infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix up modules calling report_vuln() to use new syntax

unstable
HD Moore 2012-06-17 23:39:20 -05:00
parent e8ad66b799
commit c388cba421
13 changed files with 71 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids.rb
View File

@ -150,8 +150,9 @@ class Metasploit3 < Msf::Auxiliary
report_vuln({
:host => rhost,
:port => rport,
:name => self.fullname,
:refs => self.references
:name => self.name,
:refs => self.references,
:info => "Module #{self.fullname} successfully crashed the target system via RDP"
})
else
print_status("#{rhost}:#{rport} is still up")

4
modules/auxiliary/scanner/http/cisco_device_manager.rb
View File

@ -73,8 +73,8 @@ class Metasploit3 < Msf::Auxiliary
:host => rhost,
:port => rport,
:proto => 'tcp',
:name => self.fullname,
:info => "http://#{rhost}:#{rport}/exec/show/version/CR",
:name => self.name,
:info => "Module #{self.fullname} successfully accessed http://#{rhost}:#{rport}/exec/show/version/CR",
:refs => self.references,
:exploited_at => Time.now.utc
}

11
modules/auxiliary/scanner/http/cisco_ios_auth_bypass.rb
View File

@ -64,8 +64,9 @@ class Metasploit3 < Msf::Auxiliary
:host => rhost,
:port => rport,
:proto => 'tcp',
:name => self.fullname,
:info => "http://#{rhost}:#{rport}/level/#{level}/exec/show/version/CR",
:name => self.name,
:sname => ssl ? "https" : "http",
:info => "Module #{self.fullname} successfully accessed http://#{rhost}:#{rport}/level/#{level}/exec/show/version/CR",
:refs => self.references,
:exploited_at => Time.now.utc
}
@ -83,8 +84,10 @@ class Metasploit3 < Msf::Auxiliary
report_exploit(
{
:host => rhost,
:service => rport,
:name => self.fullname
:port => rport,
:name => self.name,
:sname => ssl ? "https" : "http",
:info => "Module #{self.fullname} successfully captured the configuration file:\n#{config}"
}
)
else

6
modules/auxiliary/scanner/http/frontpage_login.rb
View File

@ -24,7 +24,7 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'FrontPage Server Extensions Login Utility',
'Name' => 'FrontPage Server Extensions Anonymous Login Scanner',
'Version' => '$Revision$',
'Description' => 'This module queries the FrontPage Server Extensions and determines whether anonymous access is allowed.',
'References' =>
@ -133,8 +133,8 @@ class Metasploit3 < Msf::Auxiliary
:host => target_host,
:port => rport,
:proto => 'tcp',
:name => self.fullname,
:info => "#{info} FrontPage ACCESS ALLOWED [#{retcode}]",
:name => self.name,
:info => "Module #{self.fullname} confirmed access to #{info} [#{retcode}]",
:refs => self.references,
:exploited_at => Time.now.utc
}

14
modules/auxiliary/scanner/http/http_put.rb
View File

@ -150,13 +150,14 @@ class Metasploit4 < Msf::Auxiliary
#Check file
if not res.nil? and file_exists(path, data)
print_good("File uploaded: #{(ssl ? 'https' : 'http')}://#{ip}:#{rport}#{path}")
turl = "#{(ssl ? 'https' : 'http')}://#{ip}:#{rport}#{path}"
print_good("File uploaded: #{turl}")
report_vuln(
:host => ip,
:port => rport,
:proto => 'tcp',
:name => self.fullname,
:info => "PUT Enabled",
:name => self.name,
:info => "Module #{self.fullname} confirmed write access to #{turl} via PUT",
:refs => self.references,
:exploited_at => Time.now.utc
)
@ -182,14 +183,15 @@ class Metasploit4 < Msf::Auxiliary
if res.nil? or file_exists(path, data)
print_error("DELETE failed. File is still there.")
else
print_good("File deleted: #{(ssl ? 'https' : 'http')}://#{ip}:#{rport}#{path}")
turl = "#{(ssl ? 'https' : 'http')}://#{ip}:#{rport}#{path}"
print_good("File deleted: #{turl}")
report_vuln(
:host => ip,
:port => rport,
:proto => 'tcp',
:sname => (ssl ? 'https' : 'http'),
:name => self.fullname,
:info => "DELETE ENABLED",
:name => self.name,
:info => "Module #{self.fullname} confirmed write access to #{turl} via DELETE",
:refs => self.references,
:exploited_at => Time.now.utc
)

