mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-29 18:07:27 +01:00
Massive whitespace cleanup
This commit is contained in:
parent
7c77fe20cc
commit
aeb691bbee
@ -282,4 +282,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -280,4 +280,4 @@ class Metasploit3 < Msf::Auxiliary
|
||||
return stub
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
@ -82,4 +82,4 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
disconnect
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -87,4 +87,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -153,4 +153,4 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
disconnect
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -58,4 +58,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -64,4 +64,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -155,4 +155,4 @@ class Metasploit4 < Msf::Auxiliary
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
@ -139,4 +139,4 @@ class Metasploit4 < Msf::Auxiliary
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
@ -208,4 +208,4 @@ class Metasploit4 < Msf::Auxiliary
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
@ -42,4 +42,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
mssql_xpcmdshell(datastore['CMD'], true) if mssql_login_datastore
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -230,4 +230,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
disconnect
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -216,4 +216,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -45,4 +45,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -75,4 +75,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -62,4 +62,4 @@ class Metasploit3 < Msf::Auxiliary
|
||||
disconnect
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
@ -95,5 +95,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
||||
|
@ -72,4 +72,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -74,4 +74,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -222,4 +222,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -23,8 +23,8 @@ class Metasploit3 < Msf::Auxiliary
|
||||
super(
|
||||
'Name' => 'VMWare Power Off Virtual Machine',
|
||||
'Description' => %Q{
|
||||
This module will log into the Web API of VMWare and try to power off
|
||||
a specified Virtual Machine.},
|
||||
This module will log into the Web API of VMWare and try to power off
|
||||
a specified Virtual Machine.},
|
||||
'Author' => ['TheLightCosine <thelightcosine[at]metasploit.com>'],
|
||||
'License' => MSF_LICENSE
|
||||
)
|
||||
@ -66,10 +66,4 @@ class Metasploit3 < Msf::Auxiliary
|
||||
return
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
end
|
||||
|
||||
|
@ -73,4 +73,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
|
||||
end
|
||||
|
||||
|
@ -23,9 +23,10 @@ class Metasploit3 < Msf::Auxiliary
|
||||
super(
|
||||
'Name' => 'VMWare Tag Virtual Machine',
|
||||
'Description' => %Q{
|
||||
This module will log into the Web API of VMWare and
|
||||
'tag' a specified Virtual Machine. It does this by
|
||||
logging a user event with user supplied text},
|
||||
This module will log into the Web API of VMWare and
|
||||
'tag' a specified Virtual Machine. It does this by
|
||||
logging a user event with user supplied text
|
||||
},
|
||||
'Author' => ['TheLightCosine <thelightcosine[at]metasploit.com>'],
|
||||
'License' => MSF_LICENSE
|
||||
)
|
||||
@ -72,9 +73,4 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
end
|
||||
|
||||
|
@ -23,8 +23,8 @@ class Metasploit3 < Msf::Auxiliary
|
||||
super(
|
||||
'Name' => 'VMWare Terminate ESX Login Sessions',
|
||||
'Description' => %Q{
|
||||
This module will log into the Web API of VMWare and try to terminate
|
||||
user login sessions as specified by the session keys.},
|
||||
This module will log into the Web API of VMWare and try to terminate
|
||||
user login sessions as specified by the session keys.},
|
||||
'Author' => ['TheLightCosine <thelightcosine[at]metasploit.com>'],
|
||||
'License' => MSF_LICENSE
|
||||
)
|
||||
@ -60,8 +60,4 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
|
||||
|
||||
end
|
||||
|
||||
|
@ -114,4 +114,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
wdbrpc_client_disconnect
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -96,4 +96,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -116,4 +116,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -66,4 +66,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -84,4 +84,4 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
@ -160,4 +160,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -158,4 +158,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -153,4 +153,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
return target_mac
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -6,7 +6,7 @@
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# http://metasploit.com/
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
@ -36,7 +36,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
[ 'URL', 'http://www.slideshare.net/claudijd/dc-skytalk-bnat-hijacking-repairing-broken-communication-channels'],
|
||||
]
|
||||
)
|
||||
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('PORTS', [true, "Ports to scan (e.g. 22-25,80,110-900)", "21,22,23,80,443"]),
|
||||
@ -49,42 +49,41 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
def probe_reply(pcap, to)
|
||||
reply = nil
|
||||
begin
|
||||
Timeout.timeout(to) do
|
||||
pcap.each do |r|
|
||||
pkt = PacketFu::Packet.parse(r)
|
||||
next unless pkt.is_tcp?
