1
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-29 18:07:27 +01:00

AFP fixes and JTR typo fix

This commit is contained in:
HD Moore 2012-07-16 21:45:45 -05:00
parent 7e50f91d59
commit f62e0b1cca
4 changed files with 22 additions and 28 deletions

View File

@ -84,7 +84,7 @@ module Exploit::Remote::AFP
start = Time.now start = Time.now
response = sock.timed_read(1024, datastore['LoginTimeOut']) response = sock.timed_read(1024, datastore['LoginTimeOut'])
rescue Timeout::Error rescue Timeout::Error
vprint_error("AFP #{rhost}:#{rport} Login timeout (AFP server delay response for 20 - 22 seconds after 7 incorrect logins)") vprint_error("Login timeout (AFP server delay response for 20 - 22 seconds after 7 incorrect logins)")
return :connection_error return :connection_error
end end
@ -95,7 +95,7 @@ module Exploit::Remote::AFP
return parse_login_response_add_send_login_count(response, {:p => p, :g => g, :ra => ra, :ma => ma, return parse_login_response_add_send_login_count(response, {:p => p, :g => g, :ra => ra, :ma => ma,
:password => pass, :user => user}) :password => pass, :user => user})
when -5023 #kFPUserNotAuth (User dosen't exists) when -5023 #kFPUserNotAuth (User dosen't exists)
print_status("AFP #{rhost}:#{rport} User #{user} dosen't exists") print_status("User #{user} dosen't exists")
return :skip_user return :skip_user
else else
return :connection_error return :connection_error
@ -132,7 +132,7 @@ module Exploit::Remote::AFP
begin begin
response = sock.timed_read(1024, datastore['LoginTimeOut']) response = sock.timed_read(1024, datastore['LoginTimeOut'])
rescue Timeout::Error rescue Timeout::Error
vprint_error("AFP #{rhost}:#{rport} Login timeout (AFP server delay response for 20 - 22 seconds after 7 incorrect logins)") vprint_error("Login timeout (AFP server delay response for 20 - 22 seconds after 7 incorrect logins)")
return :connection_error return :connection_error
end end
@ -190,7 +190,7 @@ module Exploit::Remote::AFP
begin begin
response = sock.timed_read(1024, datastore['LoginTimeOut']) response = sock.timed_read(1024, datastore['LoginTimeOut'])
rescue Timeout::Error rescue Timeout::Error
vprint_error("AFP #{rhost}:#{rport} Login timeout (AFP server delay response for 20 - 22 seconds after 7 incorrect logins)") vprint_error("Login timeout (AFP server delay response for 20 - 22 seconds after 7 incorrect logins)")
return :connection_error return :connection_error
end end
@ -211,7 +211,7 @@ module Exploit::Remote::AFP
parsed_data = {} parsed_data = {}
flags, command, request_id, error_code, length, reserved = parse_header(response) flags, command, request_id, error_code, length, reserved = parse_header(response)
raise "AFP #{rhost}:#{rport} Server response with error" if error_code != 0 raise "Server response with error" if error_code != 0
body = get_body(response, length) body = get_body(response, length)
machine_type_offset, afp_versions_offset, uam_count_offset, icon_offset, server_flags = machine_type_offset, afp_versions_offset, uam_count_offset, icon_offset, server_flags =
body.unpack('nnnnn') body.unpack('nnnnn')
@ -253,7 +253,7 @@ module Exploit::Remote::AFP
def get_body(packet, body_length) def get_body(packet, body_length)
body = packet[16..body_length + 15] body = packet[16..body_length + 15]
raise "AFP #{rhost}:#{rport} Invalid body length" if body.length != body_length raise "Invalid body length" if body.length != body_length
return body return body
end end
@ -301,7 +301,7 @@ module Exploit::Remote::AFP
when 7 # IPv6 address (16 bytes) followed by a two-byte port number when 7 # IPv6 address (16 bytes) followed by a two-byte port number
parsed_addreses << "[#{IPAddr.ntop(address[1..16])}]:#{address[17..18].unpack("n").first}" parsed_addreses << "[#{IPAddr.ntop(address[1..16])}]:#{address[17..18].unpack("n").first}"
else # Something wrong? else # Something wrong?
raise "Error parsing network addresses" raise "Error pasing network addresses"
end end
end end
return parsed_addreses return parsed_addreses

View File

@ -19,7 +19,7 @@ class Framework
Major = 4 Major = 4
Minor = 4 Minor = 4
Point = 0 Point = 0
Release = "-release" Release = "-dev"
if(Point) if(Point)
Version = "#{Major}.#{Minor}.#{Point}#{Release}" Version = "#{Major}.#{Minor}.#{Point}#{Release}"

