infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land @2243, @wchen-r7's patch for [SeeRM #8312]

bug/bundler_fix
jvazquez-r7 2013-08-19 15:40:19 -05:00
parent 0af2f1c611 d0b56e1650
commit 809b42984e
6 changed files with 217 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
modules/auxiliary/analyze/jtr_aix.rb
View File

@ -32,59 +32,66 @@ class Metasploit3 < Msf::Auxiliary
def run def run
wordlist = Rex::Quickfile.new("jtrtmp") wordlist = Rex::Quickfile.new("jtrtmp")
begin
wordlist.write( build_seed().join("\n") + "\n" ) wordlist.write( build_seed().join("\n") + "\n" )
wordlist.close ensure
wordlist.close
hashlist = Rex::Quickfile.new("jtrtmp") end
myloots = myworkspace.loots.find(:all, :conditions => ['ltype=?', 'aix.hashes']) myloots = myworkspace.loots.find(:all, :conditions => ['ltype=?', 'aix.hashes'])
unless myloots.nil? or myloots.empty? return if myloots.nil? or myloots.empty?
myloots.each do |myloot|
begin loot_data = ''
usf = File.open(myloot.path, "rb")
rescue Exception => e myloots.each do |myloot|
print_error("Unable to read #{myloot.path} \n #{e}") usf = ''
next begin
end File.open(myloot.path, "rb") do |f|
usf.each_line do |row| usf = f.read
row.gsub!(/\n/, ":#{myloot.host.address}\n")
hashlist.write(row)
end end
rescue Exception => e
print_error("Unable to read #{myloot.path} \n #{e}")
next
end end
hashlist.close usf.each_line do |row|
row.gsub!(/\n/, ":#{myloot.host.address}\n")
print_status("HashList: #{hashlist.path}") loot_data << row
print_status("Trying Format:des Wordlist: #{wordlist.path}")
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'des')
print_status("Trying Format:des Rule: All4...")
john_crack(hashlist.path, :incremental => "All4", :format => 'des')
print_status("Trying Format:des Rule: Digits5...")
john_crack(hashlist.path, :incremental => "Digits5", :format => 'des')
cracked = john_show_passwords(hashlist.path)
print_status("#{cracked[:cracked]} hashes were cracked!")
cracked[:users].each_pair do |k,v|
if v[0] == "NO PASSWORD"
passwd=""
else
passwd=v[0]
end
print_good("Host: #{v.last} User: #{k} Pass: #{passwd}")
report_auth_info(
:host => v.last,
:port => 22,
:sname => 'ssh',
:user => k,
:pass => passwd
)
end end
end end
hashlist = Rex::Quickfile.new("jtrtmp")
hashlist.write(loot_data)
hashlist.close
print_status("HashList: #{hashlist.path}")
print_status("Trying Format:des Wordlist: #{wordlist.path}")
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'des')
print_status("Trying Format:des Rule: All4...")
john_crack(hashlist.path, :incremental => "All4", :format => 'des')
print_status("Trying Format:des Rule: Digits5...")
john_crack(hashlist.path, :incremental => "Digits5", :format => 'des')
cracked = john_show_passwords(hashlist.path)
print_status("#{cracked[:cracked]} hashes were cracked!")
cracked[:users].each_pair do |k,v|
if v[0] == "NO PASSWORD"
passwd=""
else
passwd=v[0]
end
print_good("Host: #{v.last} User: #{k} Pass: #{passwd}")
report_auth_info(
:host => v.last,
:port => 22,
:sname => 'ssh',
:user => k,
:pass => passwd
)
end
end end
end end