|
||||
reply = pkt
|
||||
break
|
||||
end
|
||||
end
|
||||
rescue Timeout::Error
|
||||
end
|
||||
return reply
|
||||
reply = nil
|
||||
begin
|
||||
Timeout.timeout(to) do
|
||||
pcap.each do |r|
|
||||
pkt = PacketFu::Packet.parse(r)
|
||||
next unless pkt.is_tcp?
|
||||
reply = pkt
|
||||
break
|
||||
end
|
||||
end
|
||||
rescue Timeout::Error
|
||||
end
|
||||
return reply
|
||||
end
|
||||
|
||||
def generate_probe(ip)
|
||||
ftypes = %w{windows, linux, freebsd}
|
||||
@flavor = ftypes[rand(ftypes.length)]
|
||||
config = PacketFu::Utils.whoami?(:iface => datastore['INTERFACE'])
|
||||
p = PacketFu::TCPPacket.new(:config => config)
|
||||
p.ip_daddr = ip
|
||||
p.tcp_flags.syn = 1
|
||||
ftypes = %w{windows, linux, freebsd}
|
||||
@flavor = ftypes[rand(ftypes.length)]
|
||||
config = PacketFu::Utils.whoami?(:iface => datastore['INTERFACE'])
|
||||
p = PacketFu::TCPPacket.new(:config => config)
|
||||
p.ip_daddr = ip
|
||||
p.tcp_flags.syn = 1
|
||||
return p
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
|
||||
open_pcap
|
||||
|
||||
|
||||
to = (datastore['TIMEOUT'] || 500).to_f / 1000.0
|
||||
|
||||
p = generate_probe(ip)
|
||||
pcap = self.capture
|
||||
|
||||
ports = Rex::Socket.portspec_crack(datastore['PORTS'])
|
||||
|
||||
|
||||
ports.each_with_index do |port,i|
|
||||
p.tcp_dst = port
|
||||
p.tcp_src = rand(64511)+1024
|
||||
@ -96,12 +95,11 @@ class Metasploit3 < Msf::Auxiliary
|
||||
capture_sendto(p, ip)
|
||||
reply = probe_reply(pcap, to)
|
||||
next if reply.nil?
|
||||
|
||||
print_status("[BNAT RESPONSE] Requested IP: #{ip} Responding IP: #{reply.ip_saddr} Port: #{reply.tcp_src}")
|
||||
end
|
||||
|
||||
close_pcap
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
print_status("[BNAT RESPONSE] Requested IP: #{ip} Responding IP: #{reply.ip_saddr} Port: #{reply.tcp_src}")
|
||||
end
|
||||
|
||||
close_pcap
|
||||
end
|
||||
|
||||
end
|
||||
|
@ -451,11 +451,3 @@ class BaseParser
|
||||
self.crawler.cinipath
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -59,4 +59,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
print_status("Avahi should be down now")
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -69,4 +69,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -71,4 +71,4 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
disconnect
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -63,7 +63,7 @@ cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010213
|
||||
TCATSysSrv+0x14f6a:
|
||||
00414f6a 66833802 cmp word ptr [eax],2 ds:0023:02a1f9cf=????
|
||||
0:016> k
|
||||
ChildEBP RetAddr
|
||||
ChildEBP RetAddr
|
||||
WARNING: Stack unwind information not available. Following frames may be wrong.
|
||||
02a0f7f8 71ab265b TCATSysSrv+0x14f6a
|
||||
02a0f80c 71ab4a9e WS2_32!Prolog_v1+0x21
|
||||
@ -73,4 +73,4 @@ WARNING: Stack unwind information not available. Following frames may be wrong.
|
||||
02a0f938 71ad303a WS2_32!WSARecvFrom+0x7d
|
||||
02a0f96c 00414b92 WSOCK32!recvfrom+0x39
|
||||
02a0f988 00000000 TCATSysSrv+0x14b92
|
||||
=end
|
||||
=end
|
||||
|
@ -52,4 +52,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
disconnect_udp
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -74,4 +74,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
close_pcap
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -115,4 +115,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
frame[16,6] = eton(addr) if addr
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -165,4 +165,3 @@ bf87c9d9 0f82cf000000 jb win32k!bComputeIDs+0x1be (bf87caae)
|
||||
bf87c9df 8a6702 mov ah,byte ptr [edi+2] <--- the crash above
|
||||
|
||||
=end
|
||||
|
||||
|
@ -51,4 +51,4 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
@ -49,4 +49,4 @@ class Metasploit3 < Msf::Auxiliary
|
||||
disconnect
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
@ -110,4 +110,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
disconnect_udp
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -57,4 +57,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -67,4 +67,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
client.close
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -44,4 +44,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
disconnect_udp
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -498,4 +498,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -48,13 +48,13 @@ class Metasploit3 < Msf::Auxiliary
|
||||
OptBool.new('EXTRALINE', [ true, "Add extra CRLF's in response to LIST",true])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
||||
|
||||
|
||||
# Not compatible today
|
||||
def support_ipv6?
