CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/lib/msf/core/auxiliary/arista.rb
Views: 1904
# -*- coding: binary -*-12module Msf3###4#5# This module provides methods for working with Arista equipment6#7###8module Auxiliary::Arista9include Msf::Auxiliary::Report1011def arista_eos_config_eater(thost, tport, config)1213if framework.db.active14credential_data = {15address: thost,16port: tport,17protocol: 'tcp',18workspace_id: myworkspace_id,19origin_type: :service,20private_type: :nonreplayable_hash,21jtr_format: 'sha512,crypt', # default on the devices22service_name: '',23module_fullname: fullname,24status: Metasploit::Model::Login::Status::UNTRIED25}26end2728# Default SNMP to UDP29if tport == 16130credential_data[:protocol] = 'udp'31end3233store_loot('arista.eos.config', 'text/plain', thost, config.strip, 'config.txt', 'Arista EOS Configuration')3435host_info = {36host: thost,37os_name: 'Arista EOS'38}39report_host(host_info)4041config.each_line do |line|42case line4344# one of the first lines45# ! device: aristaveos (vEOS, EOS-4.19.10M)46# ! device: switch (DCS-7150S-64-CL, EOS-4.13.2F)47when /^\s*! device: (.+) \((.+),\s*(.+)-(.+)\)/i48hostname = Regexp.last_match(1).to_s49device = Regexp.last_match(2).to_s50os = Regexp.last_match(3).to_s51os_ver = Regexp.last_match(4).to_s52host_info[:os_name] = os53host_info[:os_flavor] = os_ver54host_info[:name] = hostname55report_host(host_info)56print_good("#{thost}:#{tport} Hostname: #{hostname}, Device: #{device}, OS: #{os}, Version: #{os_ver}")57# https://www.arista.com/en/um-eos/eos-section-6-1-managing-the-switch-name58# hostname aristaveos59when /^\s*hostname (\S+)/i60host_info[:name] = Regexp.last_match(1).to_s61report_host(host_info)62print_good("#{thost}:#{tport} Hostname: #{Regexp.last_match(1)}")63# https://www.arista.com/en/um-eos/eos-section-4-7-aaa-commands#ww134912764# enable secret sha512 $6$jemN09cUdoLRim6i$Mvl2Fog/VZ7ktxyLSVDR1KnTTTPSMHU3WD.G/kxwgODdsc3d7S1aSNJX/DJmQI3nyrYnEw4lsmoKPGClFJ9hH165when /^\s*enable secret sha512 (.*)$/i66if framework.db.active67cred = credential_data.dup68cred[:username] = 'enable'69cred[:private_data] = Regexp.last_match(1).to_s70create_credential_and_login(cred)71end72print_good("#{thost}:#{tport} Enable hash: #{Regexp.last_match(1)}")73# https://www.arista.com/en/um-eos/eos-section-43-3-configuring-snmp?searchword=snmp74# snmp-server community read ro75# snmp-server community write rw76when /^\s*snmp-server community ([^\s]+) (RO|RW)/i77stype = Regexp.last_match(2).strip78scomm = Regexp.last_match(1).strip79print_good("#{thost}:#{tport} SNMP Community (#{stype}): #{scomm}")8081if framework.db.active82cred = credential_data.dup83cred[:access_level] = stype.upcase84cred[:protocol] = 'udp'85cred[:service_name] = 'snmp'86cred[:private_type] = :password87cred[:jtr_format] = ''88cred[:port] = 16189cred[:private_data] = scomm90create_credential_and_login(cred)91end92# https://www.arista.com/en/um-eos/eos-section-4-7-aaa-commands#ww134996393# username admin privilege 15 role network-admin secret sha512 $6$Ei2bjrcTCGPOjSkk$7S.XSTZqdRVXILbUUDcRPCxzyfqEFYzg6HfL0BHXvriETX330MT.KObHLkGx7n9XZRVWBr68ZsKfvzvxYCvj6194# username bob privilege 15 secret 5 $1$EGQJlod0$CdkMmW1FoiRgMfbLFD/kB/95# username rlaney role network-admin secret 0 ralrox96when /^\s*username ([^\s]+) (?:privilege (\d+) )?(?:role (.+) )?secret (.+) ([^\s]+)/i97name = Regexp.last_match(1).to_s98privilege = Regexp.last_match(2).to_s99role = Regexp.last_match(3).to_s100# for secret, 0=plaintext, 5=md5sum, sha512=sha512101secret = Regexp.last_match(4).to_s102hash = Regexp.last_match(5).to_s103output = "#{thost}:#{tport} Username '#{name}'"104unless privilege.empty?105output << " with privilege #{privilege},"106end107unless role.empty?108output << " Role #{role},"109end110111if framework.db.active112cred = credential_data.dup113else114cred = {} # throw away, but much less code than constant if statements115end116117if secret == '0'118output << " and Password: #{hash}"119cred[:private_type] = :password120cred[:jtr_format] = ''121else122output << " and Hash: #{hash}"123cred[:jtr_format] = Metasploit::Framework::Hashes.identify_hash(hash)124end125126cred[:username] = name127cred[:private_data] = hash128129if framework.db.active130create_credential_and_login(cred)131end132print_good(output)133# aaa root secret sha512 $6$Rnanb2dQsVy2H3QL$DEYDZMy6j6KK4XK62Uh.3U3WXxK5XJvn8Zd5sm36T7BVKHS5EmIcQV.EN1X1P1ZO099S0lkxpvEGzA9yK5PQF.134when /^\s*aaa (root) secret (.+) ([^\s]+)/i135name = Regexp.last_match(1).to_s136# for secret, 0=plaintext, 5=md5sum, sha512=sha512137secret = Regexp.last_match(2).to_s138hash = Regexp.last_match(3).to_s139output = "#{thost}:#{tport} AAA Username '#{name}'"140if framework.db.active141cred = credential_data.dup142else143cred = {} # throw away, but much less code than constant if statements144end145146cred[:username] = name.to_s147148if secret == '0'149output << " and Password: #{hash}"150cred[:private_type] = :password151cred[:jtr_format] = ''152else153output << " with Hash: #{hash}"154cred[:jtr_format] = Metasploit::Framework::Hashes.identify_hash(hash)155end156157cred[:private_data] = hash.to_s158if framework.db.active159create_credential_and_login(cred)160end161print_good(output)162end163end164end165end166end167168169