Skip to content

Commit 0972005

Browse files
darkbushidodarkbushido
committed
updating 'ppp.*username secret'
1 parent 1d33c9a commit 0972005

File tree

2 files changed

+56
-35
lines changed

2 files changed

+56
-35
lines changed

lib/msf/core/auxiliary/cisco.rb

Lines changed: 22 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -356,36 +356,37 @@ def cisco_ios_config_eater(thost, tport, config)
356356

357357
suser = $1
358358
stype = $3.to_i
359-
shash = $4
359+
spass = $4
360360

361361
if stype == 5
362-
print_good("#{thost}:#{tport} PPP Username #{suser} MD5 Encrypted Password: #{shash}")
363-
store_loot("cisco.ios.ppp_username_password_hash", "text/plain", thost, "#{suser}:#{shash}", "ppp_username_password_hash.txt", "Cisco IOS PPP Username and Password Hash (MD5)")
362+
print_good("#{thost}:#{tport} PPP Username #{suser} MD5 Encrypted Password: #{spass}")
363+
store_loot("cisco.ios.ppp_username_password_hash", "text/plain", thost, "#{suser}:#{spass}", "ppp_username_password_hash.txt", "Cisco IOS PPP Username and Password Hash (MD5)")
364+
365+
cred = credential_data.dup
366+
cred[:private_data] = spass
367+
cred[:private_type] = :nonreplayable_hash
368+
create_credential_and_login(cred)
364369
end
365370

366371
if stype == 0
367-
print_good("#{thost}:#{tport} PPP Username: #{suser} Password: #{shash}")
368-
store_loot("cisco.ios.ppp_username_password", "text/plain", thost, "#{suser}:#{shash}", "ppp_username_password.txt", "Cisco IOS PPP Username and Password")
369-
370-
cred = cred_info.dup
371-
cred[:pass] = shash
372-
cred[:user] = suser
373-
cred[:type] = "password"
374-
cred[:collect_type] = "password"
375-
store_cred(cred)
372+
print_good("#{thost}:#{tport} PPP Username: #{suser} Password: #{spass}")
373+
store_loot("cisco.ios.ppp_username_password", "text/plain", thost, "#{suser}:#{spass}", "ppp_username_password.txt", "Cisco IOS PPP Username and Password")
374+
375+
cred = credential_data.dup
376+
cred[:private_data] = spass
377+
cred[:private_type] = :nonreplayable_hash
378+
create_credential_and_login(cred)
376379
end
377380

378381
if stype == 7
379-
shash = cisco_ios_decrypt7(shash) rescue shash
380-
print_good("#{thost}:#{tport} PPP Username: #{suser} Decrypted Password: #{shash}")
381-
store_loot("cisco.ios.ppp_username_password", "text/plain", thost, "#{suser}:#{shash}", "ppp_username_password.txt", "Cisco IOS PPP Username and Password")
382+
spass = cisco_ios_decrypt7(spass) rescue spass
383+
print_good("#{thost}:#{tport} PPP Username: #{suser} Decrypted Password: #{spass}")
384+
store_loot("cisco.ios.ppp_username_password", "text/plain", thost, "#{suser}:#{spass}", "ppp_username_password.txt", "Cisco IOS PPP Username and Password")
382385

383-
cred = cred_info.dup
384-
cred[:pass] = shash
385-
cred[:user] = suser
386-
cred[:type] = "password"
387-
cred[:collect_type] = "password"
388-
store_cred(cred)
386+
cred = credential_data.dup
387+
cred[:private_data] = spass
388+
cred[:private_type] = :password
389+
create_credential_and_login(cred)
389390
end
390391

391392
when /^\s*ppp chap (secret|password) (\d+) ([^\s]+)/i

spec/lib/msf/core/auxiliary/cisco_spec.rb

Lines changed: 34 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -676,15 +676,18 @@ def myworkspace
676676
"cisco.ios.ppp_username_password", "text/plain", "127.0.0.1", "someusername:1511021F0725", "ppp_username_password.txt",
677677
"Cisco IOS PPP Username and Password"
678678
)
679-
expect(aux_cisco).to receive(:store_cred).with(
679+
expect(aux_cisco).to receive(:create_credential_and_login).with(
680680
{
681-
host: "127.0.0.1",
681+
address: "127.0.0.1",
682682
port: 1337,
683-
user: "someusername",
684-
pass: "1511021F0725",
685-
type: "password",
686-
collect_type: "password",
687-
active: true
683+
protocol: "tcp",
684+
workspace_id: workspace.id,
685+
origin_type: :service,
686+
service_name: '',
687+
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
688+
private_data: "1511021F0725",
689+
private_type: :nonreplayable_hash,
690+
status: Metasploit::Model::Login::Status::UNTRIED
688691
}
689692
)
690693
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'ppp123username someusername secret 0 1511021F0725')
@@ -699,6 +702,20 @@ def myworkspace
699702
"cisco.ios.ppp_username_password_hash", "text/plain", "127.0.0.1", "someusername:1511021F0725", "ppp_username_password_hash.txt",
700703
"Cisco IOS PPP Username and Password Hash (MD5)"
701704
)
705+
expect(aux_cisco).to receive(:create_credential_and_login).with(
706+
{
707+
address: "127.0.0.1",
708+
port: 1337,
709+
protocol: "tcp",
710+
workspace_id: workspace.id,
711+
origin_type: :service,
712+
service_name: '',
713+
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
714+
private_data: "1511021F0725",
715+
private_type: :nonreplayable_hash,
716+
status: Metasploit::Model::Login::Status::UNTRIED
717+
}
718+
)
702719
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'ppp123username someusername secret 5 1511021F0725')
703720
end
704721

@@ -712,15 +729,18 @@ def myworkspace
712729
"cisco.ios.ppp_username_password", "text/plain", "127.0.0.1", "someusername:cisco", "ppp_username_password.txt",
713730
"Cisco IOS PPP Username and Password"
714731
)
715-
expect(aux_cisco).to receive(:store_cred).with(
732+
expect(aux_cisco).to receive(:create_credential_and_login).with(
716733
{
717-
host: "127.0.0.1",
734+
address: "127.0.0.1",
718735
port: 1337,
719-
user: "someusername",
720-
pass: "cisco",
721-
type: "password",
722-
collect_type: "password",
723-
active: true
736+
protocol: "tcp",
737+
workspace_id: workspace.id,
738+
origin_type: :service,
739+
service_name: '',
740+
module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
741+
private_data: "cisco",
742+
private_type: :password,
743+
status: Metasploit::Model::Login::Status::UNTRIED
724744
}
725745
)
726746
aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'ppp123username someusername secret 7 1511021F0725')

0 commit comments

Comments
 (0)