github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-11-05 14:57:30 +01:00
Code Releases Activity

Land #7161, add specs for cisco mixin to use Metasploit Credentials

Browse Source
This commit is contained in:
Brent Cook 2016-08-12 10:07:17 -05:00
commit 6a035b7e48
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
2 changed files with 1034 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

367
lib/msf/core/auxiliary/cisco.rb
View File

@ -9,7 +9,6 @@ module Msf
module Auxiliary::Cisco
include Msf::Auxiliary::Report
def cisco_ios_decrypt7(inp)
xlat = [
0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f,
@ -33,25 +32,60 @@ module Auxiliary::Cisco
end
clear
end
def create_credential_and_login(opts={})
return nil unless active_db?
if self.respond_to?(:[]) and self[:task]
opts[:task_id] ||= self[:task].record.id
end
core = opts.fetch(:core, create_credential(opts))
access_level = opts.fetch(:access_level, nil)
last_attempted_at = opts.fetch(:last_attempted_at, nil)
status = opts.fetch(:status, Metasploit::Model::Login::Status::UNTRIED)
login_object = nil
retry_transaction do
service_object = create_credential_service(opts)
login_object = Metasploit::Credential::Login.where(core_id: core.id, service_id: service_object.id).first_or_initialize
if opts[:task_id]
login_object.tasks << Mdm::Task.find(opts[:task_id])
end
login_object.access_level = access_level if access_level
login_object.last_attempted_at = last_attempted_at if last_attempted_at
if status == Metasploit::Model::Login::Status::UNTRIED
if login_object.last_attempted_at.nil?
login_object.status = status
end
else
login_object.status = status
end
login_object.save!
end
login_object
end
def cisco_ios_config_eater(thost, tport, config)
#
# Create a template hash for cred reporting
#
cred_info = {
:host => thost,
:port => tport,
:user => "",
:pass => "",
:type => "",
:collect_type => "",
:active => true
credential_data = {
address: thost,
port: tport,
protocol: 'tcp',
workspace_id: myworkspace.id,
origin_type: :service,
service_name: '',
module_fullname: self.fullname,
status: Metasploit::Model::Login::Status::UNTRIED
}
# Default SNMP to UDP
if tport == 161
cred_info[:proto] = 'udp'
credential_data[:protocol] = 'udp'
end
store_loot("cisco.ios.config", "text/plain", thost, config.strip, "config.txt", "Cisco IOS Configuration")
@ -70,40 +104,42 @@ module Auxiliary::Cisco
if stype == 5
print_good("#{thost}:#{tport} MD5 Encrypted Enable Password: #{shash}")
store_loot("cisco.ios.enable_hash", "text/plain", thost, shash, "enable_password_hash.txt", "Cisco IOS Enable Password Hash (MD5)")
cred = credential_data.dup
cred[:private_data] = shash
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
end
if stype == 0
print_good("#{thost}:#{tport} Enable Password: #{shash}")
store_loot("cisco.ios.enable_pass", "text/plain", thost, shash, "enable_password.txt", "Cisco IOS Enable Password")
cred = cred_info.dup
cred[:pass] = shash
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = shash
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
end
if stype == 7
shash = cisco_ios_decrypt7(shash) rescue shash
print_good("#{thost}:#{tport} Decrypted Enable Password: #{shash}")
store_loot("cisco.ios.enable_pass", "text/plain", thost, shash, "enable_password.txt", "Cisco IOS Enable Password")
cred = cred_info.dup
cred[:pass] = shash
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = shash
cred[:private_type] = :password
create_credential_and_login(cred)
end
when /^\s*enable password (.*)/i
spass = $1.strip
print_good("#{thost}:#{tport} Unencrypted Enable Password: #{spass}")
cred = cred_info.dup
cred[:pass] = spass
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
#
# SNMP
@ -113,21 +149,17 @@ module Auxiliary::Cisco
scomm = $1.strip
print_good("#{thost}:#{tport} SNMP Community (#{stype}): #{scomm}")
cred = credential_data.dup
if stype.downcase == "ro"
ptype = "password_ro"
cred[:access_level] = "RO"
else
ptype = "password"
cred[:access_level] = "RW"
end
cred = cred_info.dup
cred[:sname] = "snmp"
cred[:pass] = scomm
cred[:type] = ptype
cred[:collect_type] = ptype
cred[:proto] = "udp"