149
modules/auxiliary/analyze/jtr_linux.rb
View File

@ -41,84 +41,89 @@ class Metasploit3 < Msf::Auxiliary
def run def run
wordlist = Rex::Quickfile.new("jtrtmp") wordlist = Rex::Quickfile.new("jtrtmp")
wordlist.write( build_seed().join("\n") + "\n" ) begin
wordlist.close wordlist.write( build_seed().join("\n") + "\n" )
ensure
hashlist = Rex::Quickfile.new("jtrtmp") wordlist.close
end
myloots = myworkspace.loots.where('ltype=?', 'linux.hashes') myloots = myworkspace.loots.where('ltype=?', 'linux.hashes')
unless myloots.nil? or myloots.empty? return if myloots.nil? or myloots.empty?
myloots.each do |myloot|
begin loot_data = ''
usf = File.open(myloot.path, "rb")
rescue Exception => e myloots.each do |myloot|
print_error("Unable to read #{myloot.path} \n #{e}") usf = ''
end begin
usf.each_line do |row| File.open(myloot.path, "rb") do |f|
row.gsub!(/\n/, ":#{myloot.host.address}\n") usf = f.read
hashlist.write(row)
end end
rescue Exception => e
print_error("Unable to read #{myloot.path} \n #{e}")
end end
hashlist.close usf.each_line do |row|
row.gsub!(/\n/, ":#{myloot.host.address}\n")
print_status("HashList: #{hashlist.path}") loot_data << row
print_status("Trying Format:md5 Wordlist: #{wordlist.path}")
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'md5')
print_status("Trying Format:md5 Rule: All4...")
john_crack(hashlist.path, :incremental => "All4", :format => 'md5')
print_status("Trying Format:md5 Rule: Digits5...")
john_crack(hashlist.path, :incremental => "Digits5", :format => 'md5')
print_status("Trying Format:des Wordlist: #{wordlist.path}")
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'des')
print_status("Trying Format:des Rule: All4...")
john_crack(hashlist.path, :incremental => "All4", :format => 'des')
print_status("Trying Format:des Rule: Digits5...")
john_crack(hashlist.path, :incremental => "Digits5", :format => 'des')
print_status("Trying Format:bsdi Wordlist: #{wordlist.path}")
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'bsdi')
print_status("Trying Format:bsdi Rule: All4...")
john_crack(hashlist.path, :incremental => "All4", :format => 'bsdi')
print_status("Trying Format:bsdi Rule: Digits5...")
john_crack(hashlist.path, :incremental => "Digits5", :format => 'bsdi')
if datastore['Crypt']
print_status("Trying Format:crypt Wordlist: #{wordlist.path}")
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'crypt')
print_status("Trying Rule: All4...")
john_crack(hashlist.path, :incremental => "All4", :format => 'crypt')
print_status("Trying Rule: Digits5...")
john_crack(hashlist.path, :incremental => "Digits5", :format => 'crypt')
end
cracked = john_show_passwords(hashlist.path)
print_status("#{cracked[:cracked]} hashes were cracked!")
cracked[:users].each_pair do |k,v|
if v[0] == "NO PASSWORD"
passwd=""
else
passwd=v[0]
end
print_good("Host: #{v.last} User: #{k} Pass: #{passwd}")
report_auth_info(
:host => v.last,
:port => 22,
:sname => 'ssh',
:user => k,
:pass => passwd
)
end end
end end
hashlist = Rex::Quickfile.new("jtrtmp")
hashlist.write(loot_data)
hashlist.close
print_status("HashList: #{hashlist.path}")
print_status("Trying Format:md5 Wordlist: #{wordlist.path}")
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'md5')
print_status("Trying Format:md5 Rule: All4...")
john_crack(hashlist.path, :incremental => "All4", :format => 'md5')
print_status("Trying Format:md5 Rule: Digits5...")
john_crack(hashlist.path, :incremental => "Digits5", :format => 'md5')
print_status("Trying Format:des Wordlist: #{wordlist.path}")
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'des')
print_status("Trying Format:des Rule: All4...")
john_crack(hashlist.path, :incremental => "All4", :format => 'des')
print_status("Trying Format:des Rule: Digits5...")
john_crack(hashlist.path, :incremental => "Digits5", :format => 'des')
print_status("Trying Format:bsdi Wordlist: #{wordlist.path}")
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'bsdi')
print_status("Trying Format:bsdi Rule: All4...")
john_crack(hashlist.path, :incremental => "All4", :format => 'bsdi')
print_status("Trying Format:bsdi Rule: Digits5...")
john_crack(hashlist.path, :incremental => "Digits5", :format => 'bsdi')
if datastore['Crypt']
print_status("Trying Format:crypt Wordlist: #{wordlist.path}")
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'crypt')
print_status("Trying Rule: All4...")
john_crack(hashlist.path, :incremental => "All4", :format => 'crypt')
print_status("Trying Rule: Digits5...")
john_crack(hashlist.path, :incremental => "Digits5", :format => 'crypt')
end
cracked = john_show_passwords(hashlist.path)
print_status("#{cracked[:cracked]} hashes were cracked!")
cracked[:users].each_pair do |k,v|
if v[0] == "NO PASSWORD"
passwd=""
else
passwd=v[0]
end
print_good("Host: #{v.last} User: #{k} Pass: #{passwd}")
report_auth_info(
:host => v.last,
:port => 22,
:sname => 'ssh',
:user => k,
:pass => passwd
)
end
end end
end end