|
||||
false
|
||||
end
|
||||
|
||||
|
||||
|
||||
#---------------------------------------------------------------------------------
|
||||
def setup
|
||||
|
@ -93,4 +93,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
datastore['URIBASE']
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -90,4 +90,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
datastore['URIBASE']
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -351,7 +351,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
print_status("Filing Date: " + filing_date)
|
||||
print_status("10K Filing Form: " + form10k)
|
||||
print_status("SEC 21 Form: " + sec21)
|
||||
print_status("Company is active filer: " + (is_filer == "1" ? "true" : "false"))
|
||||
print_status("Company is active filer: " + (is_filer == "1" ? "true" : "false"))
|
||||
}
|
||||
end
|
||||
end
|
||||
|
@ -507,4 +507,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -122,4 +122,4 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
return status
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -122,4 +122,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -91,4 +91,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
|
||||
end
|
||||
|
||||
|
@ -314,4 +314,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
|
||||
end
|
||||
|
||||
|
@ -52,7 +52,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
@probes << 'probe_pkt_db2disco'
|
||||
@probes << 'probe_pkt_citrix'
|
||||
@probes << 'probe_pkt_pca_st'
|
||||
@probes << 'probe_pkt_pca_nq'
|
||||
@probes << 'probe_pkt_pca_nq'
|
||||
|
||||
end
|
||||
|
||||
@ -107,13 +107,13 @@ class Metasploit3 < Msf::Auxiliary
|
||||
rescue ::Exception => e
|
||||
print_error("Unknown error: #{@thost}:#{@tport} #{e.class} #{e} #{e.backtrace}")
|
||||
end
|
||||
|
||||
|
||||
@results.each_key do |k|
|
||||
next if not @results[k].respond_to?('keys')
|
||||
data = @results[k]
|
||||
|
||||
|
||||
next unless inside_workspace_boundary?(data[:host])
|
||||
|
||||
|
||||
conf = {
|
||||
:host => data[:host],
|
||||
:port => data[:port],
|
||||
@ -121,7 +121,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
:name => data[:app],
|
||||
:info => data[:info]
|
||||
}
|
||||
|
||||
|
||||
if data[:hname]
|
||||
conf[:host_name] = data[:hname].downcase
|
||||
end
|
||||
@ -129,7 +129,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
if data[:mac]
|
||||
conf[:mac] = data[:mac].downcase
|
||||
end
|
||||
|
||||
|
||||
report_service(conf)
|
||||
print_status("Discovered #{data[:app]} on #{k} (#{data[:info]})")
|
||||
end
|
||||
@ -140,7 +140,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
# The response parsers
|
||||
#
|
||||
def parse_reply(pkt)
|
||||
|
||||
|
||||
# Ignore "empty" packets
|
||||
return if not pkt[1]
|
||||
|
||||
@ -154,7 +154,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
hname = nil
|
||||
|
||||
hkey = "#{pkt[1]}:#{pkt[2]}"
|
||||
|
||||
|
||||
# Work with protocols that return different data in different packets
|
||||
# These are reported at the end of the scanning loop to build state
|
||||
case pkt[2]
|
||||
@ -162,25 +162,25 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
@results[hkey] ||= {}
|
||||
data = @results[hkey]
|
||||
|
||||
|
||||
data[:app] = "pcAnywhere"
|
||||
data[:port] = pkt[2]
|
||||
data[:host] = pkt[1]
|
||||
|
||||
case pkt[0]
|
||||
|
||||
|
||||
when /^NR(........................)(........)/
|
||||
name = $1.dup
|
||||
caps = $2.dup
|
||||
caps = $2.dup
|
||||
name = name.gsub(/_+$/, '').gsub("\x00", '').strip
|
||||
caps = caps.gsub(/_+$/, '').gsub("\x00", '').strip
|
||||
data[:name] = name
|
||||
data[:caps] = caps
|
||||
|
||||
|
||||
when /^ST(.+)/
|
||||
buff = $1.dup
|
||||
stat = 'Unknown'
|
||||
|
||||
|
||||
if buff[2,1].unpack("C")[0] == 67
|
||||
stat = "Available"
|
||||
end
|
||||
@ -188,29 +188,28 @@ class Metasploit3 < Msf::Auxiliary