cred[:port] = 161
store_cred(cred)
cred[:protocol] = "udp"
cred[:port] = 161
cred[:private_data] = scomm
cred[:private_type] = :password
create_credential_and_login(cred)
#
# VTY Passwords
#
@ -136,26 +168,31 @@ module Auxiliary::Cisco
spass = cisco_ios_decrypt7(spass) rescue spass
print_good("#{thost}:#{tport} Decrypted VTY Password: #{spass}")
cred = cred_info.dup
cred[:pass] = spass
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :password
create_credential_and_login(cred)
when /^\s*(password|secret) 5 (.*)/i
shash = $1.strip
shash = $2.strip
print_good("#{thost}:#{tport} MD5 Encrypted VTY Password: #{shash}")
store_loot("cisco.ios.vty_password", "text/plain", thost, shash, "vty_password_hash.txt", "Cisco IOS VTY Password Hash (MD5)")
cred = credential_data.dup
cred[:private_data] = shash
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
when /^\s*password (0 |)([^\s]+)/i
spass = $2.strip
print_good("#{thost}:#{tport} Unencrypted VTY Password: #{spass}")
cred = cred_info.dup
cred[:pass] = spass
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
#
# WiFi Passwords
@ -173,29 +210,29 @@ module Auxiliary::Cisco
if stype == 5
print_good("#{thost}:#{tport} Wireless WPA-PSK MD5 Password Hash: #{spass}")
store_loot("cisco.ios.wireless_wpapsk_hash", "text/plain", thost, spass, "wireless_wpapsk_hash.txt", "Cisco IOS Wireless WPA-PSK Password Hash (MD5)")
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
end
if stype == 0
print_good("#{thost}:#{tport} Wireless WPA-PSK Password: #{spass}")
cred = cred_info.dup
cred[:pass] = spass
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
store_loot("cisco.ios.wireless_wpapsk", "text/plain", thost, spass, "wireless_wpapsk.txt", "Cisco IOS Wireless WPA-PSK Password")
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
end
if stype == 7
spass = cisco_ios_decrypt7(spass) rescue spass
print_good("#{thost}:#{tport} Wireless WPA-PSK Decrypted Password: #{spass}")
cred = cred_info.dup
cred[:pass] = spass
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
store_loot("cisco.ios.wireless_wpapsk", "text/plain", thost, spass, "wireless_wpapsk.txt", "Cisco IOS Wireless WPA-PSK Decrypted Password")
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :password
create_credential_and_login(cred)
end
#
@ -208,11 +245,11 @@ module Auxiliary::Cisco
print_good("#{thost}:#{tport} VPN IPSEC ISAKMP Key '#{spass}' Host '#{shost}'")
store_loot("cisco.ios.vpn_ipsec_key", "text/plain", thost, "#{spass}", "vpn_ipsec_key.txt", "Cisco VPN IPSEC Key")
cred = cred_info.dup
cred[:pass] = spass
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
when /^\s*interface tunnel(\d+)/i
tuniface = $1
@ -222,25 +259,24 @@ module Auxiliary::Cisco
print_good("#{thost}:#{tport} GRE Tunnel Key #{spass} for Interface Tunnel #{siface}")
store_loot("cisco.ios.gre_tunnel_key", "text/plain", thost, "tunnel#{siface}_#{spass}", "gre_tunnel_key.txt", "Cisco GRE Tunnel Key")
cred = cred_info.dup
cred[:pass] = spass
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
when /^\s*ip nhrp authentication ([^\s]+)/i
spass = $1
siface = tuniface
print_good("#{thost}:#{tport} NHRP Authentication Key #{spass} for Interface Tunnel #{siface}")
store_loot("cisco.ios.nhrp_tunnel_key", "text/plain", thost, "tunnel#{siface}_#{spass}", "nhrp_tunnel_key.txt", "Cisco NHRP Authentication Key")
cred = cred_info.dup
cred[:pass] = spass
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
#
# Various authentication secrets
@ -249,139 +285,142 @@ module Auxiliary::Cisco
user = $1
priv = $2
stype = $4.to_i
shash = $5
spass = $5
if stype == 5
print_good("#{thost}:#{tport} Username '#{user}' with MD5 Encrypted Password: #{shash}")
store_loot("cisco.ios.username_password_hash", "text/plain", thost, "#{user}_level#{priv}:#{shash}", "username_password_hash.txt", "Cisco IOS Username and Password Hash (MD5)")
print_good("#{thost}:#{tport} Username '#{user}' with MD5 Encrypted Password: #{spass}")
store_loot("cisco.ios.username_password_hash", "text/plain", thost, "#{user}_level#{priv}:#{spass}", "username_password_hash.txt", "Cisco IOS Username and Password Hash (MD5)")
