Skip to content

Commit 73b362c

Browse files
darkbushidodarkbushido
committed
updating more spec
1 parent d807a83 commit 73b362c

File tree

2 files changed

+158
-90
lines changed

2 files changed

+158
-90
lines changed

lib/msf/core/auxiliary/cisco.rb

Lines changed: 36 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -176,10 +176,15 @@ def cisco_ios_config_eater(thost, tport, config)
176176

177177

178178
when /^\s*(password|secret) 5 (.*)/i
179-
shash = $1.strip
179+
shash = $2.strip
180180
print_good("#{thost}:#{tport} MD5 Encrypted VTY Password: #{shash}")
181181
store_loot("cisco.ios.vty_password", "text/plain", thost, shash, "vty_password_hash.txt", "Cisco IOS VTY Password Hash (MD5)")
182-
182+
183+
cred = credential_data.dup
184+
cred[:private_data] = shash
185+
cred[:private_type] = :nonreplayable_hash
186+
create_credential_and_login(cred)
187+
183188
when /^\s*password (0 |)([^\s]+)/i
184189
spass = $2.strip
185190
print_good("#{thost}:#{tport} Unencrypted VTY Password: #{spass}")
@@ -205,29 +210,29 @@ def cisco_ios_config_eater(thost, tport, config)
205210
if stype == 5
206211
print_good("#{thost}:#{tport} Wireless WPA-PSK MD5 Password Hash: #{spass}")
207212
store_loot("cisco.ios.wireless_wpapsk_hash", "text/plain", thost, spass, "wireless_wpapsk_hash.txt", "Cisco IOS Wireless WPA-PSK Password Hash (MD5)")
213+
cred = credential_data.dup
214+
cred[:private_data] = spass
215+
cred[:private_type] = :nonreplayable_hash
216+
create_credential_and_login(cred)
208217
end
209218

210219
if stype == 0
211220
print_good("#{thost}:#{tport} Wireless WPA-PSK Password: #{spass}")
212-
cred = cred_info.dup
213-
cred[:pass] = spass
214-
cred[:type] = "password"
215-
cred[:collect_type] = "password"
216-
store_cred(cred)
217-
218221
store_loot("cisco.ios.wireless_wpapsk", "text/plain", thost, spass, "wireless_wpapsk.txt", "Cisco IOS Wireless WPA-PSK Password")
222+
cred = credential_data.dup
223+
cred[:private_data] = spass
224+
cred[:private_type] = :nonreplayable_hash
225+
create_credential_and_login(cred)
219226
end
220227

221228
if stype == 7
222229
spass = cisco_ios_decrypt7(spass) rescue spass
223230
print_good("#{thost}:#{tport} Wireless WPA-PSK Decrypted Password: #{spass}")
224-
cred = cred_info.dup
225-
cred[:pass] = spass
226-
cred[:type] = "password"
227-
cred[:collect_type] = "password"
228-
store_cred(cred)
229-
230231
store_loot("cisco.ios.wireless_wpapsk", "text/plain", thost, spass, "wireless_wpapsk.txt", "Cisco IOS Wireless WPA-PSK Decrypted Password")
232+
cred = credential_data.dup
233+
cred[:private_data] = spass
234+
cred[:private_type] = :password
235+
create_credential_and_login(cred)
231236
end
232237

233238
#
@@ -240,11 +245,11 @@ def cisco_ios_config_eater(thost, tport, config)
240245
print_good("#{thost}:#{tport} VPN IPSEC ISAKMP Key '#{spass}' Host '#{shost}'")
241246
store_loot("cisco.ios.vpn_ipsec_key", "text/plain", thost, "#{spass}", "vpn_ipsec_key.txt", "Cisco VPN IPSEC Key")
242247

243-
cred = cred_info.dup
244-
cred[:pass] = spass
245-
cred[:type] = "password"
246-
cred[:collect_type] = "password"
247-
store_cred(cred)
248+
cred = credential_data.dup
249+
cred[:private_data] = spass
250+
cred[:private_type] = :nonreplayable_hash
251+
create_credential_and_login(cred)
252+
248253
when /^\s*interface tunnel(\d+)/i
249254
tuniface = $1
250255

@@ -254,25 +259,24 @@ def cisco_ios_config_eater(thost, tport, config)
254259

255260
print_good("#{thost}:#{tport} GRE Tunnel Key #{spass} for Interface Tunnel #{siface}")
256261
store_loot("cisco.ios.gre_tunnel_key", "text/plain", thost, "tunnel#{siface}_#{spass}", "gre_tunnel_key.txt", "Cisco GRE Tunnel Key")
257-
258-
cred = cred_info.dup
259-
cred[:pass] = spass
260-
cred[:type] = "password"
261-
cred[:collect_type] = "password"
262-
store_cred(cred)
263-
262+
263+
cred = credential_data.dup
264+
cred[:private_data] = spass
265+
cred[:private_type] = :nonreplayable_hash
266+
create_credential_and_login(cred)
267+
264268
when /^\s*ip nhrp authentication ([^\s]+)/i
265269
spass = $1
266270
siface = tuniface
267271

268272
print_good("#{thost}:#{tport} NHRP Authentication Key #{spass} for Interface Tunnel #{siface}")
269273
store_loot("cisco.ios.nhrp_tunnel_key", "text/plain", thost, "tunnel#{siface}_#{spass}", "nhrp_tunnel_key.txt", "Cisco NHRP Authentication Key")
270-
271-
cred = cred_info.dup
272-
cred[:pass] = spass
273-
cred[:type] = "password"
274-
cred[:collect_type] = "password"
275-
store_cred(cred)
274+
275+
cred = credential_data.dup
276+
cred[:private_data] = spass
277+
cred[:private_type] = :nonreplayable_hash
278+
create_credential_and_login(cred)
279+
276280

277281
#
278282
# Various authentication secrets

0 commit comments

Comments
 (0)