mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-29 18:07:27 +01:00
AFP fixes and JTR typo fix
This commit is contained in:
parent
7e50f91d59
commit
f62e0b1cca
@ -84,7 +84,7 @@ module Exploit::Remote::AFP
|
|||||||
start = Time.now
|
start = Time.now
|
||||||
response = sock.timed_read(1024, datastore['LoginTimeOut'])
|
response = sock.timed_read(1024, datastore['LoginTimeOut'])
|
||||||
rescue Timeout::Error
|
rescue Timeout::Error
|
||||||
vprint_error("AFP #{rhost}:#{rport} Login timeout (AFP server delay response for 20 - 22 seconds after 7 incorrect logins)")
|
vprint_error("Login timeout (AFP server delay response for 20 - 22 seconds after 7 incorrect logins)")
|
||||||
return :connection_error
|
return :connection_error
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -95,7 +95,7 @@ module Exploit::Remote::AFP
|
|||||||
return parse_login_response_add_send_login_count(response, {:p => p, :g => g, :ra => ra, :ma => ma,
|
return parse_login_response_add_send_login_count(response, {:p => p, :g => g, :ra => ra, :ma => ma,
|
||||||
:password => pass, :user => user})
|
:password => pass, :user => user})
|
||||||
when -5023 #kFPUserNotAuth (User dosen't exists)
|
when -5023 #kFPUserNotAuth (User dosen't exists)
|
||||||
print_status("AFP #{rhost}:#{rport} User #{user} dosen't exists")
|
print_status("User #{user} dosen't exists")
|
||||||
return :skip_user
|
return :skip_user
|
||||||
else
|
else
|
||||||
return :connection_error
|
return :connection_error
|
||||||
@ -132,7 +132,7 @@ module Exploit::Remote::AFP
|
|||||||
begin
|
begin
|
||||||
response = sock.timed_read(1024, datastore['LoginTimeOut'])
|
response = sock.timed_read(1024, datastore['LoginTimeOut'])
|
||||||
rescue Timeout::Error
|
rescue Timeout::Error
|
||||||
vprint_error("AFP #{rhost}:#{rport} Login timeout (AFP server delay response for 20 - 22 seconds after 7 incorrect logins)")
|
vprint_error("Login timeout (AFP server delay response for 20 - 22 seconds after 7 incorrect logins)")
|
||||||
return :connection_error
|
return :connection_error
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -190,7 +190,7 @@ module Exploit::Remote::AFP
|
|||||||
begin
|
begin
|
||||||
response = sock.timed_read(1024, datastore['LoginTimeOut'])
|
response = sock.timed_read(1024, datastore['LoginTimeOut'])
|
||||||
rescue Timeout::Error
|
rescue Timeout::Error
|
||||||
vprint_error("AFP #{rhost}:#{rport} Login timeout (AFP server delay response for 20 - 22 seconds after 7 incorrect logins)")
|
vprint_error("Login timeout (AFP server delay response for 20 - 22 seconds after 7 incorrect logins)")
|
||||||
return :connection_error
|
return :connection_error
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -211,7 +211,7 @@ module Exploit::Remote::AFP
|
|||||||
parsed_data = {}
|
parsed_data = {}
|
||||||
|
|
||||||
flags, command, request_id, error_code, length, reserved = parse_header(response)
|
flags, command, request_id, error_code, length, reserved = parse_header(response)
|
||||||
raise "AFP #{rhost}:#{rport} Server response with error" if error_code != 0
|
raise "Server response with error" if error_code != 0
|
||||||
body = get_body(response, length)
|
body = get_body(response, length)
|
||||||
machine_type_offset, afp_versions_offset, uam_count_offset, icon_offset, server_flags =
|
machine_type_offset, afp_versions_offset, uam_count_offset, icon_offset, server_flags =
|
||||||
body.unpack('nnnnn')
|
body.unpack('nnnnn')
|
||||||
@ -253,7 +253,7 @@ module Exploit::Remote::AFP
|
|||||||
|
|
||||||
def get_body(packet, body_length)
|
def get_body(packet, body_length)
|
||||||
body = packet[16..body_length + 15]
|
body = packet[16..body_length + 15]
|
||||||
raise "AFP #{rhost}:#{rport} Invalid body length" if body.length != body_length
|
raise "Invalid body length" if body.length != body_length
|
||||||
return body
|
return body
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -301,7 +301,7 @@ module Exploit::Remote::AFP
|
|||||||
when 7 # IPv6 address (16 bytes) followed by a two-byte port number
|
when 7 # IPv6 address (16 bytes) followed by a two-byte port number
|
||||||
parsed_addreses << "[#{IPAddr.ntop(address[1..16])}]:#{address[17..18].unpack("n").first}"
|
parsed_addreses << "[#{IPAddr.ntop(address[1..16])}]:#{address[17..18].unpack("n").first}"
|
||||||
else # Something wrong?
|
else # Something wrong?