|
||||
if buff[2,1].unpack("C")[0] == 11
|
||||
stat = "Busy"
|
||||
end
|
||||
|
||||
|
||||
data[:stat] = stat
|
||||
end
|
||||
|
||||
|
||||
if data[:name]
|
||||
inf << "Name: #{data[:name]} "
|
||||
end
|
||||
|
||||
|
||||
if data[:stat]
|
||||
inf << "- #{data[:stat]} "
|
||||
end
|
||||
|
||||
if data[:caps]
|
||||
inf << "( #{data[:caps]} ) "
|
||||
end
|
||||
data[:info] = inf
|
||||
end
|
||||
data[:info] = inf
|
||||
end
|
||||
|
||||
|
||||
|
||||
# Ignore duplicates for the protocols below
|
||||
return if @results[hkey]
|
||||
|
||||
|
||||
case pkt[2]
|
||||
|
||||
when 53
|
||||
@ -271,7 +270,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
hname = names[0][0]
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
@results[hkey] = true
|
||||
|
||||
when 111
|
||||
@ -344,7 +343,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
app = 'citrix-ica'
|
||||
return unless citrix_parse(pkt[0])
|
||||
@results[hkey] = true
|
||||
|
||||
|
||||
end
|
||||
|
||||
return unless inside_workspace_boundary?(pkt[1])
|
||||
@ -513,10 +512,9 @@ class Metasploit3 < Msf::Auxiliary
|
||||
def probe_pkt_pca_st(ip)
|
||||
return ["ST", 5632]
|
||||
end
|
||||
|
||||
|
||||
def probe_pkt_pca_nq(ip)
|
||||
return ["NQ", 5632]
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -54,7 +54,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
@probes << 'probe_pkt_citrix'
|
||||
@probes << 'probe_pkt_pca_st'
|
||||
@probes << 'probe_pkt_pca_nq'
|
||||
|
||||
|
||||
end
|
||||
|
||||
def setup
|
||||
@ -74,7 +74,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
# Fingerprint a single host
|
||||
def run_batch(batch)
|
||||
@results = {}
|
||||
|
||||
|
||||
print_status("Sending #{@probes.length} probes to #{batch[0]}->#{batch[-1]} (#{batch.length} hosts)")
|
||||
|
||||
begin
|
||||
@ -143,9 +143,9 @@ class Metasploit3 < Msf::Auxiliary
|
||||
@results.each_key do |k|
|
||||
next if not @results[k].respond_to?('keys')
|
||||
data = @results[k]
|
||||
|
||||
|
||||
next unless inside_workspace_boundary?(data[:host])
|
||||
|
||||
|
||||
conf = {
|
||||
:host => data[:host],
|
||||
:port => data[:port],
|
||||
@ -153,7 +153,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
:name => data[:app],
|
||||
:info => data[:info]
|
||||
}
|
||||
|
||||
|
||||
if data[:hname]
|
||||
conf[:host_name] = data[:hname].downcase
|
||||
end
|
||||
@ -161,11 +161,11 @@ class Metasploit3 < Msf::Auxiliary
|
||||
if data[:mac]
|
||||
conf[:mac] = data[:mac].downcase
|
||||
end
|
||||
|
||||
|
||||
report_service(conf)
|
||||
print_status("Discovered #{data[:app]} on #{k} (#{data[:info]})")
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
|
||||
|
||||
@ -189,8 +189,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
inf = ''
|
||||
maddr = nil
|
||||
hname = nil
|
||||
|
||||
|
||||
|
||||
# Work with protocols that return different data in different packets
|
||||
# These are reported at the end of the scanning loop to build state
|
||||
case pkt[2]
|
||||
@ -198,21 +197,21 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
@results[hkey] ||= {}
|
||||
data = @results[hkey]
|
||||
|
||||
|
||||
data[:app] = "pcAnywhere"
|
||||
data[:port] = pkt[2]
|
||||
data[:host] = pkt[1]
|
||||
|
||||
case pkt[0]
|
||||
|
||||
|
||||
when /^NR(........................)(........)/
|
||||
name = $1.dup
|
||||
caps = $2.dup
|
||||
caps = $2.dup
|
||||
name = name.gsub(/_+$/, '').gsub("\x00", '').strip
|
||||
caps = caps.gsub(/_+$/, '').gsub("\x00", '').strip
|
||||
data[:name] = name
|
||||
data[:caps] = caps
|
||||
|
||||
|
||||
when /^ST(.+)/
|
||||
buff = $1.dup
|
||||
stat = 'Unknown'
|
||||
@ -224,14 +223,14 @@ class Metasploit3 < Msf::Auxiliary
|
||||
if buff[2,1].unpack("C")[0] == 11
|
||||
stat = "Busy"
|
||||
end
|
||||
|
||||
|
||||
data[:stat] = stat
|
||||
end
|
||||
|
||||
|
||||
if data[:name]
|
||||