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
end
if stype == 0
print_good("#{thost}:#{tport} Username '#{user}' with Password: #{shash}")
store_loot("cisco.ios.username_password", "text/plain", thost, "#{user}_level#{priv}:#{shash}", "username_password.txt", "Cisco IOS Username and Password")
print_good("#{thost}:#{tport} Username '#{user}' with Password: #{spass}")
store_loot("cisco.ios.username_password", "text/plain", thost, "#{user}_level#{priv}:#{spass}", "username_password.txt", "Cisco IOS Username and Password")
cred = cred_info.dup
cred[:user] = user
cred[:pass] = shash
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
end
if stype == 7
shash = cisco_ios_decrypt7(shash) rescue shash
print_good("#{thost}:#{tport} Username '#{user}' with Decrypted Password: #{shash}")
store_loot("cisco.ios.username_password", "text/plain", thost, "#{user}_level#{priv}:#{shash}", "username_password.txt", "Cisco IOS Username and Password")
spass = cisco_ios_decrypt7(spass) rescue spass
print_good("#{thost}:#{tport} Username '#{user}' with Decrypted Password: #{spass}")
store_loot("cisco.ios.username_password", "text/plain", thost, "#{user}_level#{priv}:#{spass}", "username_password.txt", "Cisco IOS Username and Password")
cred = cred_info.dup
cred[:user] = user
cred[:pass] = shash
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :password
create_credential_and_login(cred)
end
when /^\s*username ([^\s]+) (secret|password) (\d+) ([^\s]+)/i
user = $1
stype = $3.to_i
shash = $4
spass = $4
if stype == 5
print_good("#{thost}:#{tport} Username '#{user}' with MD5 Encrypted Password: #{shash}")
store_loot("cisco.ios.username_password_hash", "text/plain", thost, "#{user}:#{shash}", "username_password_hash.txt", "Cisco IOS Username and Password Hash (MD5)")
print_good("#{thost}:#{tport} Username '#{user}' with MD5 Encrypted Password: #{spass}")
store_loot("cisco.ios.username_password_hash", "text/plain", thost, "#{user}:#{spass}", "username_password_hash.txt", "Cisco IOS Username and Password Hash (MD5)")
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
end
if stype == 0
print_good("#{thost}:#{tport} Username '#{user}' with Password: #{shash}")
store_loot("cisco.ios.username_password", "text/plain", thost, "#{user}:#{shash}", "username_password.txt", "Cisco IOS Username and Password")
print_good("#{thost}:#{tport} Username '#{user}' with Password: #{spass}")
store_loot("cisco.ios.username_password", "text/plain", thost, "#{user}:#{spass}", "username_password.txt", "Cisco IOS Username and Password")
cred = cred_info.dup
cred[:user] = user
cred[:pass] = shash
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
end
if stype == 7
shash = cisco_ios_decrypt7(shash) rescue shash
print_good("#{thost}:#{tport} Username '#{user}' with Decrypted Password: #{shash}")
store_loot("cisco.ios.username_password", "text/plain", thost, "#{user}:#{shash}", "username_password.txt", "Cisco IOS Username and Password")
spass = cisco_ios_decrypt7(spass) rescue spass
print_good("#{thost}:#{tport} Username '#{user}' with Decrypted Password: #{spass}")
store_loot("cisco.ios.username_password", "text/plain", thost, "#{user}:#{spass}", "username_password.txt", "Cisco IOS Username and Password")
cred = cred_info.dup
cred[:user] = user
cred[:pass] = shash
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :password
create_credential_and_login(cred)
end
when /^\s*ppp.*username ([^\s]+) (secret|password) (\d+) ([^\s]+)/i
suser = $1
stype = $3.to_i
shash = $4
spass = $4
if stype == 5
print_good("#{thost}:#{tport} PPP Username #{suser} MD5 Encrypted Password: #{shash}")
store_loot("cisco.ios.ppp_username_password_hash", "text/plain", thost, "#{suser}:#{shash}", "ppp_username_password_hash.txt", "Cisco IOS PPP Username and Password Hash (MD5)")
print_good("#{thost}:#{tport} PPP Username #{suser} MD5 Encrypted Password: #{spass}")
store_loot("cisco.ios.ppp_username_password_hash", "text/plain", thost, "#{suser}:#{spass}", "ppp_username_password_hash.txt", "Cisco IOS PPP Username and Password Hash (MD5)")
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
end
if stype == 0