View File

@ -129,13 +129,13 @@ class Metasploit3 < Msf::Auxiliary
# Store the cracked results based on user_id => cred.id # Store the cracked results based on user_id => cred.id
cracked_ntlm.each_pair do |k,v| cracked_ntlm.each_pair do |k,v|
next if not cred.user.to_s.strip.length > 0
next if not k =~ /^cred_(\d+)/m next if not k =~ /^cred_(\d+)/m
cid = $1.to_i cid = $1.to_i
cred_find = smb_hashes.select{|x| x[:id] == cid} cred_find = smb_hashes.select{|x| x[:id] == cid}
next if cred_find.length == 0 next if cred_find.length == 0
cred = cred_find.first cred = cred_find.first
next if cred.user.to_s.strip.length == 0
print_good("Cracked: #{cred.user}:#{v} (#{cred.service.host.address}:#{cred.service.port})") print_good("Cracked: #{cred.user}:#{v} (#{cred.service.host.address}:#{cred.service.port})")
report_auth_info( report_auth_info(

View File

@ -33,7 +33,7 @@ class Metasploit3 < Msf::Auxiliary
end end
def run_host(ip) def run_host(ip)
print_status("AFP #{ip} Scanning...") print_status("Scanning IP: #{ip.to_s}")
begin begin
connect connect
response = get_info response = get_info
@ -44,30 +44,24 @@ class Metasploit3 < Msf::Auxiliary
rescue ::Rex::ConnectionError, ::IOError, ::Errno::ECONNRESET, ::Errno::ENOPROTOOPT rescue ::Rex::ConnectionError, ::IOError, ::Errno::ECONNRESET, ::Errno::ENOPROTOOPT
rescue ::Exception rescue ::Exception
raise $! raise $!
print_error("AFP #{rhost}:#{rport} #{$!.class} #{$!}") print_error("#{rhost}:#{rport} #{$!.class} #{$!}")
ensure ensure
disconnect disconnect
end end
end end
def report(response) def report(response)
report_info = "AFP #{rhost}:#{rport} Server Name: #{response[:server_name]} \n" + report_info = "Server Name: #{response[:server_name]} \n" +
"AFP #{rhost}:#{rport} Server Flags: \n" + " Server Flags: \n" +
format_flags_report(response[:server_flags]) + format_flags_report(response[:server_flags]) +
"AFP #{rhost}:#{rport} Machine Type: #{response[:machine_type]} \n" + " Machine Type: #{response[:machine_type]} \n" +
"AFP #{rhost}:#{rport} AFP Versions: #{response[:versions].join(', ')} \n" + " AFP Versions: #{response[:versions].join(', ')} \n" +
"AFP #{rhost}:#{rport} UAMs: #{response[:uams].join(', ')}\n" + " UAMs: #{response[:uams].join(', ')}\n" +
"AFP #{rhost}:#{rport} Server Signature: #{response[:signature]}\n" + " Server Signature: #{response[:signature]}\n" +
"AFP #{rhost}:#{rport} Server Network Address: \n" + " Server Network Address: \n" +
format_addresses_report(response[:network_addresses]) + format_addresses_report(response[:network_addresses]) +
"AFP #{rhost}:#{rport} UTF8 Server Name: #{response[:utf8_server_name]}" " UTF8 Server Name: #{response[:utf8_server_name]}"
print_status("#{rhost}:#{rport} APF:\n #{report_info}")
lines = "AFP #{rhost}:#{rport}:#{rport} AFP:\n#{report_info}"
lines.split(/\n/).each do |line|
print_status(line)
end
report_note(:host => datastore['RHOST'], report_note(:host => datastore['RHOST'],
:proto => 'tcp', :proto => 'tcp',
@ -88,7 +82,7 @@ class Metasploit3 < Msf::Auxiliary
def format_flags_report(parsed_flags) def format_flags_report(parsed_flags)
report = '' report = ''
parsed_flags.each do |flag, val| parsed_flags.each do |flag, val|
report << "AFP #{rhost}:#{rport} * #{flag}: #{val.to_s} \n" report << " * #{flag}: #{val.to_s} \n"
end end
return report return report
end end
@ -96,7 +90,7 @@ class Metasploit3 < Msf::Auxiliary
def format_addresses_report(parsed_network_addresses) def format_addresses_report(parsed_network_addresses)
report = '' report = ''
parsed_network_addresses.each do |val| parsed_network_addresses.each do |val|
report << "AFP #{rhost}:#{rport} * #{val.to_s} \n" report << " * #{val.to_s} \n"
end end
return report return report
end end