1
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-29 18:07:27 +01:00

Watch out, the style police is in da house

git-svn-id: file:///home/svn/framework3/trunk@14083 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
Wei Chen 2011-10-26 23:31:12 +00:00
parent 6ba153c9f5
commit 5d8c3e956e
5 changed files with 150 additions and 160 deletions

View File

@ -15,23 +15,25 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'John the Ripper MS SQL Password Cracker (Fast Mode)',
'Version' => '$$',
'Description' => %Q{
'Name' => 'John the Ripper MS SQL Password Cracker (Fast Mode)',
'Version' => '$$',
'Description' => %Q{
This module uses John the Ripper to identify weak passwords that have been
acquired from the mssql_hashdump module. Passwords that have been successfully
cracked are then saved as propper credentials
},
'Author' => ['TheLightCosine <thelightcosine[at]gmail.com>',
'hdm'
] ,
'License' => MSF_LICENSE # JtR itself is GPLv2, but this wrapper is MSF (BSD)
'Author' =>
[
'TheLightCosine <thelightcosine[at]gmail.com>',
'hdm'
],
'License' => MSF_LICENSE # JtR itself is GPLv2, but this wrapper is MSF (BSD)
)
end
def run
@wordlist = Rex::Quickfile.new("jtrtmp")
@wordlist.write( build_seed().flatten.uniq.join("\n") + "\n" )
@wordlist.close
print_status("Cracking MSSQL Hashes")
@ -39,14 +41,11 @@ class Metasploit3 < Msf::Auxiliary
print_status("Cracking MSSQL05 Hashes")
crack("mssql05")
end
def build_seed
seed = []
seed = []
#Seed the wordlist with Database , Table, and Instance Names
schemas = myworkspace.notes.find(:all, :conditions => ['ntype like ?', '%.schema%'])
unless schemas.nil? or schemas.empty?
@ -57,23 +56,22 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
instances = myworkspace.notes.find(:all, :conditions => ['ntype=?', 'mssql.instancename'])
unless instances.nil? or instances.empty?
instances.each do |anote|
seed << anote.data['InstanceName']
end
end
# Seed the wordlist with usernames, passwords, and hostnames
myworkspace.hosts.find(:all).each {|o| seed << john_expand_word( o.name ) if o.name }
myworkspace.creds.each do |o|
seed << john_expand_word( o.user ) if o.user
seed << john_expand_word( o.pass ) if (o.pass and o.ptype !~ /hash/)
end
# Grab any known passwords out of the john.pot file
john_cracked_passwords.values {|v| seed << v }
@ -82,10 +80,10 @@ class Metasploit3 < Msf::Auxiliary
john.each_line{|line| seed << line.chomp}
return seed
end
def crack(format)
hashlist = Rex::Quickfile.new("jtrtmp")
@ -103,19 +101,19 @@ class Metasploit3 < Msf::Auxiliary
end
end
hashlist.close
print_status("HashList: #{hashlist.path}")
print_status("Trying Wordlist: #{@wordlist.path}")
john_crack(hashlist.path, :wordlist => @wordlist.path, :rules => 'single', :format => format)
print_status("Trying Rule: All4...")
john_crack(hashlist.path, :incremental => "All4", :format => format)
print_status("Trying Rule: Digits5...")
john_crack(hashlist.path, :incremental => "Digits5", :format => format)
cracked = john_show_passwords(hashlist.path, format)
print_status("#{cracked[:cracked]} hashes were cracked!")
cracked[:users].each_pair do |k,v|
print_good("Host: #{v[1]} Port: #{v[2]} User: #{k} Pass: #{v[0]}")
@ -125,10 +123,9 @@ class Metasploit3 < Msf::Auxiliary
:sname => 'mssql',
:user => k,
:pass => v[0]
)
)
end
end
end
end
end

