Commit Graph

123 Commits (5bc513d6cdffef80865cfb7262a8e4c86f079a53)

Author SHA1 Message Date
jgor 721cf41f47 fix nil class error on non-lantronix hosts 2012-11-13 23:46:59 -06:00
Michael Schierl 910644400d References EDB cleanup
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
sinn3r 0675a6171b Cosmetic changes 2012-10-17 17:30:16 -05:00
jvazquez-r7 3bd84e255f minor cleanup 2012-10-17 22:06:47 +02:00
jgor 9af727388f deleted superfluous code and comments 2012-10-17 14:27:00 -05:00
jgor 79da6c7186 added Lantronix telnet password recovery module 2012-10-14 12:46:52 -05:00
David Maloney f75ff8987c updated all my authour refs to use an alias 2012-09-19 21:46:14 -05:00
sinn3r 9d97dc8327 Add Metasploit blogs as references, because they're useful. 2012-09-03 15:57:27 -05:00
HD Moore 073205a875 Merge branch 'master' into feature/vuln-info 2012-06-18 20:21:36 -05:00
RageLtMan 909614569a Revert "Banner encoding fix when running against dd-wrt on ruby 1.9.3"
This reverts commit 89d5af7ab2fe1ce31cd70561893d94bb73f3762c.

Telnet banner parsing restored
2012-06-18 10:44:06 -04:00
HD Moore c388cba421 Fix up modules calling report_vuln() to use new syntax 2012-06-17 23:39:20 -05:00
RageLtMan 77f95df1e9 Banner encoding fix when running against dd-wrt on ruby 1.9.3 2012-05-21 14:50:57 -05:00
Tod Beardsley 7a78c99c5e Adding credit to original PoC guy for RuggedCom
Just added and commented. It'd be nice to have a real spot for this kind
of credit, because it comes up a lot and it's hard to parse out in a
machine way who 'wrote' the module and who came up with the exploit.
2012-05-16 13:47:15 -05:00
sinn3r 79a590ccf7 Merge pull request #380 from wchen-r7/bmerinofe-telnet_ruggedcom
Modified version of pull request #379 - RuggedCom Telnet Password Generator by bmerinofe
2012-05-13 11:13:27 -07:00
sinn3r 15fbb1e86c This the modified version of pull request #379. Changes include:
* Add more references
* Update description
* MSF license disclaimer
* Remove the to() function. Instead it's in run_host()
* Put 'info' in the :proof key
* Remove ::Exception handling, so we can see the original that's also logged in framework.log
2012-05-13 04:09:17 -05:00
HD Moore 1d2581ebf4 Cosmetic 2012-04-21 14:51:20 -05:00
Tod Beardsley 2f3bbdc00c Sed replacement of exploit-db links with EDB refs
This is the result of:

find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/\([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
Tod Beardsley 4369f73c7a Msftidy fixes on new modules
Dropped a cryptic year reference from jducks' java module, found a
spurious space in thelightcosine's telnet module.
2012-02-29 10:42:43 -06:00
David Maloney a6b10862bd Adds a lantronix telnet discovery module 2012-02-23 17:22:32 -06:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
sinn3r a758462a32 Remove some whitespace 2012-02-13 11:01:26 -06:00
David Maloney bf425a6744 Fixed bug that prevented telnet sessions from opening with good creds 2012-01-06 16:59:08 -08:00
HD Moore 2ad5c56d48 Typo in comment 2011-12-27 19:11:09 -06:00
HD Moore 617f3250cf Handle patched systems accurately (requires actually triggering the bug) 2011-12-27 19:04:34 -06:00
HD Moore f8e3119215 Add references 2011-12-27 17:50:06 -06:00
David Maloney c8142043e9 Fixes to credential handling to downcase usernames whenever they are not case sensitive.
Also report_auth_info now checks to see if a non-case sensitive version of the cred
may already exist.
2011-11-14 22:50:52 -08:00
David Maloney c984ea41d1 Quick fix to cred sourcing to eliminate spaces in the source type 2011-11-10 20:39:13 -08:00
David Maloney a88f954640 More Cred Sourcing
git-svn-id: file:///home/svn/framework3/trunk@14197 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 01:49:57 +00:00
Tod Beardsley 24388f3a38 Adding a CVE reference for weak/blank/guessable passwords.
git-svn-id: file:///home/svn/framework3/trunk@11465 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-04 15:30:17 +00:00
Joshua Drake 9c668b8daf Super-duper rservices commit -
1. Added rsh, rlogin, and rexec auth brute scanners
2. Login negotation moved into new Msf::Auxiliary::Login mixin
3. Centralized session registration for auth brute scanners
4. Telnet and SSH auth brute scanners updated to use new mixins
5. Previously committed rservices mixin (r11093)



