From a25475fac0574463576a7195a8fbe89f4e0e0c4a Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 19 Feb 2012 18:53:03 -0600 Subject: [PATCH] Revert "Add a new vmauthd_version scanner (also pulls in the SSL cert if" This reverts commit c4ea27d32b46d894e98280b800ebacb78b557aaf. --- .../scanner/vmware/vmauthd_version.rb | 135 ------------------ 1 file changed, 135 deletions(-) delete mode 100644 modules/auxiliary/scanner/vmware/vmauthd_version.rb diff --git a/modules/auxiliary/scanner/vmware/vmauthd_version.rb b/modules/auxiliary/scanner/vmware/vmauthd_version.rb deleted file mode 100644 index 39e8f67ba2..0000000000 --- a/modules/auxiliary/scanner/vmware/vmauthd_version.rb +++ /dev/null @@ -1,135 +0,0 @@ -## -# $Id$ -## - -## -# This file is part of the Metasploit Framework and may be subject to -# redistribution and commercial restrictions. Please see the Metasploit -# Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ -## - -require 'msf/core/exploit/tcp' - -class Metasploit3 < Msf::Auxiliary - - include Exploit::Remote::Tcp - include Msf::Auxiliary::Scanner - include Msf::Auxiliary::Report - - @@cached_rsa_key = nil - - def initialize - super( - 'Name' => 'VMWare Authentication Daemon Version Scanner', - 'Version' => '$Revision$', - 'Description' => %q{ - This module will identify information about a host through the - vmauthd service. - }, - 'Author' => ['TheLightCosine ', 'hdm'], - 'License' => MSF_LICENSE - ) - - register_options([Opt::RPORT(902)]) - - end - - - - def run_host(ip) - begin - - connect rescue nil - if not self.sock - return - end - - banner = sock.get_once(-1, 10) - if not banner - print_error "#{rhost}:#{rport} No banner received from vmauthd" - return - end - - banner = banner.strip - - unless banner =~ /VMware Authentication Daemon/ - print_error "#{rhost}:#{rport} This does not appear to be a vmauthd service" - return - end - - cert = nil - - if banner =~ /SSL/ - print_status("#{rhost}:#{rport} Switching to SSL connection...") - swap_sock_plain_to_ssl - cert = self.sock.peer_cert - end - - if cert - banner << " Certificate:#{cert.subject.to_s}" - end - - print_status "#{rhost}:#{rport} Banner: #{banner}" - - report_service( - :host => rhost, - :port => rport, - :sname => 'vmauthd', - :info => banner, - :proto => 'tcp' - ) - - - rescue ::Interrupt - raise $! - ensure - disconnect - end - - end - - def do_login(user, pass, nsock=self.sock) - nsock.put("USER #{user}\r\n") - res = nsock.get_once - unless res.start_with? "331" - ret_msg = "Unexpected reply to the USER command: #{res}" - return ret_msg - end - nsock.put("PASS #{pass}\r\n") - res = nsock.get_once - if res.start_with? "530" - return :failed - elsif res.start_with? "230" - return :success - else - ret_msg = "Unexpected reply to the PASS command: #{res}" - return ret_msg - end - end - - def swap_sock_plain_to_ssl(nsock=self.sock) - ctx = generate_ssl_context() - ssl = OpenSSL::SSL::SSLSocket.new(nsock, ctx) - - ssl.connect - - nsock.extend(Rex::Socket::SslTcp) - nsock.sslsock = ssl - nsock.sslctx = ctx - end - - def generate_ssl_context - ctx = OpenSSL::SSL::SSLContext.new(:SSLv3) - @@cached_rsa_key ||= OpenSSL::PKey::RSA.new(1024){ } - - ctx.key = @@cached_rsa_key - - ctx.session_id_context = Rex::Text.rand_text(16) - - return ctx - end - - -end -