|
||||||
raise "Error parsing network addresses"
|
raise "Error pasing network addresses"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
return parsed_addreses
|
return parsed_addreses
|
||||||
|
@ -19,7 +19,7 @@ class Framework
|
|||||||
Major = 4
|
Major = 4
|
||||||
Minor = 4
|
Minor = 4
|
||||||
Point = 0
|
Point = 0
|
||||||
Release = "-release"
|
Release = "-dev"
|
||||||
|
|
||||||
if(Point)
|
if(Point)
|
||||||
Version = "#{Major}.#{Minor}.#{Point}#{Release}"
|
Version = "#{Major}.#{Minor}.#{Point}#{Release}"
|
||||||
|
@ -129,13 +129,13 @@ class Metasploit3 < Msf::Auxiliary
|
|||||||
|
|
||||||
# Store the cracked results based on user_id => cred.id
|
# Store the cracked results based on user_id => cred.id
|
||||||
cracked_ntlm.each_pair do |k,v|
|
cracked_ntlm.each_pair do |k,v|
|
||||||
next if not cred.user.to_s.strip.length > 0
|
|
||||||
next if not k =~ /^cred_(\d+)/m
|
next if not k =~ /^cred_(\d+)/m
|
||||||
cid = $1.to_i
|
cid = $1.to_i
|
||||||
|
|
||||||
cred_find = smb_hashes.select{|x| x[:id] == cid}
|
cred_find = smb_hashes.select{|x| x[:id] == cid}
|
||||||
next if cred_find.length == 0
|
next if cred_find.length == 0
|
||||||
cred = cred_find.first
|
cred = cred_find.first
|
||||||
|
next if cred.user.to_s.strip.length == 0
|
||||||
|
|
||||||
print_good("Cracked: #{cred.user}:#{v} (#{cred.service.host.address}:#{cred.service.port})")
|
print_good("Cracked: #{cred.user}:#{v} (#{cred.service.host.address}:#{cred.service.port})")
|
||||||
report_auth_info(
|
report_auth_info(
|
||||||
|
@ -33,7 +33,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||||||
end
|
end
|
||||||
|
|
||||||
def run_host(ip)
|
def run_host(ip)
|
||||||
print_status("AFP #{ip} Scanning...")
|
print_status("Scanning IP: #{ip.to_s}")
|
||||||
begin
|
begin
|
||||||
connect
|
connect
|
||||||
response = get_info
|
response = get_info
|
||||||
@ -44,30 +44,24 @@ class Metasploit3 < Msf::Auxiliary
|
|||||||
rescue ::Rex::ConnectionError, ::IOError, ::Errno::ECONNRESET, ::Errno::ENOPROTOOPT
|
rescue ::Rex::ConnectionError, ::IOError, ::Errno::ECONNRESET, ::Errno::ENOPROTOOPT
|
||||||
rescue ::Exception
|
rescue ::Exception
|
||||||
raise $!
|
raise $!
|
||||||
print_error("AFP #{rhost}:#{rport} #{$!.class} #{$!}")
|
print_error("#{rhost}:#{rport} #{$!.class} #{$!}")
|
||||||
ensure
|
ensure
|
||||||
disconnect
|
disconnect
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def report(response)
|
def report(response)
|
||||||
report_info = "AFP #{rhost}:#{rport} Server Name: #{response[:server_name]} \n" +
|
report_info = "Server Name: #{response[:server_name]} \n" +
|
||||||
"AFP #{rhost}:#{rport} Server Flags: \n" +
|
" Server Flags: \n" +
|
||||||
format_flags_report(response[:server_flags]) +
|
format_flags_report(response[:server_flags]) +
|
||||||
"AFP #{rhost}:#{rport} Machine Type: #{response[:machine_type]} \n" +
|
" Machine Type: #{response[:machine_type]} \n" +
|
||||||
"AFP #{rhost}:#{rport} AFP Versions: #{response[:versions].join(', ')} \n" +
|
" AFP Versions: #{response[:versions].join(', ')} \n" +
|
||||||
"AFP #{rhost}:#{rport} UAMs: #{response[:uams].join(', ')}\n" +
|
" UAMs: #{response[:uams].join(', ')}\n" +
|
||||||
"AFP #{rhost}:#{rport} Server Signature: #{response[:signature]}\n" +
|
" Server Signature: #{response[:signature]}\n" +
|
||||||
"AFP #{rhost}:#{rport} Server Network Address: \n" +
|
" Server Network Address: \n" +
|
||||||
format_addresses_report(response[:network_addresses]) +
|
format_addresses_report(response[:network_addresses]) +
|
||||||
"AFP #{rhost}:#{rport} UTF8 Server Name: #{response[:utf8_server_name]}"
|
" UTF8 Server Name: #{response[:utf8_server_name]}"
|
||||||
|
print_status("#{rhost}:#{rport} APF:\n #{report_info}")
|
||||||
|
|
||||||
lines = "AFP #{rhost}:#{rport}:#{rport} AFP:\n#{report_info}"
|
|
||||||
|
|
||||||
lines.split(/\n/).each do |line|
|
|
||||||
print_status(line)
|
|
||||||
end
|
|
||||||
|
|
||||||
report_note(:host => datastore['RHOST'],
|
report_note(:host => datastore['RHOST'],
|
||||||
:proto => 'tcp',
|
:proto => 'tcp',
|
||||||
@ -88,7 +82,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||||||
def format_flags_report(parsed_flags)
|
def format_flags_report(parsed_flags)
|
||||||
report = ''
|
report = ''
|
||||||
parsed_flags.each do |flag, val|
|
parsed_flags.each do |flag, val|
|
||||||
report << "AFP #{rhost}:#{rport} * #{flag}: #{val.to_s} \n"
|
report << " * #{flag}: #{val.to_s} \n"
|
||||||
end
|
end
|
||||||
return report
|
return report
|
||||||
end
|
end
|
||||||
@ -96,7 +90,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||||||
def format_addresses_report(parsed_network_addresses)
|
def format_addresses_report(parsed_network_addresses)
|
||||||
report = ''
|
report = ''
|
||||||
parsed_network_addresses.each do |val|
|
parsed_network_addresses.each do |val|
|
||||||
report << "AFP #{rhost}:#{rport} * #{val.to_s} \n"
|
report << " * #{val.to_s} \n"
|
||||||
end
|
end
|
||||||
return report
|
return report
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user