print_good("#{thost}:#{tport} PPP Username: #{suser} Password: #{shash}")
store_loot("cisco.ios.ppp_username_password", "text/plain", thost, "#{suser}:#{shash}", "ppp_username_password.txt", "Cisco IOS PPP Username and Password")
cred = cred_info.dup
cred[:pass] = shash
cred[:user] = suser
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
print_good("#{thost}:#{tport} PPP Username: #{suser} Password: #{spass}")
store_loot("cisco.ios.ppp_username_password", "text/plain", thost, "#{suser}:#{spass}", "ppp_username_password.txt", "Cisco IOS PPP Username and Password")
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
end
if stype == 7
shash = cisco_ios_decrypt7(shash) rescue shash
print_good("#{thost}:#{tport} PPP Username: #{suser} Decrypted Password: #{shash}")
store_loot("cisco.ios.ppp_username_password", "text/plain", thost, "#{suser}:#{shash}", "ppp_username_password.txt", "Cisco IOS PPP Username and Password")
spass = cisco_ios_decrypt7(spass) rescue spass
print_good("#{thost}:#{tport} PPP Username: #{suser} Decrypted Password: #{spass}")
store_loot("cisco.ios.ppp_username_password", "text/plain", thost, "#{suser}:#{spass}", "ppp_username_password.txt", "Cisco IOS PPP Username and Password")
cred = cred_info.dup
cred[:pass] = shash
cred[:user] = suser
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :password
create_credential_and_login(cred)
end
when /^\s*ppp chap (secret|password) (\d+) ([^\s]+)/i
stype = $2.to_i
shash = $3
spass = $3
if stype == 5
print_good("#{thost}:#{tport} PPP CHAP MD5 Encrypted Password: #{shash}")
store_loot("cisco.ios.ppp_password_hash", "text/plain", thost, shash, "ppp_password_hash.txt", "Cisco IOS PPP Password Hash (MD5)")
print_good("#{thost}:#{tport} PPP CHAP MD5 Encrypted Password: #{spass}")
store_loot("cisco.ios.ppp_password_hash", "text/plain", thost, spass, "ppp_password_hash.txt", "Cisco IOS PPP Password Hash (MD5)")
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
end
if stype == 0
print_good("#{thost}:#{tport} Password: #{shash}")
store_loot("cisco.ios.ppp_password", "text/plain", thost, shash, "ppp_password.txt", "Cisco IOS PPP Password")
print_good("#{thost}:#{tport} Password: #{spass}")
store_loot("cisco.ios.ppp_password", "text/plain", thost, spass, "ppp_password.txt", "Cisco IOS PPP Password")
cred = cred_info.dup
cred[:pass] = shash
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :nonreplayable_hash
create_credential_and_login(cred)
end
if stype == 7
shash = cisco_ios_decrypt7(shash) rescue shash
print_good("#{thost}:#{tport} PPP Decrypted Password: #{shash}")
store_loot("cisco.ios.ppp_password", "text/plain", thost, shash, "ppp_password.txt", "Cisco IOS PPP Password")
spass = cisco_ios_decrypt7(spass) rescue spass
print_good("#{thost}:#{tport} PPP Decrypted Password: #{spass}")
store_loot("cisco.ios.ppp_password", "text/plain", thost, spass, "ppp_password.txt", "Cisco IOS PPP Password")
cred = cred_info.dup
cred[:pass] = shash
cred[:type] = "password"
cred[:collect_type] = "password"
store_cred(cred)
cred = credential_data.dup
cred[:private_data] = spass
cred[:private_type] = :password
create_credential_and_login(cred)
end
end
end

831
spec/lib/msf/core/auxiliary/cisco_spec.rb Normal file
View File

@ -0,0 +1,831 @@
# -*- coding: binary -*-
require 'spec_helper'
require 'msf/core/auxiliary/cisco'
RSpec.describe Msf::Auxiliary::Cisco do
class DummyClass
include Msf::Auxiliary::Cisco
def framework
Msf::Simple::Framework.create(
'ConfigDirectory' => Rails.root.join('spec', 'dummy', 'framework', 'config').to_s,
# don't load any module paths so we can just load the module under test and save time
'DeferModuleLoads' => true
)
end
def active_db?
true
end
def print_good(str=nil)
raise StandardError.new("This method needs to be stubbed.")
end
def store_cred(hsh=nil)
raise StandardError.new("This method needs to be stubbed.")
end
def fullname
"auxiliary/scanner/snmp/cisco_dummy"
end
def myworkspace
raise StandardError.new("This method needs to be stubbed.")
end
end
subject(:aux_cisco) { DummyClass.new }
let!(:workspace) { FactoryGirl.create(:mdm_workspace) }
context '#create_credential_and_login' do
