Skip to content

Commit

Permalink
Minor fixes to modules to use report_cred
Browse files Browse the repository at this point in the history
  • Loading branch information
@errorxyz
errorxyz committed Dec 16, 2023
1 parent 2cf8b38 commit a58f7f0
Show file tree
Hide file tree
Showing 8 changed files with 67 additions and 154 deletions.
32 changes: 4 additions & 28 deletions data/exploits/psnuffle/ftp.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,10 +42,11 @@ def parse(pkt)
if(s[:user] and s[:pass])
report_cred(
:ip => s[:host],
:port => 21,
:port => s[:port],
:service_name => s[:sname],
:user => s[:user],
:password => s[:pass],
:type => :password,
:proof => "Response code 5 from server",
:status => Metasploit::Model::Login::Status::INCORRECT
)
Expand All @@ -59,10 +60,11 @@ def parse(pkt)
if(s[:user] and s[:pass])
report_cred(
:ip => s[:host],
:port => 21,
:port => s[:port],
:service_name => s[:sname],
:user => s[:user],
:password => s[:pass],
:type => :password,
:proof => "Response code 230 from server",
:status => Metasploit::Model::Login::Status::SUCCESSFUL
)
Expand Down Expand Up @@ -90,31 +92,5 @@ def parse(pkt)

end # end of each_key
end # end of parse

def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}

credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)

login_data = {
core: create_credential(credential_data),
status: opts[:status],
proof: opts[:proof]
}.merge(service_data)

create_credential_login(login_data)
end
end

35 changes: 6 additions & 29 deletions data/exploits/psnuffle/imap.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,11 @@ def parse(pkt)

report_cred(
:ip => s[:host],
:port => 143,
:port => s[:port],
:service_name => s[:sname],
:user => s[:user],
:password => s[:pass],
:type => :password,
:proof => "Capability OK reponse from server",
:status => Metasploit::Model::Login::Status::SUCCESSFUL
)
Expand All @@ -62,10 +63,11 @@ def parse(pkt)

report_cred(
:ip => s[:host],
:port => 143,
:port => s[:port],
:service_name => s[:sname],
:user => s[:user],
:password => s[:pass],
:type => :password,
:proof => "Capability NO response from server",
:status => Metasploit::Model::Login::Status::INCORRECT
)
Expand All @@ -77,10 +79,11 @@ def parse(pkt)
when :login_bad
report_cred(
:ip => s[:host],
:port => 143,
:port => s[:port],
:service_name => s[:sname],
:user => s[:user],
:password => s[:pass],
:type => :password,
:proof => "Capability BAD response from server",
:status => Metasploit::Model::Login::Status::INCORRECT
)
Expand All @@ -100,31 +103,5 @@ def parse(pkt)
end # end case matched
end # end of each_key
end # end of parse

def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}

credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)

login_data = {
core: create_credential(credential_data),
status: opts[:status],
proof: opts[:proof]
}.merge(service_data)

create_credential_login(login_data)
end
end

40 changes: 8 additions & 32 deletions data/exploits/psnuffle/pop3.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,11 +54,12 @@ def parse(pkt)
s[:extra] = "Successful Login. Banner: #{s[:banner]}"
report_cred(
:ip => s[:host],
:port => 110,
:service_name => s[:sname],
:port => s[:port],
:service_name => s[:name],
:user => s[:user],
:password => s[:pass],
:proof => "OK response after PASS response from server",
:type => :password,
:proof => s[:extra],
:status => Metasploit::Model::Login::Status::SUCCESSFUL
)
print_status("Successful POP3 Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
Expand All @@ -82,11 +83,12 @@ def parse(pkt)
s[:extra]="Failed Login. Banner: #{s[:banner]}"
report_cred(
:ip => s[:host],
:port => 110,
:service_name => s[:sname],
:port => s[:port],
:service_name => s[:proto],
:user => s[:user],
:password => s[:pass],
:proof => "ERR response after PASS response from server",
:type => :password,
:proof => s[:extra],
:status => Metasploit::Model::Login::Status::INCORRECT
)
print_status("Invalid POP3 Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
Expand All @@ -100,31 +102,5 @@ def parse(pkt)
end # end case matched
end # end of each_key
end # end of parse

def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}

credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)