inf << "Name: #{data[:name]} "
|
||||
end
|
||||
|
||||
|
||||
if data[:stat]
|
||||
inf << "- #{data[:stat]} "
|
||||
end
|
||||
@ -239,9 +238,9 @@ class Metasploit3 < Msf::Auxiliary
|
||||
if data[:caps]
|
||||
inf << "( #{data[:caps]} ) "
|
||||
end
|
||||
data[:info] = inf
|
||||
data[:info] = inf
|
||||
end
|
||||
|
||||
|
||||
# Ignore duplicates
|
||||
return if @results[hkey]
|
||||
|
||||
@ -260,7 +259,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
ver = pkt[0].unpack('H*')[0] if not ver
|
||||
inf = ver if ver
|
||||
|
||||
|
||||
@results[hkey] = true
|
||||
|
||||
when 137
|
||||
@ -306,7 +305,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
hname = names[0][0]
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
@results[hkey] = true
|
||||
|
||||
when 111
|
||||
@ -328,7 +327,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
)
|
||||
end
|
||||
inf = svc.join(", ")
|
||||
|
||||
|
||||
@results[hkey] = true
|
||||
|
||||
when 123
|
||||
@ -340,7 +339,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
ver = 'NTP v4 (unsynchronized)' if (ver =~ /^e40/)
|
||||
ver = 'Microsoft NTP' if (ver =~ /^dc00|^dc0f/)
|
||||
inf = ver if ver
|
||||
|
||||
|
||||
@results[hkey] = true
|
||||
|
||||
when 1434
|
||||
@ -350,7 +349,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
}
|
||||
|
||||
@results[hkey] = true
|
||||
|
||||
|
||||
when 161
|
||||
app = 'SNMP'
|
||||
asn = OpenSSL::ASN1.decode(pkt[0]) rescue nil
|
||||
@ -368,7 +367,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
inf = snmp_info
|
||||
com = snmp_comm
|
||||
|
||||
@results[hkey] = true
|
||||
@results[hkey] = true
|
||||
|
||||
when 5093
|
||||
app = 'Sentinel'
|
||||
@ -382,7 +381,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
when 1604
|
||||
app = 'citrix-ica'
|
||||
return unless citrix_parse(pkt[0])
|
||||
@results[hkey] = true
|
||||
@results[hkey] = true
|
||||
|
||||
end
|
||||
|
||||
@ -547,14 +546,13 @@ class Metasploit3 < Msf::Auxiliary
|
||||
"\x00\x00\x00\x00"
|
||||
return [data, 1604]
|
||||
end
|
||||
|
||||
|
||||
def probe_pkt_pca_st(ip)
|
||||
return ["ST", 5632]
|
||||
end
|
||||
|
||||
|
||||
def probe_pkt_pca_nq(ip)
|
||||
return ["NQ", 5632]
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -190,4 +190,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -53,4 +53,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -34,7 +34,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('PATH', [ true, "The path/file to identify backups", '/index.asp']),
|
||||
OptString.new('PATH', [ true, "The path/file to identify backups", '/index.asp'])
|
||||
], self.class)
|
||||
|
||||
end
|
||||
|
@ -86,7 +86,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
"'%20OR%20'#{rnum}'%3D'#{rnum+1}'--"
|
||||
]
|
||||
]
|
||||
|
||||
|
||||
# Creating strings with true and false values
|
||||
valstr = []
|
||||
inivalstr.each do |vstr|
|
||||
@ -97,7 +97,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
# With false values, appending '0' to real value
|
||||
valstr << ['False num '+vstr[0],'0'+vstr[1],'0'+vstr[2]]
|
||||
end
|
||||
|
||||
|
||||
#valstr.each do |v|
|
||||
# print_status("#{v[0]}")
|
||||
# print_status("#{v[1]}")
|
||||
@ -130,13 +130,13 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
verifynr=2
|
||||
|
||||
|
||||
i=0
|
||||
k=0
|
||||
c=0
|
||||
|
||||
|
||||
normalres = nil
|
||||
|
||||
|
||||
verifynr.times do |j|
|
||||
#SEND NORMAL REQUEST
|
||||
begin
|
||||
@ -162,19 +162,19 @@ class Metasploit3 < Msf::Auxiliary
|
||||
else
|
||||
if k != normalres.body.length
|
||||
print_error("Normal response body vary")
|
||||
return
|
||||
return
|
||||
end
|
||||
if c != normalres.code.to_i
|
||||
print_error("Normal response code vary")
|
||||
return
|
||||
return
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
print_status("[Normal response body: #{k} code: #{c}]")
