diff --git a/modules/auxiliary/scanner/http/axis_local_file_include.rb b/modules/auxiliary/scanner/http/axis_local_file_include.rb index 36d12c6d3a..fe384ff9aa 100644 --- a/modules/auxiliary/scanner/http/axis_local_file_include.rb +++ b/modules/auxiliary/scanner/http/axis_local_file_include.rb @@ -91,6 +91,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -122,7 +123,7 @@ class Metasploit3 < Msf::Auxiliary print_good("#{target_url} - Apache Axis - Credentials Found Username: '#{username}' - Password: '#{password}'") - report_cred(ip: rhost, port: rport, user: username, password: password) + report_cred(ip: rhost, port: rport, user: username, password: password, proof: res.body) else print_error("#{target_url} - Apache Axis - Not Vulnerable") diff --git a/modules/auxiliary/scanner/http/cisco_asa_asdm.rb b/modules/auxiliary/scanner/http/cisco_asa_asdm.rb index b01d8af730..f9c8611e68 100644 --- a/modules/auxiliary/scanner/http/cisco_asa_asdm.rb +++ b/modules/auxiliary/scanner/http/cisco_asa_asdm.rb @@ -109,6 +109,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -139,7 +140,7 @@ class Metasploit3 < Msf::Auxiliary print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") - report_cred(ip: rhost, port: rport, user: user, password: pass) + report_cred(ip: rhost, port: rport, user: user, password: pass, proof: res.body) return :next_user else diff --git a/modules/auxiliary/scanner/http/cisco_ironport_enum.rb b/modules/auxiliary/scanner/http/cisco_ironport_enum.rb index 3b79e2dda9..a236e8138a 100644 --- a/modules/auxiliary/scanner/http/cisco_ironport_enum.rb +++ b/modules/auxiliary/scanner/http/cisco_ironport_enum.rb @@ -135,6 +135,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -164,7 +165,7 @@ class Metasploit3 < Msf::Auxiliary if res and res.get_cookies.include?('authenticated=') print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") - report_cred(ip: rhost, port: rport, user: user, password: pass) + report_cred(ip: rhost, port: rport, user: user, password: pass, proof: res.get_cookies.inspect) return :next_user else diff --git a/modules/auxiliary/scanner/http/cisco_ssl_vpn.rb b/modules/auxiliary/scanner/http/cisco_ssl_vpn.rb index 145ef81c0a..5ad7ed6458 100644 --- a/modules/auxiliary/scanner/http/cisco_ssl_vpn.rb +++ b/modules/auxiliary/scanner/http/cisco_ssl_vpn.rb @@ -178,6 +178,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -224,7 +225,7 @@ class Metasploit3 < Msf::Auxiliary do_logout(resp.get_cookies) - report_cred(ip: rhost, port: rport, user: user, password: pass) + report_cred(ip: rhost, port: rport, user: user, password: pass, proof: res.body) report_note(ip: rhost, type: 'cisco.cred.group', data: "User: #{user} / Group: #{group}") return :next_user diff --git a/modules/auxiliary/scanner/http/dlink_dir_300_615_http_login.rb b/modules/auxiliary/scanner/http/dlink_dir_300_615_http_login.rb index 64c56ad076..a64f3b8a87 100644 --- a/modules/auxiliary/scanner/http/dlink_dir_300_615_http_login.rb +++ b/modules/auxiliary/scanner/http/dlink_dir_300_615_http_login.rb @@ -1,3 +1,4 @@ + ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework @@ -103,6 +104,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -117,7 +119,7 @@ class Metasploit3 < Msf::Auxiliary if result == :success print_good("#{target_url} - Successful login '#{user}' : '#{pass}'") - report_cred(ip: rhost, port: rport, user: user, password: pass) + report_cred(ip: rhost, port: rport, user: user, password: pass, proof: response.inspect) return :next_user else diff --git a/modules/auxiliary/scanner/http/dlink_dir_615h_http_login.rb b/modules/auxiliary/scanner/http/dlink_dir_615h_http_login.rb index b710443945..8816247bf2 100644 --- a/modules/auxiliary/scanner/http/dlink_dir_615h_http_login.rb +++ b/modules/auxiliary/scanner/http/dlink_dir_615h_http_login.rb @@ -101,7 +101,7 @@ class Metasploit3 < Msf::Auxiliary if result == :success print_good("#{target_url} - Successful login '#{user}' : '#{pass}'") - report_cred(ip: rhost, port: rport, user: user, password: pass) + report_cred(ip: rhost, port: rport, user: user, password: pass, proof: response.inspect) return :next_user else @@ -131,6 +131,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) diff --git a/modules/auxiliary/scanner/http/dlink_dir_session_cgi_http_login.rb b/modules/auxiliary/scanner/http/dlink_dir_session_cgi_http_login.rb index b74c903976..f2e2ad293a 100644 --- a/modules/auxiliary/scanner/http/dlink_dir_session_cgi_http_login.rb +++ b/modules/auxiliary/scanner/http/dlink_dir_session_cgi_http_login.rb @@ -104,6 +104,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -119,7 +120,7 @@ class Metasploit3 < Msf::Auxiliary if result == :success print_good("#{target_url} - Successful login '#{user}' : '#{pass}'") - report_cred(ip: rhost, port: rport, user: user, password: pass) + report_cred(ip: rhost, port: rport, user: user, password: pass, proof: response.inspect) return :next_user else diff --git a/modules/auxiliary/scanner/http/dolibarr_login.rb b/modules/auxiliary/scanner/http/dolibarr_login.rb index 5ba4d5a225..8acee32259 100644 --- a/modules/auxiliary/scanner/http/dolibarr_login.rb +++ b/modules/auxiliary/scanner/http/dolibarr_login.rb @@ -77,6 +77,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -125,7 +126,7 @@ class Metasploit3 < Msf::Auxiliary location = res.headers['Location'] if res and res.headers and (location = res.headers['Location']) and location =~ /admin\// print_good("#{peer} - Successful login: \"#{user}:#{pass}\"") - report_cred(ip: rhost, port: rport, user: user, password: pass) + report_cred(ip: rhost, port: rport, user: user, password: pass, proof: res.headers['Location']) return :next_user else vprint_error("#{peer} - Bad login: \"#{user}:#{pass}\"") diff --git a/modules/auxiliary/scanner/http/drupal_views_user_enum.rb b/modules/auxiliary/scanner/http/drupal_views_user_enum.rb index 0a248e088f..c78ded7771 100644 --- a/modules/auxiliary/scanner/http/drupal_views_user_enum.rb +++ b/modules/auxiliary/scanner/http/drupal_views_user_enum.rb @@ -81,6 +81,7 @@ class Metasploit3 < Msf::Auxiliary login_data = { core: create_credential(credential_data), status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -129,7 +130,8 @@ class Metasploit3 < Msf::Auxiliary report_cred( ip: Rex::Socket.getaddress(datastore['RHOST']), port: datastore['RPORT'], - user: user + user: user, + proof: base_uri+l ) end diff --git a/modules/auxiliary/scanner/http/ektron_cms400net.rb b/modules/auxiliary/scanner/http/ektron_cms400net.rb index 169c17cefd..77ff86171e 100644 --- a/modules/auxiliary/scanner/http/ektron_cms400net.rb +++ b/modules/auxiliary/scanner/http/ektron_cms400net.rb @@ -145,6 +145,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -167,7 +168,7 @@ class Metasploit3 < Msf::Auxiliary if (res and res.code == 200 and res.body.to_s.match(/LoginSuceededPanel/i) != nil) print_good("#{target_url} [Ektron CMS400.NET] Successful login: '#{user}' : '#{pass}'") - report_cred(ip: rhost, port: rport, user: user, password: pass) + report_cred(ip: rhost, port: rport, user: user, password: pass, proof: res.body) elsif(res and res.code == 200) vprint_error("#{target_url} [Ekton CMS400.NET] - Failed login as: '#{user}'") diff --git a/modules/auxiliary/scanner/http/etherpad_duo_login.rb b/modules/auxiliary/scanner/http/etherpad_duo_login.rb index 0939f53a09..9da9bffde7 100644 --- a/modules/auxiliary/scanner/http/etherpad_duo_login.rb +++ b/modules/auxiliary/scanner/http/etherpad_duo_login.rb @@ -87,6 +87,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -113,7 +114,7 @@ class Metasploit3 < Msf::Auxiliary if res && res.code == 200 && res.body.include?("Home Page") && res.headers['Server'] && res.headers['Server'].include?