View File

@ -15,28 +15,30 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'John the Ripper MySQL Password Cracker (Fast Mode)',
'Version' => '$$',
'Description' => %Q{
'Name' => 'John the Ripper MySQL Password Cracker (Fast Mode)',
'Version' => '$Revision$',
'Description' => %Q{
This module uses John the Ripper to identify weak passwords that have been
acquired from the mysql_hashdump module. Passwords that have been successfully
cracked are then saved as propper credentials
},
'Author' => ['TheLightCosine <thelightcosine[at]gmail.com>',
'hdm'
] ,
'License' => MSF_LICENSE # JtR itself is GPLv2, but this wrapper is MSF (BSD)
'Author' =>
[
'TheLightCosine <thelightcosine[at]gmail.com>',
'hdm'
] ,
'License' => MSF_LICENSE # JtR itself is GPLv2, but this wrapper is MSF (BSD)
)
end
def run
wordlist = Rex::Quickfile.new("jtrtmp")
wordlist.write( build_seed().flatten.uniq.join("\n") + "\n" )
wordlist.close
hashlist = Rex::Quickfile.new("jtrtmp")
myloots = myworkspace.loots.find(:all, :conditions => ['ltype=?', 'mysql.hashes'])
unless myloots.nil? or myloots.empty?
myloots.each do |myloot|
@ -50,21 +52,21 @@ class Metasploit3 < Msf::Auxiliary
end
end
hashlist.close
print_status("HashList: #{hashlist.path}")
print_status("Trying 'mysql-fast' Wordlist: #{wordlist.path}")
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'mysql-fast')
print_status("Trying 'mysql-fast' Rule: All4...")
john_crack(hashlist.path, :incremental => "All4", :format => 'mysql-fast')
print_status("Trying mysql-fast Rule: Digits5...")
john_crack(hashlist.path, :incremental => "Digits5", :format => 'mysql-fast')
cracked = john_show_passwords(hashlist.path, 'mysql-fast')
print_status("#{cracked[:cracked]} hashes were cracked!")
#Save cracked creds and add the passwords back to the wordlist for the next round
tfd = ::File.open(wordlist.path, "ab")
cracked[:users].each_pair do |k,v|
@ -78,22 +80,21 @@ class Metasploit3 < Msf::Auxiliary
:pass => v[0]
)
end
print_status("Trying 'mysql-sha1' Wordlist: #{wordlist.path}")
john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'mysql-sha1')
print_status("Trying 'mysql-sha1' Rule: All4...")
john_crack(hashlist.path, :incremental => "All4", :format => 'mysql-sha1')
print_status("Trying 'mysql-sha1' Rule: Digits5...")
john_crack(hashlist.path, :incremental => "Digits5", :format => 'mysql-sha1')
cracked = john_show_passwords(hashlist.path, 'mysql-sha1')
print_status("#{cracked[:cracked]} hashes were cracked!")
cracked[:users].each_pair do |k,v|
print_status("#{cracked[:cracked]} hashes were cracked!")
cracked[:users].each_pair do |k,v|
print_good("Host: #{v[1]} Port: #{v[2]} User: #{k} Pass: #{v[0]}")
report_auth_info(
:host => v[1],
@ -101,17 +102,16 @@ class Metasploit3 < Msf::Auxiliary
:sname => 'mssql',
:user => k,
:pass => v[0]
)
)
end
end
end
def build_seed
seed = []
seed = []
#Seed the wordlist with Database , Table, and Instance Names
schemas = myworkspace.notes.find(:all, :conditions => ['ntype like ?', '%.schema%'])
unless schemas.nil? or schemas.empty?
@ -122,23 +122,22 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
instances = myworkspace.notes.find(:all, :conditions => ['ntype=?', 'mssql.instancename'])
unless instances.nil? or instances.empty?
instances.each do |anote|
seed << anote.data['InstanceName']
end
end
# Seed the wordlist with usernames, passwords, and hostnames
myworkspace.hosts.find(:all).each {|o| seed << john_expand_word( o.name ) if o.name }
myworkspace.creds.each do |o|
seed << john_expand_word( o.user ) if o.user
seed << john_expand_word( o.pass ) if (o.pass and o.ptype !~ /hash/)
end
# Grab any known passwords out of the john.pot file
john_cracked_passwords.values {|v| seed << v }
@ -149,12 +148,10 @@ class Metasploit3 < Msf::Auxiliary
return seed
end
# huh?
def crack(format)
end
end

