconf['msg_file'] + wait = yamlconf['wait'] + add_name = yamlconf['add_name'] + sig = yamlconf['sig'] + sig_file = yamlconf['sig_file'] + attachment = yamlconf['attachment'] + attachment_file = yamlconf['attachment_file'] attachment_file_type = yamlconf['attachment_file_type'] attachment_file_name = yamlconf['attachment_file_name'] - ### payload options ### - make_payload = yamlconf['make_payload'] - zip_payload = yamlconf['zip_payload'] - msf_port = yamlconf['msf_port'] - msf_ip = yamlconf['msf_ip'] - msf_payload = yamlconf['msf_payload'] - msf_filename = yamlconf['msf_filename'] - msf_change_ext = yamlconf['msf_change_ext'] - msf_payload_ext = yamlconf['msf_payload_ext'] - + make_payload = yamlconf['make_payload'] + zip_payload = yamlconf['zip_payload'] + msf_port = yamlconf['msf_port'] + msf_ip = yamlconf['msf_ip'] + msf_payload = yamlconf['msf_payload'] + msf_filename = yamlconf['msf_filename'] + msf_change_ext = yamlconf['msf_change_ext'] + msf_payload_ext = yamlconf['msf_payload_ext'] tmp = Dir.tmpdir datastore['MAILFROM'] = from - msg = File.open(msg_file, 'rb').read - email_sig = File.open(sig_file, 'rb').read + msg = load_file(msg_file) + email_sig = load_file(sig_file) if (type !~ /text/i and type !~ /text\/html/i) print_error("YAML config: #{type}") @@ -154,7 +194,7 @@ class Metasploit3 < Msf::Auxiliary end if sig - data_sig = File.open(sig_file, 'rb').read + data_sig = load_file(sig_file) email_msg_body = "#{email_msg_body}\n#{data_sig}" end @@ -172,7 +212,7 @@ class Metasploit3 < Msf::Auxiliary if attachment if attachment_file_name - data_attachment = File.open(attachment_file, 'rb').read + data_attachment = load_file(attachment_file) mime_msg.add_part(Rex::Text.encode_base64(data_attachment, "\r\n"), attachment_file_type, "base64", "attachment; filename=\"#{attachment_file_name}\"") end end diff --git a/modules/auxiliary/gather/d20pass.rb b/modules/auxiliary/gather/d20pass.rb index 5dab9a5166..e7ec11f7f3 100644 --- a/modules/auxiliary/gather/d20pass.rb +++ b/modules/auxiliary/gather/d20pass.rb @@ -240,19 +240,20 @@ class Metasploit3 < Msf::Auxiliary def parse(fh) print_status("Parsing file") - f = File.open(fh.path, 'rb') - used = f.read(4) - if used != "USED" - print_error "Invalid Configuration File!" - return - end - f.seek(0x38) - start = makefptr(f.read(4)) - userptr = findentry(f, "B014USER", start) - if userptr != nil - parseusers(f, userptr) - else - print_error "Error finding the user table in the configuration." + File.open(fh.path, 'rb') do |f| + used = f.read(4) + if used != "USED" + print_error "Invalid Configuration File!" + return + end + f.seek(0x38) + start = makefptr(f.read(4)) + userptr = findentry(f, "B014USER", start) + if userptr != nil + parseusers(f, userptr) + else + print_error "Error finding the user table in the configuration." + end end end diff --git a/modules/auxiliary/scanner/sap/sap_icm_urlscan.rb b/modules/auxiliary/scanner/sap/sap_icm_urlscan.rb index f5c6e24d26..ef06221f0b 100644 --- a/modules/auxiliary/scanner/sap/sap_icm_urlscan.rb +++ b/modules/auxiliary/scanner/sap/sap_icm_urlscan.rb @@ -81,9 +81,10 @@ class Metasploit3 < Msf::Auxiliary # Load URLs urls_to_check = [] - f = File.open(url_file) - f.each_line do |line| - urls_to_check.push line + File.open(url_file) do |f| + f.each_line do |line| + urls_to_check.push line + end end print_status("#{rhost}:#{rport} Beginning URL check") diff --git a/modules/post/windows/gather/enum_chrome.rb b/modules/post/windows/gather/enum_chrome.rb index f486f296d6..05e0128465 100644 --- a/modules/post/windows/gather/enum_chrome.rb +++ b/modules/post/windows/gather/enum_chrome.rb @@ -84,8 +84,8 @@ class Metasploit3 < Msf::Post def parse_prefs(username, filepath) - f = File.open(filepath, 'rb') - until f.eof + prefs = '' + File.open(filepath, 'rb') do |f| prefs = f.read end results = ActiveSupport::JSON.decode(prefs)