|
||||
|
||||
pinj = false
|
||||
pinj = false
|
||||
|
||||
valstr.each do |tarr|
|
||||
#QUERY
|
||||
@ -186,7 +186,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
testgvars = queryparse(datastore['QUERY']) #Now its a Hash
|
||||
testgvars[key] = testgvars[key]+tarr[1]
|
||||
t = testgvars[key]
|
||||
|
||||
|
||||
begin
|
||||
trueres = send_request_cgi({
|
||||
'uri' => datastore['PATH'],
|
||||
@ -199,11 +199,11 @@ class Metasploit3 < Msf::Auxiliary
|
||||
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
||||
rescue ::Timeout::Error, ::Errno::EPIPE
|
||||
end
|
||||
|
||||
|
||||
#SEND FALSE REQUEST
|
||||
testgvars = queryparse(datastore['QUERY']) #Now its a Hash
|
||||
testgvars[key] = testgvars[key]+tarr[2]
|
||||
|
||||
|
||||
begin
|
||||
falseres = send_request_cgi({
|
||||
'uri' => datastore['PATH'],
|
||||
@ -215,22 +215,22 @@ class Metasploit3 < Msf::Auxiliary
|
||||
}, 20)
|
||||
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
||||
rescue ::Timeout::Error, ::Errno::EPIPE
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
pinja = false
|
||||
pinjb = false
|
||||
pinjc = false
|
||||
pinjd = false
|
||||
|
||||
|
||||
pinja = detection_a(normalres,trueres,falseres,tarr)
|
||||
pinjb = detection_b(normalres,trueres,falseres,tarr)
|
||||
pinjc = detection_c(normalres,trueres,falseres,tarr)
|
||||
pinjd = detection_d(normalres,trueres,falseres,tarr)
|
||||
|
||||
|
||||
if pinja or pinjb or pinjc or pinjd
|
||||
print_error("Possible #{tarr[0]} Blind SQL Injection Found #{datastore['PATH']} #{key}")
|
||||
print_error("[#{t}]")
|
||||
|
||||
|
||||
report_web_vuln(
|
||||
:host => ip,
|
||||
:port => rport,
|
||||
@ -251,7 +251,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
#DATA
|
||||
if pvars
|
||||
pvars.each do |key,value|
|
||||
@ -282,7 +282,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
||||
rescue ::Timeout::Error, ::Errno::EPIPE
|
||||
end
|
||||
|
||||
|
||||
#SEND FALSE REQUEST
|
||||
testpvars = queryparse(datastore['DATA']) #Now its a Hash
|
||||
testpvars[key] = testpvars[key]+tarr[2]
|
||||
@ -312,16 +312,16 @@ class Metasploit3 < Msf::Auxiliary
|
||||
pinjb = false
|
||||
pinjc = false
|
||||
pinjd = false
|
||||
|
||||
|
||||
pinja = detection_a(normalres,trueres,falseres,tarr)
|
||||
pinjb = detection_b(normalres,trueres,falseres,tarr)
|
||||
pinjc = detection_c(normalres,trueres,falseres,tarr)
|
||||
pinjd = detection_d(normalres,trueres,falseres,tarr)
|
||||
|
||||
|
||||
if pinja or pinjb or pinjc or pinjd
|
||||
print_error("Possible #{tarr[0]} Blind SQL Injection Found #{datastore['PATH']} #{key}")
|
||||
print_error("[#{t}]")
|
||||
|
||||
|
||||
report_web_vuln(
|
||||
:host => ip,
|
||||
:port => rport,
|
||||
@ -344,26 +344,26 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
def detection_a(normalr,truer,falser,tarr)
|
||||
# print_status("A")
|
||||
|
||||
|
||||
# DETECTION A
|
||||
# Very simple way to compare responses, this can be improved alot , at this time just the simple way
|
||||
|
||||
|
||||
if normalr and truer
|
||||
#Very simple way to compare responses, this can be improved alot , at this time just the simple way
|
||||
reltruesize = truer.body.length-(truer.body.scan(/#{tarr[1]}/).length*tarr[1].length)
|
||||
normalsize = normalr.body.length
|
||||
|
||||
|
||||
#print_status("normalsize #{normalsize} truesize #{reltruesize}")
|
||||
|
||||
|
||||
if reltruesize == normalsize
|
||||
if falser
|
||||
relfalsesize = falser.body.length-(falser.body.scan(/#{tarr[2]}/).length*tarr[2].length)
|
||||
|
||||
#print_status("falsesize #{relfalsesize}")
|
||||
|
||||
#print_status("falsesize #{relfalsesize}")
|
||||
|
||||
if reltruesize > relfalsesize
|
||||
print_status("Detected by test A")
|
||||
return true
|
||||
@ -379,20 +379,20 @@ class Metasploit3 < Msf::Auxiliary
|
||||
else
|
||||
print_status("No response.")
