Skip to content

Commit 47c38ed

Browse files
dmaloney-r7dmaloney-r7
authored andcommitted
Merge pull request rapid7#4364 from todb-r7/bug/bruteforce-speed-3904
Modules should respect bruteforce_speed again
2 parents 24dbc28 + 4eaf64a commit 47c38ed

30 files changed

+161
-3
lines changed

lib/metasploit/framework/login_scanner/base.rb

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,9 @@ module Base
3030
# @!attribute stop_on_success
3131
# @return [Boolean] Whether the scanner should stop when it has found one working Credential
3232
attr_accessor :stop_on_success
33+
# @!attribute bruteforce_speed
34+
# @return [Fixnum] The desired speed, with 5 being 'fast' and 0 being 'slow.'
35+
attr_accessor :bruteforce_speed
3336

3437
validates :connection_timeout,
3538
presence: true,
@@ -53,6 +56,14 @@ module Base
5356
validates :stop_on_success,
5457
inclusion: { in: [true, false] }
5558

59+
validates :bruteforce_speed,
60+
presence: false,
61+
numericality: {
62+
only_integer: true,
63+
greater_than_or_equal_to: 0,
64+
less_than_or_equal_to: 5
65+
}
66+
5667
validate :host_address_must_be_valid
5768

5869
validate :validate_cred_details
@@ -86,6 +97,34 @@ def check_setup
8697
false
8798
end
8899

100+
# @note Override this to set a timeout that makes more sense for
101+
# your particular protocol. Telnet already usually takes a really
102+
# long time, while MSSQL is often lickety-split quick. If
103+
# overridden, the override should probably do something sensible
104+
# with {#bruteforce_speed}
105+
#
106+
# @return [Fixnum] a number of seconds to sleep between attempts
107+
def sleep_time
108+
case bruteforce_speed
109+
when 0; 60 * 5
110+
when 1; 15
111+
when 2; 1
112+
when 3; 0.5
113+
when 4; 0.1
114+
else; 0
115+
end
116+
end
117+
118+
# A threadsafe sleep method
119+
#
120+
# @param time [Fixnum] number of seconds (can be a Float), defaults
121+
# to {#sleep_time}
122+
#
123+
# @return [void]
124+
def sleep_between_attempts(time=self.sleep_time)
125+
::IO.select(nil,nil,nil,time) unless sleep_time.zero?
126+
end
127+
89128
def each_credential
90129
cred_details.each do |raw_cred|
91130

@@ -148,6 +187,7 @@ def scan!
148187
total_error_count = 0
149188

150189
successful_users = Set.new
190+
first_attempt = true
151191

152192
each_credential do |credential|
153193
# Skip users for whom we've have already found a password
@@ -161,6 +201,12 @@ def scan!
161201
next
162202
end
163203

204+
if first_attempt
205+
first_attempt = false
206+
else
207+
sleep_between_attempts
208+
end
209+
164210
result = attempt_login(credential)
165211
result.freeze
166212

lib/metasploit/framework/login_scanner/db2.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ def set_sane_defaults
106106
self.max_send_size ||= 0
107107
self.send_delay ||= 0
108108

109-
self.ssl = false if self.ssl.nil?
109+
self.ssl = false if self.ssl.nil?
110110
end
111111

112112
# This method takes a response packet and checks to see

modules/auxiliary/scanner/afp/afp_login.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ def run_host(ip)
6363
proxies: datastore['PROXIES'],
6464
cred_details: cred_collection,
6565
stop_on_success: datastore['STOP_ON_SUCCESS'],
66+
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
6667
connection_timeout: 30,
6768
max_send_size: datastore['TCP::max_send_size'],
6869
send_delay: datastore['TCP::send_delay'],

modules/auxiliary/scanner/db2/db2_auth.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,7 @@ def run_host(ip)
6161
proxies: datastore['PROXIES'],
6262
cred_details: cred_collection,
6363
stop_on_success: datastore['STOP_ON_SUCCESS'],
64+
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
6465
connection_timeout: 30,
6566
max_send_size: datastore['TCP::max_send_size'],
6667
send_delay: datastore['TCP::send_delay'],

modules/auxiliary/scanner/ftp/ftp_login.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,7 @@ def run_host(ip)
7575
proxies: datastore['PROXIES'],
7676
cred_details: cred_collection,
7777
stop_on_success: datastore['STOP_ON_SUCCESS'],
78+
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
7879
max_send_size: datastore['TCP::max_send_size'],
7980
send_delay: datastore['TCP::send_delay'],
8081
connection_timeout: 30

modules/auxiliary/scanner/http/appletv_login.rb

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55

66
require 'msf/core'
77
require 'metasploit/framework/credential_collection'
8+
require 'metasploit/framework/login_scanner/http'
89

910
class Metasploit3 < Msf::Auxiliary
1011

@@ -80,6 +81,7 @@ def run_host(ip)
8081
proxies: datastore["PROXIES"],
8182
cred_details: cred_collection,
8283
stop_on_success: datastore['STOP_ON_SUCCESS'],
84+
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
8385
connection_timeout: 5,
8486
)
8587

modules/auxiliary/scanner/http/axis_login.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -85,6 +85,7 @@ def run_host(ip)
8585
proxies: proxies,
8686
cred_details: cred_collection,
8787
stop_on_success: datastore['STOP_ON_SUCCESS'],
88+
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
8889
connection_timeout: 5,
8990
user_agent: datastore['UserAgent'],
9091
vhost: datastore['VHOST']

modules/auxiliary/scanner/http/buffalo_login.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,7 @@ def run_host(ip)
4949
proxies: datastore['PROXIES'],
5050
cred_details: cred_collection,
5151
stop_on_success: datastore['STOP_ON_SUCCESS'],
52+
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
5253
connection_timeout: 10,
5354
user_agent: datastore['UserAgent'],
5455
vhost: datastore['VHOST']

modules/auxiliary/scanner/http/glassfish_login.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -100,6 +100,7 @@ def init_loginscanner(ip)
100100
proxies: datastore["PROXIES"],
101101
cred_details: @cred_collection,
102102
stop_on_success: datastore['STOP_ON_SUCCESS'],
103+
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
103104
connection_timeout: 5
104105
)
105106

modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,6 +82,7 @@ def init_loginscanner(ip)
8282
proxies: datastore["PROXIES"],
8383
cred_details: @cred_collection,
8484
stop_on_success: datastore['STOP_ON_SUCCESS'],
85+
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
8586
connection_timeout: 5
8687
)
8788

0 commit comments

Comments
 (0)