git-svn-id: file:///home/svn/framework3/trunk@11106 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-23 01:23:24 +00:00
Joshua Drake dbcb6d0dc4 use max instead of .sort.last
git-svn-id: file:///home/svn/framework3/trunk@11073 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 18:34:10 +00:00
Joshua Drake 04858c69fc style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@10758 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-19 22:54:19 +00:00
Tod Beardsley df48b11093 Makes telnet_login a more resistant to intermittant RSTs. If a machine gives us a reset, try again with a backoff. Only after 3 retries should we give up entirely. You'd be amazed how many devices this is required for.
git-svn-id: file:///home/svn/framework3/trunk@10592 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-08 01:54:56 +00:00
Tod Beardsley b5fe64aca2 This works around a blocking problem encountered with recv_telnet(). Don't hang around trying to recv when we've already got a password prompt or a success/fail response.
git-svn-id: file:///home/svn/framework3/trunk@10590 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-08 00:48:24 +00:00
HD Moore e939379b1b Fix missing end, use explicit Timeout class
git-svn-id: file:///home/svn/framework3/trunk@10366 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-18 04:15:32 +00:00
Tod Beardsley b023d89469 Wrap SSH and Telnet version checkers in a timeout, or else they sometimes hang forever.
git-svn-id: file:///home/svn/framework3/trunk@10365 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-18 03:00:19 +00:00
Tod Beardsley 6d6a547b34 Fixes #2412. Adds a creds table, modifies the db_report_auth API, adds the db_creds and db_add_cred commands.
git-svn-id: file:///home/svn/framework3/trunk@10034 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-18 00:58:20 +00:00
Tod Beardsley e67e231659 Adds Rex::Text.to_hex_ascii(), replaces the gsub on the banner checks to use it.
git-svn-id: file:///home/svn/framework3/trunk@9804 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-13 18:52:27 +00:00
Tod Beardsley cb69b0c134 Fixes #2101. Introduces a proper :skip_user, and adds better comment docs to auth_brute to describe the intended use of each return code.
git-svn-id: file:///home/svn/framework3/trunk@9529 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-15 19:10:15 +00:00
Tod Beardsley d9ffa9753e Skip users that are explicitly disallowed from loggin in over telnet.
git-svn-id: file:///home/svn/framework3/trunk@9498 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 22:28:59 +00:00
HD Moore ce12be8533 Dont let the session socket get cleaned up
git-svn-id: file:///home/svn/framework3/trunk@9315 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-17 20:34:20 +00:00
Joshua Drake 0e72894e58 more cleanups
git-svn-id: file:///home/svn/framework3/trunk@9212 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-03 17:13:09 +00:00
Tod Beardsley 08117ca000 Forcing :critical => true for report_auth_info
git-svn-id: file:///home/svn/framework3/trunk@9150 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-26 22:23:37 +00:00
HD Moore 9cc4cab9ec Duplicate the datastore and manually set user/pass in the telnet/ssh modules
git-svn-id: file:///home/svn/framework3/trunk@8943 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-27 22:57:29 +00:00
Tod Beardsley 25ec5fa444 Do a little better password management for services that don't ask for usernames -- fingerprint them ahead of time, and resort the credentials list in a usernameless way. Also, this allows telnet RST's to be treated just as busy services, since sometimes telnet servers get persnickety about a lot of login attempts, but they do come back shortly.
git-svn-id: file:///home/svn/framework3/trunk@8920 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-25 21:32:32 +00:00
James Lee fd97c89959 targ_host --> target_host for consistency with other modules
git-svn-id: file:///home/svn/framework3/trunk@8907 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-25 00:41:58 +00:00
Tod Beardsley 83d96d713c Refactoring Auxiliary::AuthBrute. Now that several modules actually use it, the real use cases have become obvious. So, refactored for simplicity and readability. Also touched up all the authentication modules to behave consistently.
git-svn-id: file:///home/svn/framework3/trunk@8879 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-22 20:07:26 +00:00
HD Moore 480380003c Make verbose status printing standardized across login modules
git-svn-id: file:///home/svn/framework3/trunk@8866 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-21 18:42:47 +00:00
Joshua Drake 9311253e32 <pre>revert stty -echo execution -- it breaks telnets to some devices</pre>
git-svn-id: file:///home/svn/framework3/trunk@8848 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-18 15:40:15 +00:00
Tod Beardsley 3f69bb8053 Fixes the handling for telnet services when the server is "busy" -- this is common wit HP JetDirect servers, where the server will respond with a busy message up to several seconds after the last connection logged off. While this does mean that credential tests will be skipped, they will at least not be scored incorrectly as false postives.
Also, this removes the disconnect() method in favor of self.sock.close(). Disconnect seems to have a tendency to leave sessions half-closed, which will cause a busy state to never clear. self.sock.close doesn't appear to have this effect if you use a slower bruteforce_speed option (3 seems to work all right).



