refactor auxiliary/admin/http credential storage
parent
b7b1995238
commit
eaca873112
|
@ -69,32 +69,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
return nil
|
return nil
|
||||||
end
|
end
|
||||||
|
|
||||||
def report_cred(opts)
|
|
||||||
service_data = {
|
|
||||||
address: opts[:ip],
|
|
||||||
port: opts[:port],
|
|
||||||
service_name: opts[:service_name],
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data = {
|
|
||||||
origin_type: :service,
|
|
||||||
module_fullname: fullname,
|
|
||||||
username: opts[:user],
|
|
||||||
private_data: opts[:password],
|
|
||||||
private_type: :password
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
login_data = {
|
|
||||||
core: create_credential(credential_data),
|
|
||||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
|
||||||
proof: opts[:proof]
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
create_credential_login(login_data)
|
|
||||||
end
|
|
||||||
|
|
||||||
def run
|
def run
|
||||||
|
|
||||||
print_status("Trying to find the service desk service strong name...")
|
print_status("Trying to find the service desk service strong name...")
|
||||||
|
@ -256,14 +230,16 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
login_url = ssl ? "https://" : "http://"
|
login_url = ssl ? "https://" : "http://"
|
||||||
login_url << "#{rhost}:#{rport}/servicedesk/ServiceDesk.jsp"
|
login_url << "#{rhost}:#{rport}/servicedesk/ServiceDesk.jsp"
|
||||||
|
|
||||||
report_cred(
|
connection_details = {
|
||||||
ip: rhost,
|
module_fullname: self.fullname,
|
||||||
port: rport,
|
username: datastore['USERNAME'],
|
||||||
service_name: (ssl ? "https" : "http"),
|
private_data: datastore['PASSWORD'],
|
||||||
user: datastore['USERNAME'],
|
private_type: :password,
|
||||||
password: datastore['PASSWORD'],
|
workspace_id: myworkspace_id,
|
||||||
proof: "#{login_url}\n#{res.body}"
|
proof: "#{login_url}\n#{res.body}",
|
||||||
)
|
status: Metasploit::Model::Login::Status::UNTRIED
|
||||||
|
}.merge(service_details)
|
||||||
|
create_credential_and_login(connection_details)
|
||||||
|
|
||||||
print_good("Account #{datastore["USERNAME"]}/#{datastore["PASSWORD"]} created successfully.")
|
print_good("Account #{datastore["USERNAME"]}/#{datastore["PASSWORD"]} created successfully.")
|
||||||
print_status("Use it to log into #{login_url}")
|
print_status("Use it to log into #{login_url}")
|
||||||
|
|
|
@ -31,35 +31,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
def report_cred(opts)
|
|
||||||
service_data = {
|
|
||||||
address: opts[:ip],
|
|
||||||
port: opts[:port],
|
|
||||||
service_name: opts[:service_name],
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data = {
|
|
||||||
origin_type: :service,
|
|
||||||
module_fullname: fullname,
|
|
||||||
username: opts[:user],
|
|
||||||
private_data: opts[:password],
|
|
||||||
private_type: :password
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
login_data = {
|
|
||||||
last_attempted_at: DateTime.now,
|
|
||||||
core: create_credential(credential_data),
|
|
||||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
|
||||||
proof: opts[:proof]
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
create_credential_login(login_data)
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
def run
|
def run
|
||||||
|
|
||||||
vprint_status("#{rhost}:#{rport} - Trying to access the configuration of the device")
|
vprint_status("#{rhost}:#{rport} - Trying to access the configuration of the device")
|
||||||
|
@ -99,6 +70,19 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
vprint_good("user: #{@user}")
|
vprint_good("user: #{@user}")
|
||||||
vprint_good("pass: #{pass}")
|
vprint_good("pass: #{pass}")
|
||||||
|
|
||||||
|
|
||||||
|
connection_details = {
|
||||||
|
module_fullname: self.fullname,
|
||||||
|
username: @user,
|
||||||
|
private_data: pass,
|
||||||
|
private_type: :password,
|
||||||
|
workspace_id: myworkspace_id,
|
||||||
|
proof: line,
|
||||||
|
last_attempted_at: DateTime.now, # kept in refactor may not be valid, obtained but do not attempted here
|
||||||
|
status: Metasploit::Model::Login::Status::UNTRIED
|
||||||
|
}.merge(service_details)