24
modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb
View File

@ -22,13 +22,12 @@ class Metasploit3 < Msf::Auxiliary
def initialize(info = {})
super(update_info(info,
'Name' => 'MS09-020 IIS6 WebDAV Unicode Auth Bypass',
'Name' => 'MS09-020 IIS6 WebDAV Unicode Authentication Bypass',
'Description' => %q{
Simplified version of MS09-020 IIS6 WebDAV Unicode Auth Bypass scanner. It attempts
to bypass authentication using the WebDAV IIS6 Unicode vulnerability
discovered by Kingcope. The vulnerability appears to be exploitable
where WebDAV is enabled on the IIS6 server, and any protected folder
requires either Basic, Digest or NTLM authentication.
This module attempts to to bypass authentication using the WebDAV IIS6
Unicode vulnerability discovered by Kingcope. The vulnerability appears
to be exploitable where WebDAV is enabled on the IIS6 server, and any
protected folder requires either Basic, Digest or NTLM authentication.
},
'Author' => [ 'et', 'patrick' ],
'Version' => '$Revision$',
@ -77,8 +76,8 @@ class Metasploit3 < Msf::Auxiliary
if(not res)
print_error("NO Response.")
elsif (res.code.to_i == 401)
print_status("Confirmed protected folder #{wmap_base_url}#{tpath} #{res.code} (#{wmap_target_host})")
print_status("\tTesting for unicode bypass in IIS6 with WebDAV enabled using PROPFIND request.")
print_status("#{rhost}:#{rport} Confirmed protected folder #{wmap_base_url}#{tpath} #{res.code} (#{wmap_target_host})")
print_status("#{rhost}:#{rport} \tTesting for unicode bypass in IIS6 with WebDAV enabled using PROPFIND request.")
cset = %W{ & ^ % $ # @ ! }
buff = ''
@ -100,7 +99,7 @@ class Metasploit3 < Msf::Auxiliary
}, 20)
if (res.code.to_i == 207)
print_status("\tFound vulnerable WebDAV Unicode bypass. #{wmap_base_url}#{tpath}#{bogus}/ #{res.code} (#{wmap_target_host})")
print_status("#{rhost}:#{rport} \tFound vulnerable WebDAV Unicode bypass. #{wmap_base_url}#{tpath}#{bogus}/ #{res.code} (#{wmap_target_host})")
report_vuln(
@ -108,8 +107,9 @@ class Metasploit3 < Msf::Auxiliary
:host => ip,
:port => rport,
:proto => 'tcp',
:name => self.fullname,
:info => "#{tpath}#{bogus} / Code: #{res.code}",
:sname => ssl ? 'https' : 'http',
:name => self.name,
:info => "Module #{self.fullname} bypassed authentication with #{tpath}#{bogus} (response code #{res.code})",
:refs => self.references,
:exploited_at => Time.now.utc
}
@ -117,7 +117,7 @@ class Metasploit3 < Msf::Auxiliary
end
else
print_error("Folder does not require authentication. [#{res.code}]")
print_error("#{rhost}:#{rport} Folder does not require authentication. [#{res.code}]")
end
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
rescue ::Timeout::Error, ::Errno::E877PIPE

4
modules/auxiliary/scanner/http/options.rb
View File

@ -67,8 +67,8 @@ class Metasploit3 < Msf::Auxiliary
:port => rport,
:proto => 'tcp',
:sname => (ssl ? 'https' : 'http'),
:name => self.fullname,
:info => res.headers['Allow'],
:name => "HTTP Trace Method Allowed",
:info => "Module #{self.fullname} detected TRACE access through the Allow header: #{res.headers['Allow']}",
:refs => self.references,
:exploited_at => Time.now.utc
)

17
modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb
View File

@ -17,7 +17,7 @@ class Metasploit4 < Msf::Auxiliary
def initialize
super(
'Name' => 'Reverse Proxy Bypass Scanner',
'Name' => 'Apache Reverse Proxy Bypass Vulnerability Scanner',
'Version' => '$Revision$',
'Description' => %q{
Scan for poorly configured reverse proxy servers.
@ -66,15 +66,15 @@ class Metasploit4 < Msf::Auxiliary
end
if response.nil?
vprint_error "Request against #{host} timed out"
vprint_error "#{rhost}:#{rport} Request timed out"
return nil
end
seconds_transpired = (responded_at - requested_at).to_f
vprint_status "#{host} took #{seconds_transpired} seconds to respond to URI #{uri}"
vprint_status "#{rhost}:#{rport} Server took #{seconds_transpired} seconds to respond to URI #{uri}"
status_code = response.code
vprint_status "#{host} responded with status code #{status_code} to URI #{uri}"
vprint_status "#{rhost}:#{rport} Server responded with status code #{status_code} to URI #{uri}"
return {
:requested_at => requested_at,
@ -92,7 +92,7 @@ class Metasploit4 < Msf::Auxiliary
end
if baseline[:status_code] == test_status_code
vprint_error "The baseline status code for #{host} matches our test's"
vprint_error "#{rhost}:#{rport} The baseline status code for #{host} matches our test's"
return
end
@ -101,13 +101,14 @@ class Metasploit4 < Msf::Auxiliary
status_code = injection_info[:status_code]
if status_code == test_status_code
print_good "#{host}:#{rport} is vulnerable!"
print_good "#{rhost}:#{rport} Server appears to be vulnerable!"
report_vuln(
:host => host,
:port => rport,
:proto => 'tcp',
:name => self.fullname,
:info => "Returned #{status_code} when requested #{uri}",
:sname => ssl ? 'https' : 'http',
:name => self.name,
:info => "Module #{self.fullname} obtained #{status_code} when requesting #{uri}",
:refs => self.references,
:exploited_at => injection_info[:requested_at]
)

