working snmp_login module

2014-07-22 12:44:21 -05:00 · 2014-07-22 12:44:21 -05:00 · e54f5e8ee7
parent c553fcac73
commit e54f5e8ee7
2 changed files with 68 additions and 10 deletions
--- a/lib/metasploit/framework/community_string_collection.rb
+++ b/lib/metasploit/framework/community_string_collection.rb
@ -41,16 +41,21 @@ module Metasploit
      # @yieldparam credential [Metasploit::Framework::Credential]
      # @return [void]
      def each
-        if pass_file.present?
-          pass_fd = File.open(pass_file, 'r:binary')
-          pass_fd.each_line do |line|
-            line.chomp!
-            yield Metasploit::Framework::Credential.new(public: line, paired: false)
+        begin
+          if pass_file.present?
+            pass_fd = File.open(pass_file, 'r:binary')
+            pass_fd.each_line do |line|
+              line.chomp!
+              yield Metasploit::Framework::Credential.new(public: line, paired: false)
+            end
          end
-        end

-        if password.present?
-          yield Metasploit::Framework::Credential.new(public: password, paired: false)
+          if password.present?
+            yield Metasploit::Framework::Credential.new(public: password, paired: false)
+          end
+
+        ensure
+          pass_fd.close if pass_fd && !pass_fd.closed?
        end
      end

--- a/modules/auxiliary/scanner/snmp/snmp_login.rb
+++ b/modules/auxiliary/scanner/snmp/snmp_login.rb
@ -5,8 +5,8 @@


 require 'msf/core'
-require 'openssl'
-require 'snmp'
+require 'metasploit/framework/community_string_collection'
+require 'metasploit/framework/login_scanner/snmp'

 class Metasploit3 < Msf::Auxiliary

@ -50,11 +50,64 @@ class Metasploit3 < Msf::Auxiliary
  def run_batch(batch)

    batch.each do |ip|
+      collection = Metasploit::Framework::CommunityStringCollection.new(
+          pass_file: datastore['PASS_FILE'],
+          password: datastore['PASSWORD']
+      )

+      scanner = Metasploit::Framework::LoginScanner::SNMP.new(
+          host: ip,
+          port: rport,
+          cred_details: collection,
+          stop_on_success: datastore['STOP_ON_SUCCESS'],
+          connection_timeout: 2
+      )

+      service_data = {
+          address: ip,
+          port: rport,
+          service_name: 'snmp',
+          protocol: 'udp',
+          workspace_id: myworkspace_id
+      }

+      scanner.scan! do |result|
+        if result.success?
+          credential_data = {
+              module_fullname: self.fullname,
+              origin_type: :service,
+              username: result.credential.public
+          }
+          credential_data.merge!(service_data)
+
+          credential_core = create_credential(credential_data)
+
+          login_data = {
+              core: credential_core,
+              last_attempted_at: DateTime.now,
+              status: Metasploit::Model::Login::Status::SUCCESSFUL
+          }
+          login_data.merge!(service_data)
+
+          create_credential_login(login_data)
+          print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}"
+        else
+          invalidate_data = {
+              public: result.credential.public,
+              private: result.credential.private,
+              realm_key: result.credential.realm_key,
+              realm_value: result.credential.realm,
+              status: result.status
+          } .merge(service_data)
+          invalidate_login(invalidate_data)
+          print_status "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
+        end
+      end
    end
+  end

+  def rport
+    datastore['RPORT']
  end