|
||||||
|
create_credential_and_login(connection_details)
|
||||||
|
|
||||||
report_cred(
|
report_cred(
|
||||||
ip: rhost,
|
ip: rhost,
|
||||||
port: rport,
|
port: rport,
|
||||||
|
|
|
@ -29,33 +29,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
def report_cred(opts)
|
|
||||||
service_data = {
|
|
||||||
address: opts[:ip],
|
|
||||||
port: opts[:port],
|
|
||||||
service_name: opts[:service_name],
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data = {
|
|
||||||
origin_type: :service,
|
|
||||||
module_fullname: fullname,
|
|
||||||
username: opts[:user],
|
|
||||||
private_data: opts[:password],
|
|
||||||
private_type: :password
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
login_data = {
|
|
||||||
last_attempted_at: DateTime.now,
|
|
||||||
core: create_credential(credential_data),
|
|
||||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
|
||||||
proof: opts[:proof]
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
create_credential_login(login_data)
|
|
||||||
end
|
|
||||||
|
|
||||||
def run
|
def run
|
||||||
vprint_status("#{rhost}:#{rport} - Trying to access the configuration of the device")
|
vprint_status("#{rhost}:#{rport} - Trying to access the configuration of the device")
|
||||||
|
|
||||||
|
@ -93,14 +66,19 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
pass = $1
|
pass = $1
|
||||||
pass = Rex::Text.decode_base64(pass)
|
pass = Rex::Text.decode_base64(pass)
|
||||||
print_good("#{rhost}:#{rport} - Credentials found: #{user} / #{pass}")
|
print_good("#{rhost}:#{rport} - Credentials found: #{user} / #{pass}")
|
||||||
report_cred(
|
|
||||||
ip: rhost,
|
connection_details = {
|
||||||
port: rport,
|
module_fullname: self.fullname,
|
||||||
sname: 'http',
|
username: user,
|
||||||
user: user,
|
private_data: pass,
|
||||||
password: pass,
|
private_type: :password,
|
||||||
proof: line
|
workspace_id: myworkspace_id,
|
||||||
)
|
proof: line,
|
||||||
|
last_attempted_at: DateTime.now, # kept in refactor may not be valid, obtained but do not attempted here
|
||||||
|
status: Metasploit::Model::Login::Status::UNTRIED
|
||||||
|
}.merge(service_details)
|
||||||
|
create_credential_and_login(connection_details)
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -76,30 +76,16 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
|
|
||||||
print_good("Master Administrator account with credentials #{datastore['KASEYA_USER']}:#{datastore['KASEYA_PASS']} created")
|
print_good("Master Administrator account with credentials #{datastore['KASEYA_USER']}:#{datastore['KASEYA_PASS']} created")
|
||||||
service_data = {
|
|
||||||
address: rhost,
|
|
||||||
port: rport,
|
|
||||||
service_name: (ssl ? 'https' : 'http'),
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data = {
|
connection_details = {
|
||||||
origin_type: :service,
|
|
||||||
module_fullname: self.fullname,
|
module_fullname: self.fullname,
|
||||||
private_type: :password,
|
username: datastore['KASEYA_USER'],
|
||||||
private_data: datastore['KASEYA_PASS'],
|
private_data: datastore['KASEYA_PASS'],
|
||||||
username: datastore['KASEYA_USER']
|
private_type: :password,
|
||||||
}
|
workspace_id: myworkspace_id,
|
||||||
|
|
||||||
credential_data.merge!(service_data)
|
|
||||||
credential_core = create_credential(credential_data)
|
|
||||||
login_data = {
|
|
||||||
core: credential_core,
|
|
||||||
access_level: 'Master Administrator',
|
access_level: 'Master Administrator',
|
||||||
status: Metasploit::Model::Login::Status::UNTRIED
|
status: Metasploit::Model::Login::Status::UNTRIED
|
||||||
}
|
}.merge(service_details)
|
||||||
login_data.merge!(service_data)
|
create_credential_and_login(connection_details)
|
||||||
create_credential_login(login_data)
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -67,29 +67,15 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
|
|
||||||
print_good("Created Administrator account with credentials #{datastore['USERNAME']}:#{datastore['PASSWORD']}")
|
print_good("Created Administrator account with credentials #{datastore['USERNAME']}:#{datastore['PASSWORD']}")
|
||||||
service_data = {
|
connection_details = {
|
||||||