8
modules/auxiliary/scanner/http/vmware_server_dir_trav.rb
View File

@ -21,9 +21,9 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'VMware Server Directory Transversal Vulnerability',
'Name' => 'VMware Server Directory Traversal Vulnerability',
'Version' => '$Revision$',
'Description' => 'This modules exploits the VMware Server Directory traversal
'Description' => 'This modules exploits the VMware Server Directory Traversal
vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before
2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5
allows remote attackers to read arbitrary files. Common VMware server ports
@ -68,8 +68,8 @@ class Metasploit3 < Msf::Auxiliary
:host => target_host,
:port => rport,
:proto => 'tcp',
:name => self.fullname,
:info => res.code,
:name => self.name,
:info => "Module #{self.fullname} reports directory traversal of #{target_host}:#{rport} with response code #{res.code}",
:refs => self.references,
:exploited_at => Time.now.utc
}

12
modules/auxiliary/scanner/misc/java_rmi_server.rb
View File

@ -19,7 +19,7 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'Java RMI Server Endpoint Scanner',
'Name' => 'Java RMI Server Insecure Endpoint Code Execution Scanner',
'Version' => '$Revision$',
'Description' => 'Detect Java RMI endpoints',
'Author' => ['mihi', 'hdm'],
@ -95,14 +95,12 @@ class Metasploit3 < Msf::Auxiliary
report_service(:host => rhost, :port => rport, :name => "java-rmi", :info => "Class Loader: Disabled")
elsif buf.length > 0
print_good("#{rhost}:#{rport} Java RMI Endpoint Detected: Class Loader Enabled")
report_service(:host => rhost, :port => rport, :name => "java-rmi", :info => "Class Loader: Enabled")
svc = report_service(:host => rhost, :port => rport, :name => "java-rmi", :info => "Class Loader: Enabled")
report_vuln(
:host => rhost,
:port => rport,
:proto => 'tcp',
:sname => (ssl ? 'https' : 'http'),
:name => self.fullname,
:info => "Class Loader: Enabled",
:service => svc,
:name => self.name,
:info => "Module #{self.fullname} confirmed remote code execution via this RMI service",
:refs => self.references
)
else

13
modules/auxiliary/scanner/telnet/telnet_encrypt_overflow.rb
View File

@ -50,7 +50,7 @@ class Metasploit3 < Msf::Auxiliary
# This makes db_services look a lot nicer.
banner_sanitized = Rex::Text.to_hex_ascii(banner.to_s)
report_service(:host => rhost, :port => rport, :name => "telnet", :info => banner_sanitized)
svc = report_service(:host => rhost, :port => rport, :name => "telnet", :info => banner_sanitized)
# Check for encryption option ( IS(0) DES_CFB64(1) )
sock.put("\xff\xfa\x26\x00\x01\x01\x12\x13\x14\x15\x16\x17\x18\x19\xff\xf0")
@ -124,12 +124,11 @@ class Metasploit3 < Msf::Auxiliary
print_good("#{ip}:#{rport} VULNERABLE: #{banner_sanitized}")
report_vuln(
{
:host => ip,
:port => rport,
:proto => 'tcp',
:name => self.fullname,
:info => banner_sanitized,
:refs => self.references
:host => ip,
:service => svc,
:name => self.name,
:info => "Module #{self.fullname} confirmed acceptance of a long key ID: #{banner_sanitized}",
:refs => self.references
}
)

13
modules/auxiliary/scanner/vnc/vnc_none_auth.rb
View File

@ -53,7 +53,7 @@ class Metasploit3 < Msf::Auxiliary
ver = "#{vnc.majver}.#{vnc.minver}"
print_status("#{target_host}:#{rport}, VNC server protocol version : #{ver}")
report_service(
svc = report_service(
:host => rhost,
:port => rport,
:proto => 'tcp',
@ -77,12 +77,11 @@ class Metasploit3 < Msf::Auxiliary
print_good("#{target_host}:#{rport}, VNC server security types includes None, free access!")
report_vuln(
{
:host => rhost,
:port => rport,
:proto => 'tcp',
:name => self.fullname,
:info => sec_type.join(","),
:refs => self.references,
:host => rhost,
:service => svc,
:name => self.name,
:info => "Module #{self.fullname} identified the VNC 'none' security type: #{sec_type.join(", ")}",
:refs => self.references,
:exploited_at => Time.now.utc
})
end

8
modules/post/windows/gather/forensics/duqu_check.rb
View File

@ -55,11 +55,11 @@ class Metasploit3 < Msf::Post
match += 1
report_vuln(
:host => session.session_host,
:name => self.fullname,
:info => "#{path}\\#{query} possible CVE-2011-3402 exploitation [Duqu] artifact.",
:name => self.name,
:info => "Module #{self.fullname} detected #{path}\\#{query} - possible CVE-2011-3402 exploitation [Duqu] artifact.",
:refs => self.references,
:exploited_at => Time.now.utc
)
:exploited_at => Time.now.utc,
)
end
end
rescue # Probably should do something here...