|
||||
end
|
||||
|
||||
|
||||
return false
|
||||
end
|
||||
|
||||
|
||||
def detection_b(normalr,truer,falser,tarr)
|
||||
# print_status("B")
|
||||
|
||||
|
||||
# DETECTION B
|
||||
# Variance on res body
|
||||
|
||||
if normalr and truer
|
||||
|
||||
if normalr and truer
|
||||
if falser
|
||||
#print_status("N: #{normalr.body.length} T: #{truer.body.length} F: #{falser.body.length} T1: #{tarr[1].length} F2: #{tarr[2].length} #{tarr[1].length+tarr[2].length}")
|
||||
|
||||
|
||||
if (truer.body.length-tarr[1].length) != normalr.body.length and (falser.body.length-tarr[2].length) == normalr.body.length
|
||||
print_status("Detected by test B")
|
||||
return true
|
||||
@ -403,17 +403,17 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
return false
|
||||
end
|
||||
|
||||
|
||||
def detection_c(normalr,truer,falser,tarr)
|
||||
# print_status("C")
|
||||
|
||||
|
||||
# DETECTION C
|
||||
# Variance on res code of true or false statements
|
||||
|
||||
if normalr and truer
|
||||
|
||||
if normalr and truer
|
||||
if falser
|
||||
if truer.code.to_i != normalr.code.to_i and falser.code.to_i == normalr.code.to_i
|
||||
print_status("Detected by test C")
|
||||
@ -425,26 +425,26 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
return false
|
||||
end
|
||||
|
||||
|
||||
def detection_d(normalr,truer,falser,tarr)
|
||||
# print_status("D")
|
||||
|
||||
|
||||
# DETECTION D
|
||||
# Variance PERCENTAGE MIN MAX on res body
|
||||
|
||||
|
||||
# 2% 50%
|
||||
max_diff_perc = 2
|
||||
min_diff_perc = 50
|
||||
|
||||
if normalr and truer
|
||||
max_diff_perc = 2
|
||||
min_diff_perc = 50
|
||||
|
||||
if normalr and truer
|
||||
if falser
|
||||
nl= normalr.body.length
|
||||
tl= truer.body.length
|
||||
fl= falser.body.length
|
||||
|
||||
|
||||
if nl == 0
|
||||
nl = 1
|
||||
end
|
||||
@ -454,30 +454,30 @@ class Metasploit3 < Msf::Auxiliary
|
||||
if fl == 0
|
||||
fl = 1
|
||||
end
|
||||
|
||||
|
||||
ntmax = [ nl,tl ].max
|
||||
ntmin = [ nl,tl ].min
|
||||
diff_nt_perc = ((ntmax - ntmin)*100)/(ntmax)
|
||||
diff_nt_f_perc = ((ntmax - fl)*100)/(ntmax)
|
||||
|
||||
diff_nt_f_perc = ((ntmax - fl)*100)/(ntmax)
|
||||
|
||||
if diff_nt_perc <= max_diff_perc and diff_nt_f_perc > min_diff_perc
|
||||
print_status("Detected by test D")
|
||||
return true
|
||||
end
|
||||
|
||||
|
||||
nfmax = [ nl,fl ].max
|
||||
nfmin = [ nl,fl ].min
|
||||
diff_nf_perc = ((nfmax - nfmin)*100)/(nfmax)
|
||||
diff_nf_t_perc = ((nfmax - tl)*100)/(nfmax)
|
||||
|
||||
|
||||
if diff_nf_perc <= max_diff_perc and diff_nf_t_perc > min_diff_perc
|
||||
print_status("Detected by test D")
|
||||
return true
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
return false
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
|
@ -199,4 +199,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -100,4 +100,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -97,4 +97,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -214,4 +214,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -178,7 +178,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
:data => "#{tpath}#{testfdir} Auth: #{res.headers['WWW-Authenticate']}",
|
||||
:update => :unique_data
|
||||
)
|
||||
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
@ -188,4 +188,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -184,7 +184,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
:data => "#{tpath}%c0%af#{testfdir} Code: #{res.code}",
|
||||
:update => :unique_data
|
||||
)
|
||||
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
@ -195,4 +195,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -36,7 +36,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('PATH', [true, "Drupal Path", "/"]),
|
||||
OptString.new('PATH', [true, "Drupal Path", "/"])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
@ -153,7 +153,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
print_error("[#{wmap_target_host}] Error string appears in the normal response, unable to test")
|
||||
print_error("[#{wmap_target_host}] Error string: '#{inje}'")
|
||||
print_error("[#{wmap_target_host}] DB TYPE: #{dbt}, Error type '#{injt}'")
|
||||
|
||||
|
||||
report_web_vuln(
|
||||
:host => ip,
|
||||
:port => rport,
|
||||
|
@ -303,7 +303,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
return :abort if (res.code == 404)
|
||||
|
||||
if ( [200, 301, 302].include?(res.code) ) or (res.code == 201)
|
||||
if ( [200, 301, 302].include?(res.code) ) or (res.code == 201)
|
||||
if ((res.code == 201) and (requesttype == "PUT"))
|
||||
print_good("Trying to delete #{path}")
|
||||
del_res,c = send_digest_request_cgi({
|
||||