address: rhost,
|
|
||||||
port: rport,
|
|
||||||
service_name: (ssl ? 'https' : 'http'),
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
credential_data = {
|
|
||||||
origin_type: :service,
|
|
||||||
module_fullname: self.fullname,
|
module_fullname: self.fullname,
|
||||||
private_type: :password,
|
username: datastore['USERNAME'],
|
||||||
private_data: datastore['PASSWORD'],
|
private_data: datastore['PASSWORD'],
|
||||||
username: datastore['USERNAME']
|
private_type: :password,
|
||||||
}
|
workspace_id: myworkspace_id,
|
||||||
|
|
||||||
credential_data.merge!(service_data)
|
|
||||||
credential_core = create_credential(credential_data)
|
|
||||||
login_data = {
|
|
||||||
core: credential_core,
|
|
||||||
access_level: 'Administrator',
|
access_level: 'Administrator',
|
||||||
status: Metasploit::Model::Login::Status::UNTRIED
|
status: Metasploit::Model::Login::Status::UNTRIED
|
||||||
}
|
}.merge(service_details)
|
||||||
login_data.merge!(service_data)
|
create_credential_and_login(connection_details)
|
||||||
create_credential_login(login_data)
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -240,41 +240,14 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status("Reporting Super Administrator credentials...")
|
print_status("Reporting Super Administrator credentials...")
|
||||||
report_super_admin_creds(username, password)
|
store_valid_credentail(user: username, private: password)
|
||||||
|
|
||||||
print_status("Leaking Password database...")
|
print_status("Leaking Password database...")
|
||||||
loot_passwords(cookie_su)
|
loot_passwords(cookie_su)
|
||||||
end
|
end
|
||||||
|
|
||||||
def report_super_admin_creds(username, password)
|
def service_details
|
||||||
status = Metasploit::Model::Login::Status::SUCCESSFUL
|
super.merge({access_level: 'Super Administrator'})
|
||||||
|
|
||||||
service_data = {
|
|
||||||
address: rhost,
|
|
||||||
port: rport,
|
|
||||||
service_name: 'https',
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data = {
|
|
||||||
origin_type: :service,
|
|
||||||
module_fullname: self.fullname,
|
|
||||||
private_type: :password,
|
|
||||||
private_data: username,
|
|
||||||
username: password
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data.merge!(service_data)
|
|
||||||
credential_core = create_credential(credential_data)
|
|
||||||
login_data = {
|
|
||||||
core: credential_core,
|
|
||||||
access_level: 'Super Administrator',
|
|
||||||
status: status,
|
|
||||||
last_attempted_at: DateTime.now
|
|
||||||
}
|
|
||||||
login_data.merge!(service_data)
|
|
||||||
create_credential_login(login_data)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def loot_passwords(cookie_admin)
|
def loot_passwords(cookie_admin)
|
||||||
|
|
|
@ -149,45 +149,13 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
print_good("File saved in: #{path}")
|
print_good("File saved in: #{path}")
|
||||||
end
|
end
|
||||||
|
|
||||||
def report_cred(opts)
|
|
||||||
service_data = {
|
|
||||||
address: rhost,
|
|
||||||
port: rport,
|
|
||||||
service_name: 'netgear',
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data = {
|
|
||||||
origin_type: :service,
|
|
||||||
module_fullname: fullname,
|
|
||||||
username: opts[:user],
|
|
||||||
private_data: opts[:password],
|
|
||||||
private_type: :password
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
login_data = {
|
|
||||||
last_attempted_at: DateTime.now,
|
|
||||||
core: create_credential(credential_data),
|
|
||||||
status: Metasploit::Model::Login::Status::SUCCESSFUL,
|
|
||||||
proof: opts[:proof]
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
create_credential_login(login_data)
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
def run
|
def run
|
||||||
cookie = authenticate
|
cookie = authenticate
|
||||||
if cookie == nil
|
if cookie == nil
|
||||||
fail_with(Failure::Unknown, "#{peer} - Failed to log in with the provided credentials.")
|
fail_with(Failure::Unknown, "#{peer} - Failed to log in with the provided credentials.")
|
||||||
else
|
else
|
||||||
print_good("#{peer} - Logged in with #{datastore['USERNAME']}:#{datastore['PASSWORD']} successfully.")
|
print_good("#{peer} - Logged in with #{datastore['USERNAME']}:#{datastore['PASSWORD']} successfully.")
|
||||||
report_cred(
|
store_valid_credential(user: datastore['USERNAME'], private: datastore['PASSWORD'], proof: cookie) # more consistent service_name and protocol
|
||||||
user: datastore['USERNAME'],
|
|
||||||
password: datastore['PASSWORD'],
|
|
||||||
proof: cookie
|
|
||||||
)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
if datastore['FILEPATH'].blank?
|
if datastore['FILEPATH'].blank?
|
||||||
|
|
|
@ -131,33 +131,14 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
pass = $1
|
pass = $1
|
||||||
print_good("admin / #{pass} credentials found")
|
print_good("admin / #{pass} credentials found")
|
||||||
|
|
||||||
service_data = {
|
connection_details = {
|
||||||
address: rhost,
|
|
||||||
port: rport,
|
|
||||||
service_name: 'http',
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data = {
|
|
||||||
module_fullname: self.fullname,
|
module_fullname: self.fullname,
|
||||||
origin_type: :service,
|
|
||||||
private_data: pass,
|
private_data: pass,
|
||||||
private_type: :password,
|
private_type: :password,
|
||||||
username: 'admin'
|
username: 'admin',
|
||||||
}
|
|
||||||
|
|
||||||
credential_data.merge!(service_data)
|
|
||||||
|
|
||||||
credential_core = create_credential(credential_data)
|
|
||||||
|
|
||||||
login_data = {
|
|
||||||
core: credential_core,
|
|
||||||
status: Metasploit::Model::Login::Status::UNTRIED
|
status: Metasploit::Model::Login::Status::UNTRIED
|
||||||
}
|
}.merge(service_details)
|
||||||
login_data.merge!(service_data)
|
create_credential_and_login(connection_details)
|
||||||
|
|
||||||
create_credential_login(login_data)
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -149,33 +149,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
return [username, password]
|
return [username, password]
|
||||||
end
|
end
|
||||||
|
|
||||||
def report_cred(opts)
|
|
||||||
service_data = {
|
|
||||||
address: opts[:ip],
|
|
||||||
port: opts[:port],
|
|
||||||
service_name: 'netgear',
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data = {
|
|
||||||
origin_type: :service,
|
|
||||||
module_fullname: fullname,
|
|
||||||
username: opts[:user],
|
|
||||||
private_data: opts[:password],
|
|
||||||
private_type: :password
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
login_data = {
|
|
||||||
last_attempted_at: DateTime.now,
|
|
||||||
core: create_credential(credential_data),
|
|
||||||
status: Metasploit::Model::Login::Status::SUCCESSFUL,
|
|
||||||
proof: opts[:proof]
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
create_credential_login(login_data)
|
|
||||||
end
|
|
||||||
|
|
||||||
def send_req(timestamp)
|
def send_req(timestamp)
|
||||||
begin
|
begin
|
||||||
query_str = (timestamp == nil ? \
|
query_str = (timestamp == nil ? \
|
||||||
|
@ -242,7 +215,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
if res && res.code == 200
|
if res && res.code == 200
|
||||||
credentials = get_creds
|
credentials = get_creds
|
||||||
print_good("#{peer} - Success! Got admin username \"#{credentials[0]}\" and password \"#{credentials[1]}\"")
|
print_good("#{peer} - Success! Got admin username \"#{credentials[0]}\" and password \"#{credentials[1]}\"")
|
||||||
report_cred({ 'user' => credentials[0], 'password' => credentials[1] })
|
store_valid_credential(user: credentials[0], private: credentials[1]) # more consistent service_name and protocol, now supplies ip and port
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -44,37 +44,10 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
])
|
])
|
||||||
end
|
end
|
||||||
|
|
||||||
def report_cred(opts)
|
|
||||||
service_data = {
|
|
||||||
address: opts[:ip],
|
|
||||||
port: opts[:port],
|
|
||||||
service_name: opts[:service_name],