let(:session) { FactoryGirl.create(:mdm_session) }
let(:task) { FactoryGirl.create(:mdm_task, workspace: workspace)}
let(:user) { FactoryGirl.create(:mdm_user)}
subject(:test_object) { DummyClass.new }
let(:workspace) { FactoryGirl.create(:mdm_workspace) }
let(:service) { FactoryGirl.create(:mdm_service, host: FactoryGirl.create(:mdm_host, workspace: workspace)) }
let(:task) { FactoryGirl.create(:mdm_task, workspace: workspace) }
let(:login_data) {
{
address: service.host.address,
port: service.port,
service_name: service.name,
protocol: service.proto,
workspace_id: workspace.id,
origin_type: :service,
module_fullname: 'auxiliary/scanner/smb/smb_login',
realm_key: 'Active Directory Domain',
realm_value: 'contosso',
username: 'Username',
private_data: 'password',
private_type: :password,
status: Metasploit::Model::Login::Status::UNTRIED
}
}
it 'creates a Metasploit::Credential::Login' do
expect{test_object.create_credential_and_login(login_data)}.to change{Metasploit::Credential::Login.count}.by(1)
end
it "associates the Metasploit::Credential::Core with a task if passed" do
login = test_object.create_credential_and_login(login_data.merge(task_id: task.id))
expect(login.tasks).to include(task)
end
end
context '#cisco_ios_config_eater' do
before(:example) do
expect(aux_cisco).to receive(:myworkspace).and_return(workspace)
end
it 'deals with udp ports' do
expect(aux_cisco).to receive(:print_good).with('127.0.0.1:161 Unencrypted Enable Password: 1511021F0725')
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "enable password 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 161,
protocol: "udp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',161,'enable password 1511021F0725')
end
context 'Enable Password|Secret' do
it 'with password type 0' do
expect(aux_cisco).to receive(:print_good).with('127.0.0.1:1337 Enable Password: 1511021F0725')
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.enable_pass", "text/plain", "127.0.0.1", "1511021F0725", "enable_password.txt", "Cisco IOS Enable Password"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "enable password 0 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'enable password 0 1511021F0725')
end
it 'with password type 5' do
expect(aux_cisco).to receive(:print_good).with('127.0.0.1:1337 MD5 Encrypted Enable Password: 1511021F0725')
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'enable password 5 1511021F0725')
end
it 'with password type 7' do
expect(aux_cisco).to receive(:print_good).with('127.0.0.1:1337 Decrypted Enable Password: cisco')
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.enable_pass", "text/plain", "127.0.0.1", "cisco", "enable_password.txt", "Cisco IOS Enable Password"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "enable password 7 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "cisco",
private_type: :password,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'enable password 7 1511021F0725')
end
end
it 'enable password' do
expect(aux_cisco).to receive(:print_good).with('127.0.0.1:1337 Unencrypted Enable Password: 1511021F0725')
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "enable password 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'enable password 1511021F0725')
end
context 'snmp-server community' do
it 'with RO' do
expect(aux_cisco).to receive(:print_good).with('127.0.0.1:1337 SNMP Community (RO): 1511021F0725')
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 161,
protocol: "udp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :password,
status: Metasploit::Model::Login::Status::UNTRIED,
access_level: 'RO'
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'snmp-server community 1511021F0725 RO')
end
it 'with RW' do
expect(aux_cisco).to receive(:print_good).with('127.0.0.1:1337 SNMP Community (RW): 1511021F0725')
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 161,
protocol: "udp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :password,
status: Metasploit::Model::Login::Status::UNTRIED,
access_level: 'RW'
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'snmp-server community 1511021F0725 RW')