View File

@ -1,3 +1,7 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -15,36 +19,34 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'John the Ripper Oracle Password Cracker (Fast Mode)',
'Version' => '$$',
'Description' => %Q{
'Name' => 'John the Ripper Oracle Password Cracker (Fast Mode)',
'Version' => "$Revision$",
'Description' => %Q{
This module uses John the Ripper to identify weak passwords that have been
acquired from the oracle_hashdump module. Passwords that have been successfully
cracked are then saved as propper credentials
},
'Author' => ['TheLightCosine <thelightcosine[at]gmail.com>',
'hdm'
] ,
'License' => MSF_LICENSE # JtR itself is GPLv2, but this wrapper is MSF (BSD)
'Author' =>
[
'TheLightCosine <thelightcosine[at]gmail.com>',
'hdm'
] ,
'License' => MSF_LICENSE # JtR itself is GPLv2, but this wrapper is MSF (BSD)
)
end
def run
@wordlist = Rex::Quickfile.new("jtrtmp")
@wordlist.write( build_seed().flatten.uniq.join("\n") + "\n" )
@wordlist.close
crack("oracle")
crack("oracle11g")
end
def build_seed
seed = []
seed = []
#Seed the wordlist with Database , Table, and Instance Names
schemas = myworkspace.notes.find(:all, :conditions => ['ntype like ?', '%.schema%'])
unless schemas.nil? or schemas.empty?
@ -55,23 +57,23 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
instances = myworkspace.notes.find(:all, :conditions => ['ntype=?', 'mssql.instancename'])
unless instances.nil? or instances.empty?
instances.each do |anote|
seed << anote.data['InstanceName']
end
end
# Seed the wordlist with usernames, passwords, and hostnames
myworkspace.hosts.find(:all).each {|o| seed << john_expand_word( o.name ) if o.name }
myworkspace.creds.each do |o|
seed << john_expand_word( o.user ) if o.user
seed << john_expand_word( o.pass ) if (o.pass and o.ptype !~ /hash/)
end
# Grab any known passwords out of the john.pot file
john_cracked_passwords.values {|v| seed << v }
@ -80,12 +82,12 @@ class Metasploit3 < Msf::Auxiliary
john.each_line{|line| seed << line.chomp}
return seed
end
def crack(format)
hashlist = Rex::Quickfile.new("jtrtmp")
ltype= "#{format}.hashes"
myloots = myworkspace.loots.find(:all, :conditions => ['ltype=?', ltype])
@ -101,19 +103,19 @@ class Metasploit3 < Msf::Auxiliary
end
end
hashlist.close
print_status("HashList: #{hashlist.path}")
print_status("Trying Wordlist: #{@wordlist.path}")
john_crack(hashlist.path, :wordlist => @wordlist.path, :rules => 'single', :format => format)
print_status("Trying Rule: All4...")
john_crack(hashlist.path, :incremental => "All4", :format => format)
print_status("Trying Rule: Digits5...")
john_crack(hashlist.path, :incremental => "Digits5", :format => format)
cracked = john_show_passwords(hashlist.path, format)
print_status("#{cracked[:cracked]} hashes were cracked!")
cracked[:users].each_pair do |k,v|
print_good("Host: #{v[1]} Port: #{v[2]} User: #{k} Pass: #{v[0]}")
@ -123,10 +125,9 @@ class Metasploit3 < Msf::Auxiliary
:sname => 'oracle',
:user => k,
:pass => v[0]
)
)
end
end
end
end
end

View File

@ -1,3 +1,7 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -9,32 +13,32 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::JohnTheRipper
def initialize
super(
'Name' => 'Unix Unshadow Utility',
'Version' => '$$',
'Name' => 'Unix Unshadow Utility',
'Version' => "$Revision$",
'Description' => %Q{
This module takes a passwd and shadow file and 'unshadows'
them and saves them as linux.hashes loot.
},
'Author' => ['TheLightCosine <thelightcosine[at]gmail.com>'],
'License' => MSF_LICENSE
'Author' => ['TheLightCosine <thelightcosine[at]gmail.com>'],
'License' => MSF_LICENSE
)
register_options([OptPath.new('passwd', [true, 'The path to the passwd file']),
OptPath.new('shadow', [true, 'The path to the shadow file']),
OptAddress.new('IP', [true, 'The IP address if the host the shadow file came from']),
])
register_options(
[
OptPath.new('passwd', [true, 'The path to the passwd file']),
OptPath.new('shadow', [true, 'The path to the shadow file']),
OptAddress.new('IP', [true, 'The IP address if the host the shadow file came from']),
], self.class)
end
def run
unshadow = john_unshadow(datastore['passwd'],datastore['shadow'])
if unshadow
print_good(unshadow)
@ -42,12 +46,6 @@ class Metasploit3 < Msf::Auxiliary
lootfile = store_loot("linux.hashes", "text/plain", datastore['IP'], unshadow, filename, "Linux Hashes")
print_status("Saved unshadowed file: #{lootfile}")
end
end
end
end