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data = {
|
|
||||||
origin_type: :service,
|
|
||||||
module_fullname: fullname,
|
|
||||||
username: opts[:user],
|
|
||||||
private_data: opts[:password],
|
|
||||||
private_type: :password
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
login_data = {
|
|
||||||
last_attempted_at: DateTime.now,
|
|
||||||
core: create_credential(credential_data),
|
|
||||||
status: Metasploit::Model::Login::Status::UNTRIED
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
create_credential_login(login_data)
|
|
||||||
end
|
|
||||||
|
|
||||||
def run
|
def run
|
||||||
user = datastore['USERNAME']
|
user = datastore['USERNAME']
|
||||||
pass = datastore['PASSWORD']
|
pass = datastore['PASSWORD']
|
||||||
trust_store = datastore['TRUST_STORE']
|
trust_store = datastore['TRUST_STORE']
|
||||||
prot = ssl ? 'https' : 'http'
|
|
||||||
|
|
||||||
nsc = Nexpose::Connection.new(rhost, user, pass, rport, nil, nil, trust_store)
|
nsc = Nexpose::Connection.new(rhost, user, pass, rport, nil, nil, trust_store)
|
||||||
|
|
||||||
|
@ -82,13 +55,14 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
begin
|
begin
|
||||||
nsc.login
|
nsc.login
|
||||||
|
|
||||||
report_cred(
|
connection_details = {
|
||||||
ip: rhost,
|
module_fullname: self.fullname,
|
||||||
port: rport,
|
username: user,
|
||||||
service_name: prot,
|
private_data: pass,
|
||||||
user: user,
|
private_type: :password,
|
||||||
password: pass
|
status: Metasploit::Model::Login::Status::UNTRIED
|
||||||
)
|
}.merge(service_details)
|
||||||
|
create_credential_and_login(connection_details)
|
||||||
|
|
||||||
rescue
|
rescue
|
||||||
print_error("Error authenticating, check your credentials")
|
print_error("Error authenticating, check your credentials")
|
||||||
|
|
|
@ -55,30 +55,17 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
if res && res.code == 200 && res.body.to_s =~ /Error while creating account/
|
if res && res.code == 200 && res.body.to_s =~ /Error while creating account/
|
||||||
# No way to know whether this worked or not, it always says error
|
# No way to know whether this worked or not, it always says error
|
||||||
print_status("The new administrator #{datastore['USERNAME']}:#{datastore['PASSWORD']} should be checked manually")
|
print_status("The new administrator #{datastore['USERNAME']}:#{datastore['PASSWORD']} should be checked manually")
|
||||||
service_data = {
|
|
||||||
address: rhost,
|
|
||||||
port: rport,
|
|
||||||
service_name: (ssl ? 'https' : 'http'),
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
credential_data = {
|
|
||||||
origin_type: :service,
|
|
||||||
module_fullname: self.fullname,
|
|
||||||
private_type: :password,
|
|
||||||
private_data: datastore['PASSWORD'],
|
|
||||||
username: datastore['USERNAME']
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data.merge!(service_data)
|
connection_details = {
|
||||||
credential_core = create_credential(credential_data)
|
module_fullname: self.fullname,
|
||||||
login_data = {
|
username: datastore['USERNAME'],
|
||||||
core: credential_core,
|
private_data: datastore['PASSWORD'],
|
||||||
|
private_type: :password,
|
||||||
access_level: 'Administrator',
|
access_level: 'Administrator',
|
||||||
status: Metasploit::Model::Login::Status::UNTRIED
|
status: Metasploit::Model::Login::Status::UNTRIED
|
||||||
}
|
}.merge(service_details)
|
||||||
login_data.merge!(service_data)
|
create_credential_and_login(connection_details)
|
||||||
create_credential_login(login_data)
|
|
||||||
else
|
else
|
||||||
print_error("Administrator account creation failed")
|
print_error("Administrator account creation failed")
|
||||||
end
|
end
|
||||||
|
|
|
@ -126,16 +126,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
def report_credential_core(cred_opts={})
|
def report_credential_core(cred_opts={})