end
end
it 'password 7' do
expect(aux_cisco).to receive(:print_good).with('127.0.0.1:1337 Decrypted VTY Password: cisco')
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "password 7 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "cisco",
private_type: :password,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'password 7 1511021F0725')
end
it 'password|secret 5' do
expect(aux_cisco).to receive(:print_good).with('127.0.0.1:1337 MD5 Encrypted VTY Password: 1511021F0725')
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.vty_password", "text/plain", "127.0.0.1", "1511021F0725", "vty_password_hash.txt", "Cisco IOS VTY Password Hash (MD5)"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "password 5 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'password 5 1511021F0725')
end
it 'password 0' do
expect(aux_cisco).to receive(:print_good).with('127.0.0.1:1337 Unencrypted VTY Password: 1511021F0725')
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "password 0 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'password 0 1511021F0725')
end
it 'password' do
expect(aux_cisco).to receive(:print_good).with('127.0.0.1:1337 Unencrypted VTY Password: 1511021F0725')
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "password 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'password 1511021F0725')
end
it 'encryption key' do
expect(aux_cisco).to receive(:print_good).with('127.0.0.1:1337 Wireless WEP Key: 1511021F0725')
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "encryption key 777 size 8bit 8 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.wireless_wep", "text/plain", "127.0.0.1", "1511021F0725", "wireless_wep.txt", "Cisco IOS Wireless WEP Key"
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'encryption key 777 size 8bit 8 1511021F0725')
end
context 'wpa-psk' do
it 'with password type 0' do
expect(aux_cisco).to receive(:print_good).with('127.0.0.1:1337 Wireless WPA-PSK Password: 1511021F0725')
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "wpa-psk ascii 0 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.wireless_wpapsk", "text/plain", "127.0.0.1", "1511021F0725", "wireless_wpapsk.txt", "Cisco IOS Wireless WPA-PSK Password"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'wpa-psk ascii 0 1511021F0725')
end
it 'with password type 5' do
expect(aux_cisco).to receive(:print_good).with('127.0.0.1:1337 Wireless WPA-PSK MD5 Password Hash: 1511021F0725')
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "wpa-psk ascii 5 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.wireless_wpapsk_hash", "text/plain", "127.0.0.1", "1511021F0725", "wireless_wpapsk_hash.txt", "Cisco IOS Wireless WPA-PSK Password Hash (MD5)"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'wpa-psk ascii 5 1511021F0725')
end
it 'with password type 7' do
expect(aux_cisco).to receive(:print_good).with('127.0.0.1:1337 Wireless WPA-PSK Decrypted Password: cisco')
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "wpa-psk ascii 7 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.wireless_wpapsk", "text/plain", "127.0.0.1", "cisco", "wireless_wpapsk.txt", "Cisco IOS Wireless WPA-PSK Decrypted Password"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "cisco",
private_type: :password,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'wpa-psk ascii 7 1511021F0725')
end
end
it 'crypto isakmp key' do
expect(aux_cisco).to receive(:print_good).with("127.0.0.1:1337 VPN IPSEC ISAKMP Key '1511021F0725' Host 'someaddress'")
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "crypto isakmp key 1511021F0725 address someaddress", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.vpn_ipsec_key", "text/plain", "127.0.0.1", "1511021F0725", "vpn_ipsec_key.txt", "Cisco VPN IPSEC Key"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'crypto isakmp key 1511021F0725 address someaddress')
end
it 'interface tunnel' do
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "interface tunnel7", "config.txt", "Cisco IOS Configuration"
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'interface tunnel7')