("EtherPAD") print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") - report_cred(ip: rhost, port: rport, user: user, password: pass) + report_cred(ip: rhost, port: rport, user: user, password: pass, proof: res.body) return :next_user else vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}") diff --git a/modules/auxiliary/scanner/http/infovista_enum.rb b/modules/auxiliary/scanner/http/infovista_enum.rb index 2278d40260..e1c3773db9 100644 --- a/modules/auxiliary/scanner/http/infovista_enum.rb +++ b/modules/auxiliary/scanner/http/infovista_enum.rb @@ -100,6 +100,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -126,7 +127,7 @@ class Metasploit3 < Msf::Auxiliary vprint_error("#{rhost}:#{rport} - FAILED LOGIN - #{user.inspect}:#{pass.inspect} with code #{res.code}") else print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") - report_cred(ip: rhost, port: rport, user: user, password: pass) + report_cred(ip: rhost, port: rport, user: user, password: pass, proof: res.body) return :next_user end diff --git a/modules/auxiliary/scanner/http/joomla_bruteforce_login.rb b/modules/auxiliary/scanner/http/joomla_bruteforce_login.rb index 6fee0a5043..0b355c0e4f 100644 --- a/modules/auxiliary/scanner/http/joomla_bruteforce_login.rb +++ b/modules/auxiliary/scanner/http/joomla_bruteforce_login.rb @@ -130,6 +130,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -142,7 +143,7 @@ class Metasploit3 < Msf::Auxiliary if result == :success print_good("#{target_url} - Successful login '#{user}' : '#{pass}'") - report_cred(ip: rhost, port: rport, user: user, password: pass) + report_cred(ip: rhost, port: rport, user: user, password: pass, proof: response.inspect) return :abort if datastore['STOP_ON_SUCCESS'] return :next_user else diff --git a/modules/auxiliary/scanner/http/novell_mdm_creds.rb b/modules/auxiliary/scanner/http/novell_mdm_creds.rb index 9a3349e800..3c03a14c2d 100644 --- a/modules/auxiliary/scanner/http/novell_mdm_creds.rb +++ b/modules/auxiliary/scanner/http/novell_mdm_creds.rb @@ -97,6 +97,7 @@ class Metasploit3 < Msf::Auxiliary login_data = { core: create_credential(credential_data), status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -122,7 +123,7 @@ class Metasploit3 < Msf::Auxiliary print_good("Got creds. Login:#{user} Password:#{pass}") print_good("Access the admin interface here: #{ip}:#{rport}#{target_uri.path}dashboard/") - report_cred(ip: ip, port: rport, user: user, password: pass) + report_cred(ip: ip, port: rport, user: user, password: pass, proof: res.body) else print_error("Zenworks MDM does not appear to be running at #{ip}") return :abort diff --git a/modules/auxiliary/scanner/http/oracle_ilom_login.rb b/modules/auxiliary/scanner/http/oracle_ilom_login.rb index 0c1f907769..bc29b6d04c 100644 --- a/modules/auxiliary/scanner/http/oracle_ilom_login.rb +++ b/modules/auxiliary/scanner/http/oracle_ilom_login.rb @@ -70,6 +70,33 @@ class Metasploit3 < Msf::Auxiliary end end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + last_attempted_at: Time.now, + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + # # Brute-force the login page # @@ -96,16 +123,14 @@ class Metasploit3 < Msf::Auxiliary if (res and res.code == 200 and res.body.include?("/iPages/suntab.asp") and res.body.include?("SetWebSessionString")) print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") - report_hash = { - :host => rhost, - :port => rport, - :sname => 'Oracle Integrated Lights Out Manager Portal', - :user => user, - :pass => pass, - :active => true, - :type => 'password' - } - report_auth_info(report_hash) + report_cred( + ip: rhost, + port: rport, + service_name: 'Oracle Integrated Lights Out Manager Portal', + user: user, + password: pass, + proof: res.body + ) return :next_user else vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}") diff --git a/modules/auxiliary/scanner/http/pocketpad_login.rb b/modules/auxiliary/scanner/http/pocketpad_login.rb index e0ab987b7b..8aed527ef6 100644 --- a/modules/auxiliary/scanner/http/pocketpad_login.rb +++ b/modules/auxiliary/scanner/http/pocketpad_login.rb @@ -63,6 +63,33 @@ class Metasploit3 < Msf::Auxiliary end end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + last_attempted_time: Time.now, + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + # # Brute-force the login page # @@ -86,16 +113,14 @@ class Metasploit3 < Msf::Auxiliary if (res && res.code == 200 && res.body.include?("Home Page") && res.headers['Server'] && res.headers['Server'].include?