Support checking a single URI for ntlm information.
Spencer McIntyre
parent
1a053909dc
commit
dfa91310c2
|
|
@ -26,30 +26,47 @@ class Metasploit3 < Msf::Auxiliary
|
|||
)
|
||||
register_options(
|
||||
[
|
||||
OptPath.new('TARGETURIS', [ true, "Path to list of URIs to request", File.join(Msf::Config.data_directory, "wordlists", "http_owa_common.txt")])
|
||||
OptString.new('TARGET', [ true, "Target URI information", File.join(Msf::Config.data_directory, "wordlists", "http_owa_common.txt")]),
|
||||
OptEnum.new('TARGETTYPE', [ true, "Whether TARGET is a file of URIs or a single URI", 'FILE', %w{ FILE URI } ])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
File.open(datastore['TARGETURIS'], 'rb').each_line do |line|
|
||||
if datastore['TARGETTYPE'] == 'URI'
|
||||
test_path = normalize_uri(datastore['TARGET'])
|
||||
result = check_url(test_path)
|
||||
if result
|
||||
handle_result(test_path, result)
|
||||
return
|
||||
end
|
||||
end
|
||||
|
||||
File.open(datastore['TARGET'], 'rb').each_line do |line|
|
||||
test_uri = line.chomp
|
||||
test_path = normalize_uri(test_uri)
|
||||
result = check_url(test_path)
|
||||
if result
|
||||
message = "Enumerated info on #{peer}#{test_path} - "
|
||||
handle_result(test_path, result)
|
||||
return
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def handle_result(path, result)
|
||||
message = "Enumerated info on #{peer}#{path} - "
|
||||
message << "(name:#{result[:nb_name]}) "
|
||||
message << "(domain:#{result[:nb_domain]}) "
|
||||
message << "(domain_fqdn:#{result[:dns_domain]}) "
|
||||
message << "(server_fqdn:#{result[:dns_server]})"
|
||||
print_good(message)
|
||||
report_note(
|
||||
:host => ip,
|
||||
:host => rhost,
|
||||
:port => rport,
|
||||
:proto => 'tcp',
|
||||
:sname => (ssl ? 'https' : 'http'),
|
||||
:ntype => 'ntlm.enumeration.info',
|
||||
:data => {
|
||||
:uri=>test_path,
|
||||
:uri => path,
|
||||
:SMBName => result[:nb_name],
|
||||
:SMBDomain => result[:nb_domain],
|
||||
:FQDNDomain => result[:dns_domain],
|
||||
|
|
@ -57,9 +74,6 @@ class Metasploit3 < Msf::Auxiliary
|
|||
},
|
||||
:update => :unique_data
|
||||
)
|
||||
return
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def check_url(test_uri)
|
||||
|
|
@ -72,6 +86,16 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'method' => 'GET',
|
||||
'headers' => { "Authorization" => "NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw=="}
|
||||
})
|
||||
rescue OpenSSL::SSL::SSLError
|
||||
vprint_error("#{peer} - SSL error")
|
||||
return
|
||||
rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError
|
||||
vprint_error("#{peer} - Unable to Connect")
|
||||
return
|
||||
rescue ::Timeout::Error, ::Errno::EPIPE
|
||||
vprint_error("#{peer} - Timeout error")
|
||||
return
|
||||
end
|
||||
|
||||
return if res.nil?
|
||||
|
||||
|
|
@ -96,18 +120,6 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:dns_server => dns_server[:message]
|
||||
}
|
||||
end
|
||||
|
||||
rescue OpenSSL::SSL::SSLError
|
||||
vprint_error("#{peer} - SSL error")
|
||||
return
|
||||
rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError
|
||||
vprint_error("#{peer} - Unable to Connect")
|
||||
return
|
||||
rescue ::Timeout::Error, ::Errno::EPIPE
|
||||
vprint_error("#{peer} - Timeout error")
|
||||
return
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
def parse_ntlm_info(message,pattern,offset)
|
||||
|
|
|
|||
Loading…
Reference in New Issue