git-svn-id: file:///home/svn/framework3/trunk@8835 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-16 18:45:50 +00:00
Joshua Drake a6377cc63b turn off echo for telnet sessions
git-svn-id: file:///home/svn/framework3/trunk@8801 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-11 23:03:44 +00:00
Tod Beardsley efbdaba298 Making telnet timeouts much less disasterous, since they can happen pretty commonly.
git-svn-id: file:///home/svn/framework3/trunk@8769 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 21:54:20 +00:00
Tod Beardsley a5e187bd69 Add the ability to slow down brute force sessions.
git-svn-id: file:///home/svn/framework3/trunk@8719 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 23:29:26 +00:00
Joshua Drake 7a37934a01 process autorun scripts for telnet_login and ssh_login
1. create session.process_autoruns in Msf::Sessions::CommandShell
2. call process_autoruns from within the handler on_session code
4. set user_input and user_output in sessions base set_from_exploit method
5. remove on_session from Msf::Sessions::CommandShellOptions
6. include CommandShellOptions into telnet_login and ssh_login
7. call sess.process_autoruns from telnet_login and ssh_login
8. celebrate (while crossing fingers of course)!

git-svn-id: file:///home/svn/framework3/trunk@8692 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 18:07:50 +00:00
HD Moore d5e07a3ba9 Change info
git-svn-id: file:///home/svn/framework3/trunk@8650 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-26 01:09:09 +00:00
Tod Beardsley bd35a70017 Wrapping up the whole timeout sequence in a timeout to avoid getting stuck.
git-svn-id: file:///home/svn/framework3/trunk@8643 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-25 21:35:55 +00:00
HD Moore 80f1f48b2d Merge in loot and user, fix up telnet to handle eof better
git-svn-id: file:///home/svn/framework3/trunk@8594 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-22 23:45:43 +00:00
HD Moore 479f2939fc Track the target host/workspace through the entire tree, expose to RPC, and use this telnet_login
git-svn-id: file:///home/svn/framework3/trunk@8583 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-22 17:54:44 +00:00
HD Moore 0a8696436e Fix up the telnet login code to handle varied responses better
git-svn-id: file:///home/svn/framework3/trunk@8565 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-20 05:49:40 +00:00
Joshua Drake 007930c784 add svn keywords property
git-svn-id: file:///home/svn/framework3/trunk@8561 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-19 07:13:31 +00:00
Tod Beardsley 27c3266c0a Serializes telnet brute forcing so it's a little bit faster (as it happens) and
about a zillion times more reliable.



git-svn-id: file:///home/svn/framework3/trunk@8543 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 00:22:02 +00:00
Tod Beardsley 4197f00701 Moves @credentials_tried and @credentials_good into auth_brute proper, though modules still
need to handle them themselves... which telnet and ssh both do now.



git-svn-id: file:///home/svn/framework3/trunk@8542 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 21:55:02 +00:00
Tod Beardsley c52b37ea17 Prettify the telnet banner display for db_services
git-svn-id: file:///home/svn/framework3/trunk@8458 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 20:14:38 +00:00
Tod Beardsley e4494d3582 Added a verbosity line to telnet.
git-svn-id: file:///home/svn/framework3/trunk@8442 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 19:06:01 +00:00
James Lee e2d70519d7 add the ability to check for a prompt before sending user/pass; now works with cisco, aix, solaris, linux, and windows telnetds
git-svn-id: file:///home/svn/framework3/trunk@8434 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 19:07:02 +00:00
James Lee c6c1afe543 open sessions when a telnet login succeeds; needs testing on more telnetd's
git-svn-id: file:///home/svn/framework3/trunk@8393 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-07 01:24:41 +00:00
James Lee 3b0b2731fd fix telnet scanner
git-svn-id: file:///home/svn/framework3/trunk@8392 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-07 00:14:29 +00:00
HD Moore b2518b7c68 Remove the starting host verbage; it gets noisy in scanning mode
git-svn-id: file:///home/svn/framework3/trunk@8390 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 22:07:44 +00:00
James Lee 865a50594b add a telnet login scanner
git-svn-id: file:///home/svn/framework3/trunk@8179 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-20 03:25:34 +00:00
HD Moore 7390b1d42d Add and improve database reporting to existing scanner modules
git-svn-id: file:///home/svn/framework3/trunk@8131 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 03:25:34 +00:00
HD Moore 0b7df74615 Rename modules to be consistent with the new convention
git-svn-id: file:///home/svn/framework3/trunk@8129 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 02:55:08 +00:00
HD Moore 9bb14e1c4e Add a telnet banner grabber
git-svn-id: file:///home/svn/framework3/trunk@8108 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-13 21:46:48 +00:00