@ -334,4 +334,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -134,7 +134,7 @@ class Metasploit4 < Msf::Auxiliary
|
||||
path += '/'
|
||||
end
|
||||
|
||||
path += datastore['FILENAME']
|
||||
path += datastore['FILENAME']
|
||||
|
||||
case action.name
|
||||
when 'PUT'
|
||||
|
@ -29,7 +29,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
'Author' => 'hdm',
|
||||
'License' => MSF_LICENSE
|
||||
)
|
||||
|
||||
|
||||
register_wmap_options({
|
||||
'OrderID' => 0,
|
||||
'Require' => {},
|
||||
@ -46,4 +46,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -180,4 +180,4 @@ class Metasploit4 < Msf::Auxiliary
|
||||
print_good("pem: #{p}")
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -124,4 +124,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -58,7 +58,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
register_wmap_options({
|
||||
'OrderID' => 1,
|
||||
'Require' => {},
|
||||
})
|
||||
})
|
||||
end
|
||||
|
||||
def run_host(target_host)
|
||||
@ -82,7 +82,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
datastore['RPORT'] = target_port
|
||||
if target_host == site
|
||||
print_error("Target is the same as proxy site.")
|
||||
else
|
||||
else
|
||||
check_host(target_host,target_port,site,user_agent)
|
||||
end
|
||||
end
|
||||
|
@ -80,4 +80,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -107,4 +107,4 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -92,4 +92,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -112,4 +112,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -68,7 +68,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
result.each do |u|
|
||||
print_status("[#{target_host}] #{tpath} [#{u}]")
|
||||
|
||||
|
||||
report_web_vuln(
|
||||
:host => target_host,
|
||||
:port => rport,
|
||||
@ -92,4 +92,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -73,4 +73,4 @@ class Metasploit3 < Msf::Auxiliary
|
||||
print_status("File saved in: #{path}")
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -109,4 +109,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -119,4 +119,4 @@ class Metasploit4 < Msf::Auxiliary
|
||||
rescue ::Timeout::Error, ::Errno::EPIPE
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -250,4 +250,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -109,4 +109,4 @@ HTTP/1.1 405 Method Not Allowed
|
||||
Allow: GET
|
||||
Content-Length: 0
|
||||
Server: Jetty(EAServer/6.3.1.04 Build 63104 EBF 18509)
|
||||
=end
|
||||
=end
|
||||
|
@ -67,4 +67,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -84,9 +84,9 @@ class Metasploit3 < Msf::Auxiliary
|
||||
print_status("Testing verb #{tv} resp code: [#{resauth.code}]")
|
||||
if resauth.code != auth_code and resauth.code <= 302
|
||||
print_status("Possible authentication bypass with verb #{tv} code #{resauth.code}")
|
||||
|
||||
|
||||
# Unable to use report_web_vuln as method is not in list of allowed methods.
|
||||
|
||||
|
||||
report_note(
|
||||
:host => ip,
|
||||
:proto => 'tcp',
|
||||
@ -96,7 +96,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
:data => "#{datastore['PATH']} Verb: #{tv}",
|
||||
:update => :unique_data
|
||||
)
|
||||
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -147,4 +147,3 @@ require 'cgi'
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -48,7 +48,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
], self.class)
|
||||
|
||||
end
|
||||
|
||||
|
||||
# Modify to true if you have sqlmap installed.
|
||||
def wmap_enabled
|
||||
false
|
||||
@ -189,4 +189,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -78,4 +78,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -79,4 +79,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -78,4 +78,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -182,4 +182,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -260,5 +260,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
print_status("Done.")
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
|
@ -40,4 +40,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
@ -84,4 +84,3 @@ class Metasploit3 < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -19,7 +19,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
'Name' => 'OKI Printer Default Login Credential Scanner',
|
||||
'Description' => %q{
|
||||
This module scans for OKI printers via SNMP, then tries to connect to found devices
|
||||
with vendor default administrator credentials via HTTP authentication. By default, OKI
|
||||
with vendor default administrator credentials via HTTP authentication. By default, OKI
|
||||
network printers use the last six digits of the MAC as admin password.
|
||||
},
|
||||
'Author' => 'antr6X <anthr6x[at]gmail.com>',
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user