login_data = {
core: create_credential(credential_data),
status: opts[:status],
proof: opts[:proof]
}.merge(service_data)

create_credential_login(login_data)
end
end

31 changes: 3 additions & 28 deletions data/exploits/psnuffle/smb.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,12 +172,14 @@ def parse_sessionsetup(pkt, s)
# DB reporting
report_cred(
:ip => dst_ip,
:port => 445,
:port => s[:port],
:service_name => 'smb',
:user => s[:user],
:password => s[:domain] + ":" + s[:lmhash] + ":" + s[:ntlmhash] + ":" + s[:challenge],
:type => :nonreplayable_hash,
:jtr_format => smb_db_type_hash,
:proof => "DOMAIN=#{s[:domain]} OS=#{s[:peer_os]}",
:status => Metasploit::Model::Login::Status::SUCCESSFUL
)

report_note(
Expand Down Expand Up @@ -206,31 +208,4 @@ def parse_sessionsetup(pkt, s)
end
end
end

def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}

credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash,
jtr_format: opts[:jtr_format]
}.merge(service_data)

login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)

create_credential_login(login_data)
end
end
32 changes: 4 additions & 28 deletions data/exploits/psnuffle/url.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,11 +46,13 @@ def parse(pkt)
s[:user], s[:pass] = Rex::Text.decode_base64(s[:basic_auth]).split(':', 2)
report_cred(
:ip => s[:host],
:port => 80,
:service_name => s[:sname],
:port => s[:port],
:service_name => 'http',
:user => s[:user],
:password => s[:pass],
:type => :password,
:proof => "Session: #{s[:session]} Basic Auth: #{s[:basic_auth]}",
:status => Metasploit::Model::Login::Status::UNTRIED
)
print_status "HTTP Basic Authentication: #{s[:session]} >> #{s[:user]} / #{s[:pass]}"
end
Expand All @@ -59,30 +61,4 @@ def parse(pkt)
end # end case matched
end # end of each_key
end # end of parse

def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}

credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)

login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
proof: opts[:proof]
}.merge(service_data)

create_credential_login(login_data)
end
end # end of URL sniffer
12 changes: 6 additions & 6 deletions modules/auxiliary/admin/scada/modicon_password_recovery.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,12 +185,12 @@ def grab
logins << ["http", httpuser, httppass]

report_cred(
:ip => ip,
:port => 80,
:service_name => 'http',
:user => httpuser,
:password => httppass,
:proof => proof
ip: ip,
port: rport,
service_name: 'http',
user: httpuser,
password: httppass,
proof: proof
)

logins << ["scada-write", "", writecreds[1]]
Expand Down
4 changes: 3 additions & 1 deletion modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,14 +190,16 @@ def dump_hashes(view_id, cookie, uri)

def report_cred(opts)

service_data = service_details.merge({workspace_id: myworkspace_id})

credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :nonreplayable_hash,
jtr_format: 'dominosec'
}.merge(service_details)
}.merge(service_data)

login_data = {
core: create_credential(credential_data),
Expand Down
35 changes: 33 additions & 2 deletions modules/auxiliary/sniffer/psnuffle.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@ def run

# Basic class for taking care of sessions
class BaseProtocolParser
include Msf::Auxiliary::Report

attr_accessor :framework, :module, :sessions, :dport, :sigs

Expand Down Expand Up @@ -132,8 +133,38 @@ def print_error(msg)
self.module.print_error(msg)
end

def report_auth_info(*s)
self.module.report_auth_info(*s)
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: self.module.myworkspace_id
}

credential_data = {
origin_type: :service,
module_fullname: self.module.fullname,
username: opts[:user],
private_data: opts[:password],
private_type: opts[:type]
}.merge(service_data)

if opts[:type] == :nonreplayable_hash
credential_data.merge!(jtr_format: opts[:jtr_format])
end

login_data = {
core: create_credential(credential_data),
status: opts[:status],
proof: opts[:proof]
}.merge(service_data)

unless opts[:status] == Metasploit::Model::Login::Status::UNTRIED
login_data.merge!(last_attempted_at: DateTime.now)
end

create_credential_login(login_data)
end

def report_note(*s)
Expand Down

0 comments on commit a58f7f0

Please sign in to comment.