|
||||||
origin_service_data = {
|
# use a basic core only since this credential is not known valid for service it was obtained from.
|
||||||
address: rhost,
|
|
||||||
port: rport,
|
|
||||||
service_name: (ssl ? 'https' : 'http'),
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data = {
|
credential_data = {
|
||||||
origin_type: :service,
|
origin_type: :service,
|
||||||
module_fullname: self.fullname,
|
module_fullname: self.fullname,
|
||||||
|
@ -143,8 +135,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
private_data: cred_opts[:password],
|
private_data: cred_opts[:password],
|
||||||
username: cred_opts[:username]
|
username: cred_opts[:username]
|
||||||
}
|
}
|
||||||
|
|
||||||
credential_data.merge!(origin_service_data)
|
|
||||||
create_credential(credential_data)
|
create_credential(credential_data)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -47,33 +47,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
datastore["PASSWORD"]
|
datastore["PASSWORD"]
|
||||||
end
|
end
|
||||||
|
|
||||||
def report_cred(opts)
|
|
||||||
service_data = {
|
|
||||||
address: opts[:ip],
|
|
||||||
port: opts[:port],
|
|
||||||
service_name: opts[:service_name],
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data = {
|
|
||||||
origin_type: :service,
|
|
||||||
module_fullname: fullname,
|
|
||||||
username: opts[:user],
|
|
||||||
private_data: opts[:password],
|
|
||||||
private_type: :password
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
login_data = {
|
|
||||||
core: create_credential(credential_data),
|
|
||||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
|
||||||
proof: opts[:proof]
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
create_credential_login(login_data)
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
def run
|
def run
|
||||||
|
|
||||||
if user == pass
|
if user == pass
|
||||||
|
@ -109,14 +82,15 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
|
|
||||||
if res and res.code == 200 and res.body =~ /Administrator account created/
|
if res and res.code == 200 and res.body =~ /Administrator account created/
|
||||||
print_good("Admin account with credentials #{user}:#{pass} successfully created")
|
print_good("Admin account with credentials #{user}:#{pass} successfully created")
|
||||||
report_cred(
|
connection_details = {
|
||||||
ip: rhost,
|
module_fullname: self.fullname,
|
||||||
port: rport,
|
username: user,
|
||||||
service_name: 'http',
|
private_data: pass,
|
||||||
user: user,
|
private_type: :password,
|
||||||
password: pass,
|
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||||
proof: res.body
|
proof: res.body
|
||||||
)
|
}.merge(service_details)
|
||||||
|
create_credential_and_login(connection_details)
|
||||||
else
|
else
|
||||||
print_error("Admin account creation failed")
|
print_error("Admin account creation failed")
|
||||||
end
|
end
|
||||||
|
|
|
@ -102,7 +102,14 @@ Windows and Linux.
|
||||||
if password && username
|
if password && username
|
||||||
plaintext_password = super_redacted_deobfuscation(password)
|
plaintext_password = super_redacted_deobfuscation(password)
|
||||||
cred_table << [ username, plaintext_password ]
|
cred_table << [ username, plaintext_password ]
|
||||||
register_creds(username, plaintext_password)
|
connection_details = {
|
||||||
|
module_fullname: self.fullname,
|
||||||
|
username: username,
|
||||||
|
private_data: plaintext_password,
|
||||||
|
private_type: :password,
|
||||||
|
status: Metasploit::Model::Login::Status::UNTRIED
|
||||||
|
}.merge(service_details)
|
||||||
|
create_credential_and_login(connection_details)
|
||||||
end
|
end
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -242,34 +249,7 @@ Windows and Linux.
|
||||||
final
|
final
|
||||||
end
|
end
|
||||||
|
|
||||||
def register_creds(username, password)
|
def service_details
|
||||||
credential_data = {
|
super.merge({service_name: 'WebNMS-' + (ssl ? 'HTTPS' : 'HTTP')}) # this should possibly be removed
|
||||||
origin_type: :service,
|
|
||||||
module_fullname: self.fullname,
|
|
||||||
workspace_id: myworkspace_id,
|
|
||||||
private_data: password,
|
|
||||||
private_type: :password,
|
|
||||||
username: username
|
|
||||||
}
|
|
||||||
|
|
||||||
service_data = {
|
|
||||||
address: rhost,
|
|
||||||
port: rport,
|
|
||||||
service_name: 'WebNMS-' + (ssl ? 'HTTPS' : 'HTTP'),
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data.merge!(service_data)
|
|
||||||
credential_core = create_credential(credential_data)
|
|
||||||
|
|
||||||
login_data = {
|
|
||||||
core: credential_core,
|
|
||||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
login_data.merge!(service_data)
|
|
||||||
create_credential_login(login_data)
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -63,32 +63,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def report_cred(opts)
|
|
||||||
service_data = {
|
|
||||||
address: opts[:ip],
|
|
||||||
port: opts[:port],
|
|
||||||
service_name: opts[:service_name],
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data = {
|
|
||||||
origin_type: :service,
|
|
||||||
module_fullname: fullname,
|
|
||||||
username: opts[:user],
|
|
||||||
private_data: opts[:password],
|
|
||||||
private_type: :nonreplayable_hash,
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
login_data = {
|
|
||||||
core: create_credential(credential_data),
|
|
||||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
|
||||||
proof: opts[:proof]
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
create_credential_login(login_data)
|
|
||||||
end
|
|
||||||
|
|
||||||
def run
|
def run
|
||||||
vprint_status("#{peer} - Attempting to connect...")