94
modules/auxiliary/client/smtp/emailer.rb
View File

@ -46,42 +46,82 @@ class Metasploit3 < Msf::Auxiliary
deregister_options('SUBJECT') deregister_options('SUBJECT')
end end
def load_yaml_conf
opts = {}
File.open(datastore['YAML_CONFIG'], "rb") do |f|
yamlconf = YAML::load(f)
opts['to'] = yamlconf['to']
opts['from'] = yamlconf['from']
opts['subject'] = yamlconf['subject']
opts['type'] = yamlconf['type']
opts['msg_file'] = yamlconf['msg_file']
opts['wait'] = yamlconf['wait']
opts['add_name'] = yamlconf['add_name']
opts['sig'] = yamlconf['sig']
opts['sig_file'] = yamlconf['sig_file']
opts['attachment'] = yamlconf['attachment']
opts['attachment_file'] = yamlconf['attachment_file']
opts['attachment_file_type'] = yamlconf['attachment_file_type']
opts['attachment_file_name'] = yamlconf['attachment_file_name']
### payload options ###
opts['make_payload'] = yamlconf['make_payload']
opts['zip_payload'] = yamlconf['zip_payload']
opts['msf_port'] = yamlconf['msf_port']
opts['msf_ip'] = yamlconf['msf_ip']
opts['msf_payload'] = yamlconf['msf_payload']
opts['msf_filename'] = yamlconf['msf_filename']
opts['msf_change_ext'] = yamlconf['msf_change_ext']
opts['msf_payload_ext'] = yamlconf['msf_payload_ext']
end
opts
end
def load_file(fname)
buf = ''
File.open(fname, 'rb') do |f|
buf = f.read
end
buf
end
def run def run
fileconf = File.open(datastore['YAML_CONFIG'], "rb") yamlconf = load_yaml_conf
yamlconf = YAML::load(fileconf)
fileto = yamlconf['to'] fileto = yamlconf['to']
from = yamlconf['from'] from = yamlconf['from']
subject = yamlconf['subject'] subject = yamlconf['subject']
type = yamlconf['type'] type = yamlconf['type']
msg_file = yamlconf['msg_file'] msg_file = yamlconf['msg_file']
wait = yamlconf['wait'] wait = yamlconf['wait']
add_name = yamlconf['add_name'] add_name = yamlconf['add_name']
sig = yamlconf['sig'] sig = yamlconf['sig']
sig_file = yamlconf['sig_file'] sig_file = yamlconf['sig_file']
attachment = yamlconf['attachment'] attachment = yamlconf['attachment']
attachment_file = yamlconf['attachment_file'] attachment_file = yamlconf['attachment_file']
attachment_file_type = yamlconf['attachment_file_type'] attachment_file_type = yamlconf['attachment_file_type']
attachment_file_name = yamlconf['attachment_file_name'] attachment_file_name = yamlconf['attachment_file_name']
### payload options ### make_payload = yamlconf['make_payload']
make_payload = yamlconf['make_payload'] zip_payload = yamlconf['zip_payload']
zip_payload = yamlconf['zip_payload'] msf_port = yamlconf['msf_port']
msf_port = yamlconf['msf_port'] msf_ip = yamlconf['msf_ip']
msf_ip = yamlconf['msf_ip'] msf_payload = yamlconf['msf_payload']
msf_payload = yamlconf['msf_payload'] msf_filename = yamlconf['msf_filename']
msf_filename = yamlconf['msf_filename'] msf_change_ext = yamlconf['msf_change_ext']
msf_change_ext = yamlconf['msf_change_ext'] msf_payload_ext = yamlconf['msf_payload_ext']
msf_payload_ext = yamlconf['msf_payload_ext']
tmp = Dir.tmpdir tmp = Dir.tmpdir
datastore['MAILFROM'] = from datastore['MAILFROM'] = from
msg = File.open(msg_file, 'rb').read msg = load_file(msg_file)
email_sig = File.open(sig_file, 'rb').read email_sig = load_file(sig_file)
if (type !~ /text/i and type !~ /text\/html/i) if (type !~ /text/i and type !~ /text\/html/i)
print_error("YAML config: #{type}") print_error("YAML config: #{type}")
@ -154,7 +194,7 @@ class Metasploit3 < Msf::Auxiliary
end end
if sig if sig
data_sig = File.open(sig_file, 'rb').read data_sig = load_file(sig_file)
email_msg_body = "#{email_msg_body}\n#{data_sig}" email_msg_body = "#{email_msg_body}\n#{data_sig}"
end end
@ -172,7 +212,7 @@ class Metasploit3 < Msf::Auxiliary
if attachment if attachment
if attachment_file_name if attachment_file_name
data_attachment = File.open(attachment_file, 'rb').read data_attachment = load_file(attachment_file)
mime_msg.add_part(Rex::Text.encode_base64(data_attachment, "\r\n"), attachment_file_type, "base64", "attachment; filename=\"#{attachment_file_name}\"") mime_msg.add_part(Rex::Text.encode_base64(data_attachment, "\r\n"), attachment_file_type, "base64", "attachment; filename=\"#{attachment_file_name}\"")
end end
end end