end
it 'tunnel key' do
expect(aux_cisco).to receive(:print_good).with("127.0.0.1:1337 GRE Tunnel Key 1511021F0725 for Interface Tunnel ")
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.gre_tunnel_key", "text/plain", "127.0.0.1", "tunnel_1511021F0725", "gre_tunnel_key.txt", "Cisco GRE Tunnel Key"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "tunnel key 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'tunnel key 1511021F0725')
end
it 'ip nhrp authentication' do
expect(aux_cisco).to receive(:print_good).with("127.0.0.1:1337 NHRP Authentication Key 1511021F0725 for Interface Tunnel ")
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "ip nhrp authentication 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.nhrp_tunnel_key", "text/plain", "127.0.0.1", "tunnel_1511021F0725", "nhrp_tunnel_key.txt", "Cisco NHRP Authentication Key"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'ip nhrp authentication 1511021F0725')
end
context 'username privilege secret' do
it 'with password type 0' do
expect(aux_cisco).to receive(:print_good).with("127.0.0.1:1337 Username 'someusername' with Password: 1511021F0725")
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "username someusername privilege 0 secret 0 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.username_password", "text/plain", "127.0.0.1", "someusername_level0:1511021F0725", "username_password.txt", "Cisco IOS Username and Password"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'username someusername privilege 0 secret 0 1511021F0725')
end
it 'with password type 5' do
expect(aux_cisco).to receive(:print_good).with("127.0.0.1:1337 Username 'someusername' with MD5 Encrypted Password: 1511021F0725")
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "username someusername privilege 0 secret 5 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.username_password_hash", "text/plain", "127.0.0.1", "someusername_level0:1511021F0725",
"username_password_hash.txt", "Cisco IOS Username and Password Hash (MD5)"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'username someusername privilege 0 secret 5 1511021F0725')
end
it 'with password type 7' do
expect(aux_cisco).to receive(:print_good).with("127.0.0.1:1337 Username 'someusername' with Decrypted Password: cisco")
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "username someusername privilege 0 secret 7 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.username_password", "text/plain", "127.0.0.1", "someusername_level0:cisco", "username_password.txt", "Cisco IOS Username and Password"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "cisco",
private_type: :password,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'username someusername privilege 0 secret 7 1511021F0725')
end
end
context 'username secret' do
it 'with password type 0' do
expect(aux_cisco).to receive(:print_good).with("127.0.0.1:1337 Username 'someusername' with Password: 1511021F0725")
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "username someusername secret 0 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.username_password", "text/plain", "127.0.0.1", "someusername:1511021F0725", "username_password.txt",
"Cisco IOS Username and Password"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'username someusername secret 0 1511021F0725')
end
it 'with password type 5' do
expect(aux_cisco).to receive(:print_good).with("127.0.0.1:1337 Username 'someusername' with MD5 Encrypted Password: 1511021F0725")
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "username someusername secret 5 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.username_password_hash", "text/plain", "127.0.0.1", "someusername:1511021F0725", "username_password_hash.txt",
"Cisco IOS Username and Password Hash (MD5)"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'username someusername secret 5 1511021F0725')
end
it 'with password type 7' do
expect(aux_cisco).to receive(:print_good).with("127.0.0.1:1337 Username 'someusername' with Decrypted Password: cisco")