|
vprint_status("#{peer} - Attempting to connect...")
|
||||||
vprint_status("#{peer} - Trying to retrieve the first user id...")
|
vprint_status("#{peer} - Trying to retrieve the first user id...")
|
||||||
|
@ -127,14 +101,15 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
user_email = values[2]
|
user_email = values[2]
|
||||||
|
|
||||||
print_good("#{peer} - #{sprintf("%-15s %-34s %s", user_login, user_pass, user_email)}")
|
print_good("#{peer} - #{sprintf("%-15s %-34s %s", user_login, user_pass, user_email)}")
|
||||||
report_cred(
|
connection_details = {
|
||||||
ip: rhost,
|
module_fullname: self.fullname,
|
||||||
port: datastore['RPORT'],
|
username: user_login,
|
||||||
service_name: datastore['SSL'] ? 'https' : 'http',
|
private_data: user_pass,
|
||||||
user: user_login,
|
private_type: :nonreplayable_hash,
|
||||||
password: user_pass,
|
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||||
proof: user_email
|
proof: user_email
|
||||||
)
|
}.merge(service_details)
|
||||||
|
create_credential(connection_details)
|
||||||
|
|
||||||
credentials << "#{user_login},#{user_pass},#{user_email}\n"
|
credentials << "#{user_login},#{user_pass},#{user_email}\n"
|
||||||
end
|
end
|
||||||
|
|
|
@ -31,32 +31,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
def report_cred(opts)
|
|
||||||
service_data = {
|
|
||||||
address: opts[:ip],
|
|
||||||
port: opts[:port],
|
|
||||||
service_name: opts[:service_name],
|
|
||||||
protocol: 'tcp',
|
|
||||||
workspace_id: myworkspace_id
|
|
||||||
}
|
|
||||||
|
|
||||||
credential_data = {
|
|
||||||
origin_type: :service,
|
|
||||||
module_fullname: fullname,
|
|
||||||
username: opts[:user],
|
|
||||||
private_data: opts[:password],
|
|
||||||
private_type: :password
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
login_data = {
|
|
||||||
core: create_credential(credential_data),
|
|
||||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
|
||||||
proof: opts[:proof]
|
|
||||||
}.merge(service_data)
|
|
||||||
|
|
||||||
create_credential_login(login_data)
|
|
||||||
end
|
|
||||||
|
|
||||||
def run
|
def run
|
||||||
begin
|
begin
|
||||||
print_status("Trying to get 'admin' user password ...")
|
print_status("Trying to get 'admin' user password ...")
|
||||||
|
@ -87,14 +61,15 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
admin_password = admin_password_matches[1];
|
admin_password = admin_password_matches[1];
|
||||||
print_good("Password for user 'admin' is: #{admin_password}")
|
print_good("Password for user 'admin' is: #{admin_password}")
|
||||||
|
|
||||||
report_cred(
|
connection_details = {
|
||||||
ip: rhost,
|
module_fullname: self.fullname,
|
||||||
port: rport,
|
username: 'admin',
|
||||||
service_name: 'ZyXEL GS1510-16',
|
private_data: admin_password,
|
||||||
user: 'admin',
|
private_type: :password,
|
||||||
password: admin_password,
|
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||||
proof: res.body
|
proof: res.body
|
||||||
)
|
}.merge(service_details)
|
||||||
|
create_credential_and_login(connection_details) # makes service_name more consistent
|
||||||
end
|
end
|
||||||
rescue ::Rex::ConnectionError
|
rescue ::Rex::ConnectionError
|
||||||
print_error("#{rhost}:#{rport} - Failed to connect")
|
print_error("#{rhost}:#{rport} - Failed to connect")
|
||||||
|
|
Loading…
Reference in New Issue