infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change writing style of symantec_web_gateway_login

unstable
wchen-r7 2015-05-13 00:23:37 -05:00
parent 9549d572cc
commit ac0e4e747a
1 changed files with 43 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
modules/auxiliary/scanner/http/symantec_web_gateway_login.rb
View File

@ -32,33 +32,32 @@ class Metasploit3 < Msf::Auxiliary
end
# Initializes CredentialCollection and SymantecWebGateway
def init(ip)
@cred_collection = Metasploit::Framework::CredentialCollection.new(
blank_passwords: datastore['BLANK_PASSWORDS'],
pass_file: datastore['PASS_FILE'],
password: datastore['PASSWORD'],
user_file: datastore['USER_FILE'],
userpass_file: datastore['USERPASS_FILE'],
username: datastore['USERNAME'],
user_as_pass: datastore['USER_AS_PASS']
)
@scanner = Metasploit::Framework::LoginScanner::SymantecWebGateway.new(
configure_http_login_scanner(
host: ip,
port: datastore['RPORT'],
cred_details: @cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 5
def scanner(ip)
@scanner ||= lambda {
cred_collection = Metasploit::Framework::CredentialCollection.new(
blank_passwords: datastore['BLANK_PASSWORDS'],
pass_file: datastore['PASS_FILE'],
password: datastore['PASSWORD'],
user_file: datastore['USER_FILE'],
userpass_file: datastore['USERPASS_FILE'],
username: datastore['USERNAME'],
user_as_pass: datastore['USER_AS_PASS']
)
)
end
return Metasploit::Framework::LoginScanner::SymantecWebGateway.new(
configure_http_login_scanner(
host: ip,
port: datastore['RPORT'],
cred_details: cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 5
))
}.call
end
# Reports a good login credential
def do_report(ip, port, result)
def report_good_cred(ip, port, result)
service_data = {
address: ip,
port: port,
@ -86,39 +85,34 @@ class Metasploit3 < Msf::Auxiliary
end
def report_bad_cred(ip, rport, result)
invalidate_login(
address: ip,
port: rport,
protocol: 'tcp',
public: result.credential.public,
private: result.credential.private,
realm_key: result.credential.realm_key,
realm_value: result.credential.realm,
status: result.status,
proof: result.proof
)
end
# Attempts to login
def bruteforce(ip)
@scanner.scan! do |result|
scanner(ip).scan! do |result|
case result.status
when Metasploit::Model::Login::Status::SUCCESSFUL
print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"
do_report(ip, rport, result)
report_good_cred(ip, rport, result)
when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
vprint_brute :level => :verror, :ip => ip, :msg => result.proof
invalidate_login(
address: ip,
port: rport,
protocol: 'tcp',
public: result.credential.public,
private: result.credential.private,
realm_key: result.credential.realm_key,
realm_value: result.credential.realm,
status: result.status,
proof: result.proof
)
report_bad_cred(ip, rport, result)
when Metasploit::Model::Login::Status::INCORRECT
vprint_brute :level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'"
invalidate_login(
address: ip,
port: rport,
protocol: 'tcp',
public: result.credential.public,
private: result.credential.private,
realm_key: result.credential.realm_key,
realm_value: result.credential.realm,
status: result.status,
proof: result.proof
)
report_bad_cred(ip, rport, result)
end
end
end
@ -126,8 +120,7 @@ class Metasploit3 < Msf::Auxiliary
# Start here
def run_host(ip)
init(ip)
unless @scanner.check_setup
unless scanner(ip).check_setup
print_brute :level => :error, :ip => ip, :msg => 'Target is not Symantec Web Gateway'
return
end