working snmp_login module
parent
c553fcac73
commit
e54f5e8ee7
|
@ -41,6 +41,7 @@ module Metasploit
|
||||||
# @yieldparam credential [Metasploit::Framework::Credential]
|
# @yieldparam credential [Metasploit::Framework::Credential]
|
||||||
# @return [void]
|
# @return [void]
|
||||||
def each
|
def each
|
||||||
|
begin
|
||||||
if pass_file.present?
|
if pass_file.present?
|
||||||
pass_fd = File.open(pass_file, 'r:binary')
|
pass_fd = File.open(pass_file, 'r:binary')
|
||||||
pass_fd.each_line do |line|
|
pass_fd.each_line do |line|
|
||||||
|
@ -52,6 +53,10 @@ module Metasploit
|
||||||
if password.present?
|
if password.present?
|
||||||
yield Metasploit::Framework::Credential.new(public: password, paired: false)
|
yield Metasploit::Framework::Credential.new(public: password, paired: false)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
ensure
|
||||||
|
pass_fd.close if pass_fd && !pass_fd.closed?
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# Add {Credential credentials} that will be yielded by {#each}
|
# Add {Credential credentials} that will be yielded by {#each}
|
||||||
|
|
|
@ -5,8 +5,8 @@
|
||||||
|
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
require 'openssl'
|
require 'metasploit/framework/community_string_collection'
|
||||||
require 'snmp'
|
require 'metasploit/framework/login_scanner/snmp'
|
||||||
|
|
||||||
class Metasploit3 < Msf::Auxiliary
|
class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
|
@ -50,11 +50,64 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
def run_batch(batch)
|
def run_batch(batch)
|
||||||
|
|
||||||
batch.each do |ip|
|
batch.each do |ip|
|
||||||
|
collection = Metasploit::Framework::CommunityStringCollection.new(
|
||||||
|
pass_file: datastore['PASS_FILE'],
|
||||||
|
password: datastore['PASSWORD']
|
||||||
|
)
|
||||||
|
|
||||||
|
scanner = Metasploit::Framework::LoginScanner::SNMP.new(
|
||||||
|
host: ip,
|
||||||
|
port: rport,
|
||||||
|
cred_details: collection,
|
||||||
|
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||||
|
connection_timeout: 2
|
||||||
|
)
|
||||||
|
|
||||||
|
service_data = {
|
||||||
|
address: ip,
|
||||||
|
port: rport,
|
||||||
|
service_name: 'snmp',
|
||||||
|
protocol: 'udp',
|
||||||
|
workspace_id: myworkspace_id
|
||||||
|
}
|
||||||
|
|
||||||
|
scanner.scan! do |result|
|
||||||
|
if result.success?
|
||||||
|
credential_data = {
|
||||||
|
module_fullname: self.fullname,
|
||||||
|
origin_type: :service,
|
||||||
|
username: result.credential.public
|
||||||
|
}
|
||||||
|
credential_data.merge!(service_data)
|
||||||
|
|
||||||
|
credential_core = create_credential(credential_data)
|
||||||
|
|
||||||
|
login_data = {
|
||||||
|
core: credential_core,
|
||||||
|
last_attempted_at: DateTime.now,
|
||||||
|
status: Metasploit::Model::Login::Status::SUCCESSFUL
|
||||||
|
}
|
||||||
|
login_data.merge!(service_data)
|
||||||
|
|
||||||
|
create_credential_login(login_data)
|
||||||
|
print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}"
|
||||||
|
else
|
||||||
|
invalidate_data = {
|
||||||
|
public: result.credential.public,
|
||||||
|
private: result.credential.private,
|
||||||
|
realm_key: result.credential.realm_key,
|
||||||
|
realm_value: result.credential.realm,
|
||||||
|
status: result.status
|
||||||
|
} .merge(service_data)
|
||||||
|
invalidate_login(invalidate_data)
|
||||||
|
print_status "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def rport
|
||||||
|
datastore['RPORT']
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue