refactor auxiliary/admin/http credential storage
parent
b7b1995238
commit
eaca873112
|
@ -69,32 +69,6 @@ class MetasploitModule < Msf::Auxiliary
|
|||
return nil
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: opts[:service_name],
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
def run
|
||||
|
||||
print_status("Trying to find the service desk service strong name...")
|
||||
|
@ -256,14 +230,16 @@ class MetasploitModule < Msf::Auxiliary
|
|||
login_url = ssl ? "https://" : "http://"
|
||||
login_url << "#{rhost}:#{rport}/servicedesk/ServiceDesk.jsp"
|
||||
|
||||
report_cred(
|
||||
ip: rhost,
|
||||
port: rport,
|
||||
service_name: (ssl ? "https" : "http"),
|
||||
user: datastore['USERNAME'],
|
||||
password: datastore['PASSWORD'],
|
||||
proof: "#{login_url}\n#{res.body}"
|
||||
)
|
||||
connection_details = {
|
||||
module_fullname: self.fullname,
|
||||
username: datastore['USERNAME'],
|
||||
private_data: datastore['PASSWORD'],
|
||||
private_type: :password,
|
||||
workspace_id: myworkspace_id,
|
||||
proof: "#{login_url}\n#{res.body}",
|
||||
status: Metasploit::Model::Login::Status::UNTRIED
|
||||
}.merge(service_details)
|
||||
create_credential_and_login(connection_details)
|
||||
|
||||
print_good("Account #{datastore["USERNAME"]}/#{datastore["PASSWORD"]} created successfully.")
|
||||
print_status("Use it to log into #{login_url}")
|
||||
|
|
|
@ -31,35 +31,6 @@ class MetasploitModule < Msf::Auxiliary
|
|||
)
|
||||
end
|
||||
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: opts[:service_name],
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
last_attempted_at: DateTime.now,
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
|
||||
def run
|
||||
|
||||
vprint_status("#{rhost}:#{rport} - Trying to access the configuration of the device")
|
||||
|
@ -99,6 +70,19 @@ class MetasploitModule < Msf::Auxiliary
|
|||
vprint_good("user: #{@user}")
|
||||
vprint_good("pass: #{pass}")
|
||||
|
||||
|
||||
connection_details = {
|
||||
module_fullname: self.fullname,
|
||||
username: @user,
|
||||
private_data: pass,
|
||||
private_type: :password,
|
||||
workspace_id: myworkspace_id,
|
||||
proof: line,
|
||||
last_attempted_at: DateTime.now, # kept in refactor may not be valid, obtained but do not attempted here
|
||||
status: Metasploit::Model::Login::Status::UNTRIED
|
||||
}.merge(service_details)
|
||||
create_credential_and_login(connection_details)
|
||||
|
||||
report_cred(
|
||||
ip: rhost,
|
||||
port: rport,
|
||||
|
|
|
@ -29,33 +29,6 @@ class MetasploitModule < Msf::Auxiliary
|
|||
)
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: opts[:service_name],
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
last_attempted_at: DateTime.now,
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
def run
|
||||
vprint_status("#{rhost}:#{rport} - Trying to access the configuration of the device")
|
||||
|
||||
|
@ -93,14 +66,19 @@ class MetasploitModule < Msf::Auxiliary
|
|||
pass = $1
|
||||
pass = Rex::Text.decode_base64(pass)
|
||||
print_good("#{rhost}:#{rport} - Credentials found: #{user} / #{pass}")
|
||||
report_cred(
|
||||
ip: rhost,
|
||||
port: rport,
|
||||
sname: 'http',
|
||||
user: user,
|
||||
password: pass,
|
||||
proof: line
|
||||
)
|
||||
|
||||
connection_details = {
|
||||
module_fullname: self.fullname,
|
||||
username: user,
|
||||
private_data: pass,
|
||||
private_type: :password,
|
||||
workspace_id: myworkspace_id,
|
||||
proof: line,
|
||||
last_attempted_at: DateTime.now, # kept in refactor may not be valid, obtained but do not attempted here
|
||||
status: Metasploit::Model::Login::Status::UNTRIED
|
||||
}.merge(service_details)
|
||||
create_credential_and_login(connection_details)
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -76,30 +76,16 @@ class MetasploitModule < Msf::Auxiliary
|
|||
end
|
||||
|
||||
print_good("Master Administrator account with credentials #{datastore['KASEYA_USER']}:#{datastore['KASEYA_PASS']} created")
|
||||
service_data = {
|
||||
address: rhost,
|
||||
port: rport,
|
||||
service_name: (ssl ? 'https' : 'http'),
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: self.fullname,
|
||||
private_type: :password,
|
||||
private_data: datastore['KASEYA_PASS'],
|
||||
username: datastore['KASEYA_USER']
|
||||
}
|
||||
|
||||
credential_data.merge!(service_data)
|
||||
credential_core = create_credential(credential_data)
|
||||
login_data = {
|
||||
core: credential_core,
|
||||
access_level: 'Master Administrator',
|
||||
status: Metasploit::Model::Login::Status::UNTRIED
|
||||
}
|
||||
login_data.merge!(service_data)
|
||||
create_credential_login(login_data)
|
||||
connection_details = {
|
||||
module_fullname: self.fullname,
|
||||
username: datastore['KASEYA_USER'],
|
||||
private_data: datastore['KASEYA_PASS'],
|
||||
private_type: :password,
|
||||
workspace_id: myworkspace_id,
|
||||
access_level: 'Master Administrator',
|
||||
status: Metasploit::Model::Login::Status::UNTRIED
|
||||
}.merge(service_details)
|
||||
create_credential_and_login(connection_details)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -67,29 +67,15 @@ class MetasploitModule < Msf::Auxiliary
|
|||
end
|
||||
|
||||
print_good("Created Administrator account with credentials #{datastore['USERNAME']}:#{datastore['PASSWORD']}")
|
||||
service_data = {
|
||||
address: rhost,
|
||||
port: rport,
|
||||
service_name: (ssl ? 'https' : 'http'),
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: self.fullname,
|
||||
private_type: :password,
|
||||
private_data: datastore['PASSWORD'],
|
||||
username: datastore['USERNAME']
|
||||
}
|
||||
|
||||
credential_data.merge!(service_data)
|
||||
credential_core = create_credential(credential_data)
|
||||
login_data = {
|
||||
core: credential_core,
|
||||
access_level: 'Administrator',
|
||||
status: Metasploit::Model::Login::Status::UNTRIED
|
||||
}
|
||||
login_data.merge!(service_data)
|
||||
create_credential_login(login_data)
|
||||
connection_details = {
|
||||
module_fullname: self.fullname,
|
||||
username: datastore['USERNAME'],
|
||||
private_data: datastore['PASSWORD'],
|
||||
private_type: :password,
|
||||
workspace_id: myworkspace_id,
|
||||
access_level: 'Administrator',
|
||||
status: Metasploit::Model::Login::Status::UNTRIED
|
||||
}.merge(service_details)
|
||||
create_credential_and_login(connection_details)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -240,41 +240,14 @@ class MetasploitModule < Msf::Auxiliary
|
|||
end
|
||||
|
||||
print_status("Reporting Super Administrator credentials...")
|
||||
report_super_admin_creds(username, password)
|
||||
store_valid_credentail(user: username, private: password)
|
||||
|
||||
print_status("Leaking Password database...")
|
||||
loot_passwords(cookie_su)
|
||||
end
|
||||
|
||||
def report_super_admin_creds(username, password)
|
||||
status = Metasploit::Model::Login::Status::SUCCESSFUL
|
||||
|
||||
service_data = {
|
||||
address: rhost,
|
||||
port: rport,
|
||||
service_name: 'https',
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: self.fullname,
|
||||
private_type: :password,
|
||||
private_data: username,
|
||||
username: password
|
||||
}
|
||||
|
||||
credential_data.merge!(service_data)
|
||||
credential_core = create_credential(credential_data)
|
||||
login_data = {
|
||||
core: credential_core,
|
||||
access_level: 'Super Administrator',
|
||||
status: status,
|
||||
last_attempted_at: DateTime.now
|
||||
}
|
||||
login_data.merge!(service_data)
|
||||
create_credential_login(login_data)
|
||||
def service_details
|
||||
super.merge({access_level: 'Super Administrator'})
|
||||
end
|
||||
|
||||
def loot_passwords(cookie_admin)
|
||||
|
|
|
@ -149,45 +149,13 @@ class MetasploitModule < Msf::Auxiliary
|
|||
print_good("File saved in: #{path}")
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: rhost,
|
||||
port: rport,
|
||||
service_name: 'netgear',
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
last_attempted_at: DateTime.now,
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::SUCCESSFUL,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
|
||||
def run
|
||||
cookie = authenticate
|
||||
if cookie == nil
|
||||
fail_with(Failure::Unknown, "#{peer} - Failed to log in with the provided credentials.")
|
||||
else
|
||||
print_good("#{peer} - Logged in with #{datastore['USERNAME']}:#{datastore['PASSWORD']} successfully.")
|
||||
report_cred(
|
||||
user: datastore['USERNAME'],
|
||||
password: datastore['PASSWORD'],
|
||||
proof: cookie
|
||||
)
|
||||
store_valid_credential(user: datastore['USERNAME'], private: datastore['PASSWORD'], proof: cookie) # more consistent service_name and protocol
|
||||
end
|
||||
|
||||
if datastore['FILEPATH'].blank?
|
||||
|
|
|
@ -131,33 +131,14 @@ class MetasploitModule < Msf::Auxiliary
|
|||
pass = $1
|
||||
print_good("admin / #{pass} credentials found")
|
||||
|
||||
service_data = {
|
||||
address: rhost,
|
||||
port: rport,
|
||||
service_name: 'http',
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
connection_details = {
|
||||
module_fullname: self.fullname,
|
||||
origin_type: :service,
|
||||
private_data: pass,
|
||||
private_type: :password,
|
||||
username: 'admin'
|
||||
}
|
||||
|
||||
credential_data.merge!(service_data)
|
||||
|
||||
credential_core = create_credential(credential_data)
|
||||
|
||||
login_data = {
|
||||
core: credential_core,
|
||||
username: 'admin',
|
||||
status: Metasploit::Model::Login::Status::UNTRIED
|
||||
}
|
||||
login_data.merge!(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
}.merge(service_details)
|
||||
create_credential_and_login(connection_details)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -149,33 +149,6 @@ class MetasploitModule < Msf::Auxiliary
|
|||
return [username, password]
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: 'netgear',
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
last_attempted_at: DateTime.now,
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::SUCCESSFUL,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
def send_req(timestamp)
|
||||
begin
|
||||
query_str = (timestamp == nil ? \
|
||||
|
@ -242,7 +215,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
if res && res.code == 200
|
||||
credentials = get_creds
|
||||
print_good("#{peer} - Success! Got admin username \"#{credentials[0]}\" and password \"#{credentials[1]}\"")
|
||||
report_cred({ 'user' => credentials[0], 'password' => credentials[1] })
|
||||
store_valid_credential(user: credentials[0], private: credentials[1]) # more consistent service_name and protocol, now supplies ip and port
|
||||
return
|
||||
end
|
||||
end
|
||||
|
|
|
@ -44,37 +44,10 @@ class MetasploitModule < Msf::Auxiliary
|
|||
])
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: opts[:service_name],
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
last_attempted_at: DateTime.now,
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::UNTRIED
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
def run
|
||||
user = datastore['USERNAME']
|
||||
pass = datastore['PASSWORD']
|
||||
trust_store = datastore['TRUST_STORE']
|
||||
prot = ssl ? 'https' : 'http'
|
||||
|
||||
nsc = Nexpose::Connection.new(rhost, user, pass, rport, nil, nil, trust_store)
|
||||
|
||||
|
@ -82,13 +55,14 @@ class MetasploitModule < Msf::Auxiliary
|
|||
begin
|
||||
nsc.login
|
||||
|
||||
report_cred(
|
||||
ip: rhost,
|
||||
port: rport,
|
||||
service_name: prot,
|
||||
user: user,
|
||||
password: pass
|
||||
)
|
||||
connection_details = {
|
||||
module_fullname: self.fullname,
|
||||
username: user,
|
||||
private_data: pass,
|
||||
private_type: :password,
|
||||
status: Metasploit::Model::Login::Status::UNTRIED
|
||||
}.merge(service_details)
|
||||
create_credential_and_login(connection_details)
|
||||
|
||||
rescue
|
||||
print_error("Error authenticating, check your credentials")
|
||||
|
|
|
@ -55,30 +55,17 @@ class MetasploitModule < Msf::Auxiliary
|
|||
if res && res.code == 200 && res.body.to_s =~ /Error while creating account/
|
||||
# No way to know whether this worked or not, it always says error
|
||||
print_status("The new administrator #{datastore['USERNAME']}:#{datastore['PASSWORD']} should be checked manually")
|
||||
service_data = {
|
||||
address: rhost,
|
||||
port: rport,
|
||||
service_name: (ssl ? 'https' : 'http'),
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: self.fullname,
|
||||
private_type: :password,
|
||||
private_data: datastore['PASSWORD'],
|
||||
username: datastore['USERNAME']
|
||||
}
|
||||
|
||||
credential_data.merge!(service_data)
|
||||
credential_core = create_credential(credential_data)
|
||||
login_data = {
|
||||
core: credential_core,
|
||||
access_level: 'Administrator',
|
||||
status: Metasploit::Model::Login::Status::UNTRIED
|
||||
}
|
||||
login_data.merge!(service_data)
|
||||
create_credential_login(login_data)
|
||||
connection_details = {
|
||||
module_fullname: self.fullname,
|
||||
username: datastore['USERNAME'],
|
||||
private_data: datastore['PASSWORD'],
|
||||
private_type: :password,
|
||||
access_level: 'Administrator',
|
||||
status: Metasploit::Model::Login::Status::UNTRIED
|
||||
}.merge(service_details)
|
||||
create_credential_and_login(connection_details)
|
||||
|
||||
else
|
||||
print_error("Administrator account creation failed")
|
||||
end
|
||||
|
|
|
@ -126,16 +126,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
end
|
||||
end
|
||||
|
||||
|
||||
def report_credential_core(cred_opts={})
|
||||
origin_service_data = {
|
||||
address: rhost,
|
||||
port: rport,
|
||||
service_name: (ssl ? 'https' : 'http'),
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
# use a basic core only since this credential is not known valid for service it was obtained from.
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: self.fullname,
|
||||
|
@ -143,8 +135,6 @@ class MetasploitModule < Msf::Auxiliary
|
|||
private_data: cred_opts[:password],
|
||||
username: cred_opts[:username]
|
||||
}
|
||||
|
||||
credential_data.merge!(origin_service_data)
|
||||
create_credential(credential_data)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -47,33 +47,6 @@ class MetasploitModule < Msf::Auxiliary
|
|||
datastore["PASSWORD"]
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: opts[:service_name],
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
|
||||
def run
|
||||
|
||||
if user == pass
|
||||
|
@ -109,14 +82,15 @@ class MetasploitModule < Msf::Auxiliary
|
|||
|
||||
if res and res.code == 200 and res.body =~ /Administrator account created/
|
||||
print_good("Admin account with credentials #{user}:#{pass} successfully created")
|
||||
report_cred(
|
||||
ip: rhost,
|
||||
port: rport,
|
||||
service_name: 'http',
|
||||
user: user,
|
||||
password: pass,
|
||||
proof: res.body
|
||||
)
|
||||
connection_details = {
|
||||
module_fullname: self.fullname,
|
||||
username: user,
|
||||
private_data: pass,
|
||||
private_type: :password,
|
||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||
proof: res.body
|
||||
}.merge(service_details)
|
||||
create_credential_and_login(connection_details)
|
||||
else
|
||||
print_error("Admin account creation failed")
|
||||
end
|
||||
|
|
|
@ -102,7 +102,14 @@ Windows and Linux.
|
|||
if password && username
|
||||
plaintext_password = super_redacted_deobfuscation(password)
|
||||
cred_table << [ username, plaintext_password ]
|
||||
register_creds(username, plaintext_password)
|
||||
connection_details = {
|
||||
module_fullname: self.fullname,
|
||||
username: username,
|
||||
private_data: plaintext_password,
|
||||
private_type: :password,
|
||||
status: Metasploit::Model::Login::Status::UNTRIED
|
||||
}.merge(service_details)
|
||||
create_credential_and_login(connection_details)
|
||||
end
|
||||
}
|
||||
|
||||
|
@ -242,34 +249,7 @@ Windows and Linux.
|
|||
final
|
||||
end
|
||||
|
||||
def register_creds(username, password)
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: self.fullname,
|
||||
workspace_id: myworkspace_id,
|
||||
private_data: password,
|
||||
private_type: :password,
|
||||
username: username
|
||||
}
|
||||
|
||||
service_data = {
|
||||
address: rhost,
|
||||
port: rport,
|
||||
service_name: 'WebNMS-' + (ssl ? 'HTTPS' : 'HTTP'),
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data.merge!(service_data)
|
||||
credential_core = create_credential(credential_data)
|
||||
|
||||
login_data = {
|
||||
core: credential_core,
|
||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
login_data.merge!(service_data)
|
||||
create_credential_login(login_data)
|
||||
def service_details
|
||||
super.merge({service_name: 'WebNMS-' + (ssl ? 'HTTPS' : 'HTTP')}) # this should possibly be removed
|
||||
end
|
||||
end
|
||||
|
|
|
@ -63,32 +63,6 @@ class MetasploitModule < Msf::Auxiliary
|
|||
end
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: opts[:service_name],
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :nonreplayable_hash,
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
def run
|
||||
vprint_status("#{peer} - Attempting to connect...")
|
||||
vprint_status("#{peer} - Trying to retrieve the first user id...")
|
||||
|
@ -127,14 +101,15 @@ class MetasploitModule < Msf::Auxiliary
|
|||
user_email = values[2]
|
||||
|
||||
print_good("#{peer} - #{sprintf("%-15s %-34s %s", user_login, user_pass, user_email)}")
|
||||
report_cred(
|
||||
ip: rhost,
|
||||
port: datastore['RPORT'],
|
||||
service_name: datastore['SSL'] ? 'https' : 'http',
|
||||
user: user_login,
|
||||
password: user_pass,
|
||||
proof: user_email
|
||||
)
|
||||
connection_details = {
|
||||
module_fullname: self.fullname,
|
||||
username: user_login,
|
||||
private_data: user_pass,
|
||||
private_type: :nonreplayable_hash,
|
||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||
proof: user_email
|
||||
}.merge(service_details)
|
||||
create_credential(connection_details)
|
||||
|
||||
credentials << "#{user_login},#{user_pass},#{user_email}\n"
|
||||
end
|
||||
|
|
|
@ -31,32 +31,6 @@ class MetasploitModule < Msf::Auxiliary
|
|||
)
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: opts[:service_name],
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
def run
|
||||
begin
|
||||
print_status("Trying to get 'admin' user password ...")
|
||||
|
@ -87,14 +61,15 @@ class MetasploitModule < Msf::Auxiliary
|
|||
admin_password = admin_password_matches[1];
|
||||
print_good("Password for user 'admin' is: #{admin_password}")
|
||||
|
||||
report_cred(
|
||||
ip: rhost,
|
||||
port: rport,
|
||||
service_name: 'ZyXEL GS1510-16',
|
||||
user: 'admin',
|
||||
password: admin_password,
|
||||
proof: res.body
|
||||
)
|
||||
connection_details = {
|
||||
module_fullname: self.fullname,
|
||||
username: 'admin',
|
||||
private_data: admin_password,
|
||||
private_type: :password,
|
||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||
proof: res.body
|
||||
}.merge(service_details)
|
||||
create_credential_and_login(connection_details) # makes service_name more consistent
|
||||
end
|
||||
rescue ::Rex::ConnectionError
|
||||
print_error("#{rhost}:#{rport} - Failed to connect")
|
||||
|
|
Loading…
Reference in New Issue