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "username someusername secret 7 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.username_password", "text/plain", "127.0.0.1", "someusername:cisco", "username_password.txt",
"Cisco IOS Username and Password"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "cisco",
private_type: :password,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'username someusername secret 7 1511021F0725')
end
end
context 'ppp.*username secret' do
it 'with password type 0' do
expect(aux_cisco).to receive(:print_good).with("127.0.0.1:1337 PPP Username: someusername Password: 1511021F0725")
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "ppp123username someusername secret 0 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.ppp_username_password", "text/plain", "127.0.0.1", "someusername:1511021F0725", "ppp_username_password.txt",
"Cisco IOS PPP Username and Password"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'ppp123username someusername secret 0 1511021F0725')
end
it 'with password type 5' do
expect(aux_cisco).to receive(:print_good).with("127.0.0.1:1337 PPP Username someusername MD5 Encrypted Password: 1511021F0725")
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "ppp123username someusername secret 5 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.ppp_username_password_hash", "text/plain", "127.0.0.1", "someusername:1511021F0725", "ppp_username_password_hash.txt",
"Cisco IOS PPP Username and Password Hash (MD5)"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'ppp123username someusername secret 5 1511021F0725')
end
it 'with password type 7' do
expect(aux_cisco).to receive(:print_good).with("127.0.0.1:1337 PPP Username: someusername Decrypted Password: cisco")
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "ppp123username someusername secret 7 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.ppp_username_password", "text/plain", "127.0.0.1", "someusername:cisco", "ppp_username_password.txt",
"Cisco IOS PPP Username and Password"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "cisco",
private_type: :password,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'ppp123username someusername secret 7 1511021F0725')
end
end
context 'ppp chap secret' do
it 'with password type 0' do
expect(aux_cisco).to receive(:print_good).with("127.0.0.1:1337 Password: 1511021F0725")
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "ppp chap secret 0 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.ppp_password", "text/plain", "127.0.0.1", "1511021F0725", "ppp_password.txt", "Cisco IOS PPP Password"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'ppp chap secret 0 1511021F0725')
end
it 'with password type 5' do
expect(aux_cisco).to receive(:print_good).with("127.0.0.1:1337 PPP CHAP MD5 Encrypted Password: 1511021F0725")
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "ppp chap secret 5 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.ppp_password_hash", "text/plain", "127.0.0.1", "1511021F0725", "ppp_password_hash.txt",
"Cisco IOS PPP Password Hash (MD5)"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "1511021F0725",
private_type: :nonreplayable_hash,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'ppp chap secret 5 1511021F0725')
end
it 'with password type 7' do
expect(aux_cisco).to receive(:print_good).with("127.0.0.1:1337 PPP Decrypted Password: cisco")
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.config", "text/plain", "127.0.0.1", "ppp chap secret 7 1511021F0725", "config.txt", "Cisco IOS Configuration"
)
expect(aux_cisco).to receive(:store_loot).with(
"cisco.ios.ppp_password", "text/plain", "127.0.0.1", "cisco", "ppp_password.txt", "Cisco IOS PPP Password"
)
expect(aux_cisco).to receive(:create_credential_and_login).with(
{
address: "127.0.0.1",
port: 1337,
protocol: "tcp",
workspace_id: workspace.id,
origin_type: :service,
service_name: '',
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
private_data: "cisco",
private_type: :password,
status: Metasploit::Model::Login::Status::UNTRIED
}
)
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'ppp chap secret 7 1511021F0725')
end
end
end
end