27
modules/auxiliary/gather/d20pass.rb
View File

@ -240,19 +240,20 @@ class Metasploit3 < Msf::Auxiliary
def parse(fh) def parse(fh)
print_status("Parsing file") print_status("Parsing file")
f = File.open(fh.path, 'rb') File.open(fh.path, 'rb') do |f|
used = f.read(4) used = f.read(4)
if used != "USED" if used != "USED"
print_error "Invalid Configuration File!" print_error "Invalid Configuration File!"
return return
end end
f.seek(0x38) f.seek(0x38)
start = makefptr(f.read(4)) start = makefptr(f.read(4))
userptr = findentry(f, "B014USER", start) userptr = findentry(f, "B014USER", start)
if userptr != nil if userptr != nil
parseusers(f, userptr) parseusers(f, userptr)
else else
print_error "Error finding the user table in the configuration." print_error "Error finding the user table in the configuration."
end
end end
end end

7
modules/auxiliary/scanner/sap/sap_icm_urlscan.rb
View File

@ -81,9 +81,10 @@ class Metasploit3 < Msf::Auxiliary
# Load URLs # Load URLs
urls_to_check = [] urls_to_check = []
f = File.open(url_file) File.open(url_file) do |f|
f.each_line do |line| f.each_line do |line|
urls_to_check.push line urls_to_check.push line
end
end end
print_status("#{rhost}:#{rport} Beginning URL check") print_status("#{rhost}:#{rport} Beginning URL check")

4
modules/post/windows/gather/enum_chrome.rb
View File

@ -84,8 +84,8 @@ class Metasploit3 < Msf::Post
def parse_prefs(username, filepath) def parse_prefs(username, filepath)
f = File.open(filepath, 'rb') prefs = ''
until f.eof File.open(filepath, 'rb') do |f|
prefs = f.read prefs = f.read
end end
results = ActiveSupport::JSON.decode(prefs) results = ActiveSupport::JSON.decode(prefs)