("Smeagol")) print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") - report_hash = { - :host => rhost, - :port => rport, - :sname => 'PocketPAD Portal', - :user => user, - :pass => pass, - :active => true, - :type => 'password' - } - report_auth_info(report_hash) + report_cred( + ip: rhost, + port: rport, + service_name: 'PocketPAD Portal', + user: user, + password: pass, + proof: res.body + ) return :next_user else vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}") diff --git a/modules/auxiliary/scanner/http/radware_appdirector_enum.rb b/modules/auxiliary/scanner/http/radware_appdirector_enum.rb index 115ceff6d4..8cf4fdc12f 100644 --- a/modules/auxiliary/scanner/http/radware_appdirector_enum.rb +++ b/modules/auxiliary/scanner/http/radware_appdirector_enum.rb @@ -76,6 +76,32 @@ class Metasploit3 < Msf::Auxiliary end end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + # # Brute-force the login page # @@ -96,16 +122,14 @@ class Metasploit3 < Msf::Auxiliary if (res and res.code == 302 and res.headers['Location'].include?('redirectId')) print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") - report_hash = { - :host => rhost, - :port => rport, - :sname => 'Radware AppDirector', - :user => user, - :pass => pass, - :active => true, - :type => 'password' - } - report_auth_info(report_hash) + report_cred( + ip: rhost, + port: rport, + service_name: 'Radware AppDirector', + user: user, + password: pass, + proof: res.headers['Location'] + ) return :next_user else vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}") diff --git a/modules/auxiliary/scanner/http/rfcode_reader_enum.rb b/modules/auxiliary/scanner/http/rfcode_reader_enum.rb index 62497673fc..cb103e7da7 100644 --- a/modules/auxiliary/scanner/http/rfcode_reader_enum.rb +++ b/modules/auxiliary/scanner/http/rfcode_reader_enum.rb @@ -128,16 +128,14 @@ class Metasploit3 < Msf::Auxiliary collect_info(user, pass) - report_hash = { - :host => rhost, - :port => rport, - :sname => 'RFCode Reader', - :user => user, - :pass => pass, - :active => true, - :type => 'password'} - - report_auth_info(report_hash) + report_cred( + ip: rhost, + port: rport, + service_name: 'RFCode Reader', + user: user, + password: pass, + proof: res.code.to_s + ) return :next_user end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE @@ -146,6 +144,33 @@ class Metasploit3 < Msf::Auxiliary end end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + last_attempted_at: Time.now, + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + # # Collect target info # diff --git a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb index 5621d690b2..f83d2b5033 100644 --- a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb +++ b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb @@ -50,6 +50,30 @@ class Metasploit3 < Msf::Auxiliary } end + def report_cred(opts) + service_data = { + address: opts[:ip], + port: opts[:port], + service_name: opts[:service_name], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def enum_user(user='administrator', pass='pass') vprint_status("#{rhost}:#{rport} - Trying username:'#{user}' password:'#{pass}'") success = false @@ -89,14 +113,12 @@ class Metasploit3 < Msf::Auxiliary if success print_good("#{rhost}:#{rport} - Successful login '#{user}' : '#{pass}'") - report_auth_info( - :host => rhost, - :proto => 'tcp', - :sname => 'sap-businessobjects', - :user => user, - :pass => pass, - :target_host => rhost, - :target_port => rport + report_cred( + ip: rhost, + port: rport, + service_name: 'sap-businessobjects', + user: user, + proof: res.body ) return :next_user else diff --git a/modules/auxiliary/scanner/http/splunk_web_login.rb b/modules/auxiliary/scanner/http/splunk_web_login.rb index 9f7e9a59ab..35833d09af 100644 --- a/modules/auxiliary/scanner/http/splunk_web_login.rb +++ b/modules/auxiliary/scanner/http/splunk_web_login.rb @@ -148,6 +148,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -190,7 +191,7 @@ class Metasploit3 < Msf::Auxiliary end print_good("SUCCESSFUL LOGIN. '#{user}' : '#{pass}'") - report_cred(ip: datastore['RHOST'], port: datastore['RPORT'], user:user, password: pass) + report_cred(ip: datastore['RHOST'], port: datastore['RPORT'], user:user, password: pass, proof: res.code.to_s) return :next_user diff --git a/modules/auxiliary/scanner/http/vcms_login.rb b/modules/auxiliary/scanner/http/vcms_login.rb index 03fa58ab3f..5c14785e1e 100644 --- a/modules/auxiliary/scanner/http/vcms_login.rb +++ b/modules/auxiliary/scanner/http/vcms_login.rb @@ -71,6 +71,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -119,7 +120,7 @@ class Metasploit3 < Msf::Auxiliary vprint_status("#{peer} - Username found: #{user}") when /\/ print_good("#{peer} - Successful login: \"#{user}:#{pass}\"") - report_cred(ip: rhost, port: rport, user:user, password: pass) + report_cred(ip: rhost, port: rport, user:user, password: pass, proof: res.body) return :next_user end end diff --git a/modules/auxiliary/scanner/misc/cctv_dvr_login.rb b/modules/auxiliary/scanner/misc/cctv_dvr_login.rb index b08d53cd3f..2a1337914a 100644 --- a/modules/auxiliary/scanner/misc/cctv_dvr_login.rb +++ b/modules/auxiliary/scanner/misc/cctv_dvr_login.rb @@ -151,6 +151,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -205,7 +206,7 @@ class Metasploit3 < Msf::Auxiliary # Report valid credentials under the CCTV DVR admin port (5920/TCP). # This is a proprietary protocol. - report_cred(ip: rhost, port: rport, user:user, password: pass) + report_cred(ip: rhost, port: rport, user:user, password: pass, proof: res.inspect) @valid_hosts << rhost return :next_user diff --git a/modules/auxiliary/scanner/telnet/telnet_ruggedcom.rb b/modules/auxiliary/scanner/telnet/telnet_ruggedcom.rb index 210a41b647..a23e6058ef 100644 --- a/modules/auxiliary/scanner/telnet/telnet_ruggedcom.rb +++ b/modules/auxiliary/scanner/telnet/telnet_ruggedcom.rb @@ -79,6 +79,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -95,7 +96,7 @@ class Metasploit3 < Msf::Auxiliary mac = banner_santized.match(/((?:[0-9a-f]{2}[-]){5}[0-9a-f]{2})/i)[0] password = mac_to_password(mac) info = get_info(banner_santized) - report_cred(ip: rhost, port: rport, user:'factory', password: password) + report_cred(ip: rhost, port: rport, user:'factory', password: password, proof: banner_santized) break else print_status("It doesn't seem to be a RuggedCom service.") diff --git a/modules/auxiliary/scanner/vmware/vmware_http_login.rb b/modules/auxiliary/scanner/vmware/vmware_http_login.rb index 214dc66eed..505581a4de 100644 --- a/modules/auxiliary/scanner/vmware/vmware_http_login.rb +++ b/modules/auxiliary/scanner/vmware/vmware_http_login.rb @@ -58,6 +58,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -70,7 +71,7 @@ class Metasploit3 < Msf::Auxiliary case result when :success print_good "#{rhost}:#{rport} - Successful Login! (#{user}:#{pass})" - report_cred(ip: rhost, port: rport, user: user, password: pass) + report_cred(ip: rhost, port: rport, user: user, password: pass, proof: result) return if datastore['STOP_ON_SUCCESS'] when :fail print_error "#{rhost}:#{rport} - Login Failure (#{user}:#{pass})" diff --git a/modules/auxiliary/voip/asterisk_login.rb b/modules/auxiliary/voip/asterisk_login.rb index 147a417d1a..a05995214d 100644 --- a/modules/auxiliary/voip/asterisk_login.rb +++ b/modules/auxiliary/voip/asterisk_login.rb @@ -72,6 +72,7 @@ class Metasploit3 < Msf::Auxiliary last_attempted_at: DateTime.now, core: create_credential(credential_data), status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) @@ -117,7 +118,7 @@ class Metasploit3 < Msf::Auxiliary send_manager(cmd) if /Response: Success/.match(@result) print_good("User: \"#{user}\" using pass: \"#{pass}\" - can login on #{rhost}:#{rport}!") - report_cred(ip: rhost, port: rport, user: user, password: pass) + report_cred(ip: rhost, port: rport, user: user, password: pass, proof: @result) disconnect return :next_user else diff --git a/test/modules/auxiliary/test/report_auth_info.rb b/test/modules/auxiliary/test/report_auth_info.rb index 0a43898e17..af7ffcc6b6 100644 --- a/test/modules/auxiliary/test/report_auth_info.rb +++ b/test/modules/auxiliary/test/report_auth_info.rb @@ -26,102 +26,102 @@ class Metasploit3 < Msf::Auxiliary def test_novell_mdm_creds mod = framework.auxiliary.create('scanner/http/novell_mdm_creds') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_joomla_bruteforce_login mod = framework.auxiliary.create('scanner/http/joomla_bruteforce_login') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_infovista_enum mod = framework.auxiliary.create('scanner/http/infovista_enum') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_etherpad_duo_login mod = framework.auxiliary.create('scanner/http/etherpad_duo_login') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_ektron_cms400net mod = framework.auxiliary.create('scanner/http/ektron_cms400net') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_drupal_views_user_enum mod = framework.auxiliary.create('scanner/http/drupal_views_user_enum') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, proof: FAKE_PROOF) end def test_dolibarr_login mod = framework.auxiliary.create('scanner/http/dolibarr_login') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_dlink_dir_session_cgi_http_login mod = framework.auxiliary.create('scanner/http/dlink_dir_session_cgi_http_login') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_dlink_dir_615h_http_login mod = framework.auxiliary.create('scanner/http/dlink_dir_615h_http_login') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_dlink_dir_300_615_http_login mod = framework.auxiliary.create('scanner/http/dlink_dir_300_615_http_login') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_cisco_ssl_vpn mod = framework.auxiliary.create('scanner/http/cisco_ssl_vpn') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_cisco_ironport_enum mod = framework.auxiliary.create('scanner/http/cisco_ironport_enum') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_cisco_asa_asdm mod = framework.auxiliary.create('scanner/http/cisco_asa_asdm') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_axis_local_file_include mod = framework.auxiliary.create('scanner/http/axis_local_file_include') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_splunk_web_login mod = framework.auxiliary.create('scanner/http/splunk_web_login') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_cctv_dvr_login mod = framework.auxiliary.create('scanner/misc/cctv_dvr_login') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_http_vcms_login mod = framework.auxiliary.create('scanner/http/vcms_login') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_telnet_ruggedcom mod = framework.auxiliary.create('scanner/telnet/telnet_ruggedcom') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: 'factory', password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: 'factory', password: FAKE_PASS, proof: FAKE_PROOF) end def test_vmware_http_login mod = framework.auxiliary.create('scanner/vmware/vmware_http_login') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_asterisk_login mod = framework.auxiliary.create('voip/asterisk_login') - mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS) + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end def test_hp_imc_som_create_account @@ -299,6 +299,31 @@ class Metasploit3 < Msf::Auxiliary mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'sap-businessobjects', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) end + def test_sap_businessobjects_user_brute + mod = framework.auxiliary.create('scanner/http/sap_businessobjects_user_brute') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'sap-businessobjects', user: FAKE_USER, proof: FAKE_PROOF) + end + + def test_rfcode_reader_enum + mod = framework.auxiliary.create('scanner/http/rfcode_reader_enum') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'RFCode Reader', user: FAKE_USER, password:FAKE_PASS, proof: FAKE_PROOF) + end + + def test_radware_appdictor_enum + mod = framework.auxiliary.create('scanner/http/radware_appdirector_enum') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'Radware AppDirector', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_pocketpad_login + mod = framework.auxiliary.create('scanner/http/pocketpad_login') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'PocketPAD Portal', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + + def test_oracle_ilom_login + mod = framework.auxiliary.create('scanner/http/oracle_ilom_login') + mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'Oracle Integrated Lights Out Manager Portal', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF) + end + def run self.methods.each do |m| next if m.to_s !~ /^test_.+/