View File

@ -1,3 +1,7 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -17,31 +21,34 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'Postgres SQL md5 Password Cracker',
'Version' => '$Revision: 13149 $',
'Description' => %Q{
'Name' => 'Postgres SQL md5 Password Cracker',
'Version' => '$Revision: 13149 $',
'Description' => %Q{
This module attempts to crack Postgres SQL md5 password hashes.
It creates hashes based on information saved in the MSF Database
such as hostnames, usernames,passwords, and database schema information.
The user can also supply an additional external wordlist if they wish.
It creates hashes based on information saved in the MSF Database
such as hostnames, usernames,passwords, and database schema information.
The user can also supply an additional external wordlist if they wish.
},
'Author' => ['TheLightCosine <thelightcosine[at]gmail.com>'],
'License' => MSF_LICENSE
'Author' => ['TheLightCosine <thelightcosine[at]gmail.com>'],
'License' => MSF_LICENSE
)
register_options([OptPath.new('Wordlist', [false, 'The path to an optional Wordlist']),
OptBool.new('Munge',[false, 'Munge the Wordlist (Slower)', false])
])
register_options(
[
OptPath.new('Wordlist', [false, 'The path to an optional Wordlist']),
OptBool.new('Munge',[false, 'Munge the Wordlist (Slower)', false])
])
deregister_options('JOHN_BASE','JOHN_PATH')
end
def run
print_status("Processing wordlist...")
print_status("Processing wordlist...")
@seed= build_seed()
print_status("Wordlist length: #{@seed.length}")
myloots = myworkspace.loots.find(:all, :conditions => ['ltype=?', 'postgres.hashes'])
unless myloots.nil?
myloots.each do |myloot|
@ -67,30 +74,26 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
end
def crack_hash(username,hash)
@seed.each do |word|
tmphash = Digest::MD5.hexdigest("#{word}#{username}")
if tmphash == hash
return word
end
end
return nil
end
def build_seed
seed = []
seed = []
#Seed the wordlist with Database , Table, and Instance Names
schemas = myworkspace.notes.find(:all, :conditions => ['ntype like ?', '%.schema%'])
unless schemas.nil? or schemas.empty?
@ -101,40 +104,38 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
instances = myworkspace.notes.find(:all, :conditions => ['ntype=?', 'mssql.instancename'])
unless instances.nil? or instances.empty?
instances.each do |anote|
seed << anote.data['InstanceName']
end
end
# Seed the wordlist with usernames, passwords, and hostnames
myworkspace.hosts.find(:all).each {|o| seed << john_expand_word( o.name ) if o.name }
myworkspace.creds.each do |o|
seed << john_expand_word( o.user ) if o.user
seed << john_expand_word( o.pass ) if (o.pass and o.ptype !~ /hash/)
end
# Grab any known passwords out of the john.pot file
john_cracked_passwords.values {|v| seed << v }
#Grab the default John Wordlist
john = File.open(john_wordlist_path, "r")
john.each_line{|line| seed << line.chomp}
if datastore['Wordlist']
wordlist= File.open(datastore['Wordlist'], "r")
wordlist.each_line{|line| seed << line.chomp}
end
unless seed.empty?
seed.flatten!
seed.uniq!
if datastore['Munge']
mungedseed=[]
seed.each do |word|
@ -147,14 +148,10 @@ class Metasploit3 < Msf::Auxiliary
seed << mungedseed
seed.flatten!
seed.uniq!
end
end
return seed
end
end