Fix up modules calling report_vuln() to use new syntax

rapid7 · Jun 18, 2012 · c388cba · c388cba
1 parent e8ad66b
commit c388cba
Show file tree

Hide file tree

Showing 13 changed files with 71 additions and 68 deletions.
diff --git a/modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids.rb b/modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids.rb
@@ -150,8 +150,9 @@ def run
 			report_vuln({
 				:host => rhost,
 				:port => rport,
-				:name => self.fullname,
-				:refs => self.references
+				:name => self.name,
+				:refs => self.references,
+				:info => "Module #{self.fullname} successfully crashed the target system via RDP"
 			})
 		else
 			print_status("#{rhost}:#{rport} is still up")

diff --git a/modules/auxiliary/scanner/http/cisco_device_manager.rb b/modules/auxiliary/scanner/http/cisco_device_manager.rb
@@ -73,8 +73,8 @@ def run_host(ip)
 						:host	=> rhost,
 						:port	=> rport,
 						:proto  => 'tcp',
-						:name	=> self.fullname,
-						:info	=> "http://#{rhost}:#{rport}/exec/show/version/CR",
+						:name	=> self.name,
+						:info	=> "Module #{self.fullname} successfully accessed http://#{rhost}:#{rport}/exec/show/version/CR",
 						:refs   => self.references,
 						:exploited_at => Time.now.utc
 					}

diff --git a/modules/auxiliary/scanner/http/cisco_ios_auth_bypass.rb b/modules/auxiliary/scanner/http/cisco_ios_auth_bypass.rb
@@ -64,8 +64,9 @@ def run_host(ip)
 						:host	=> rhost,
 						:port	=> rport,
 						:proto  => 'tcp',
-						:name	=> self.fullname,
-						:info	=> "http://#{rhost}:#{rport}/level/#{level}/exec/show/version/CR",
+						:name	=> self.name,
+						:sname  => ssl ? "https" : "http",
+						:info	=> "Module #{self.fullname} successfully accessed http://#{rhost}:#{rport}/level/#{level}/exec/show/version/CR",
 						:refs   => self.references,
 						:exploited_at => Time.now.utc
 					}
@@ -83,8 +84,10 @@ def run_host(ip)
 					report_exploit(
 						{
 							:host		=> rhost,
-							:service	=> rport,
-							:name		=> self.fullname
+							:port		=> rport,
+							:name		=> self.name,
+							:sname      => ssl ? "https" : "http",
+							:info       => "Module #{self.fullname} successfully captured the configuration file:\n#{config}"
 						}
 					)
 				else

diff --git a/modules/auxiliary/scanner/http/frontpage_login.rb b/modules/auxiliary/scanner/http/frontpage_login.rb
@@ -24,7 +24,7 @@ class Metasploit3 < Msf::Auxiliary
 
 	def initialize
 		super(
-			'Name'        => 'FrontPage Server Extensions Login Utility',
+			'Name'        => 'FrontPage Server Extensions Anonymous Login Scanner',
 			'Version'     => '$Revision$',
 			'Description' => 'This module queries the FrontPage Server Extensions and determines whether anonymous access is allowed.',
 			'References'  =>
@@ -133,8 +133,8 @@ def check_account(info, fpversion, target_host)
 							:host   => target_host,
 							:port	=> rport,
 							:proto	=> 'tcp',
-							:name	=> self.fullname,
-							:info   => "#{info} FrontPage ACCESS ALLOWED [#{retcode}]",
+							:name	=> self.name,
+							:info   => "Module #{self.fullname} confirmed access to #{info} [#{retcode}]",
 							:refs   => self.references,
 							:exploited_at => Time.now.utc
 						}

diff --git a/modules/auxiliary/scanner/http/http_put.rb b/modules/auxiliary/scanner/http/http_put.rb
@@ -150,13 +150,14 @@ def run_host(ip)
 
 			#Check file
 			if not res.nil? and file_exists(path, data)
-				print_good("File uploaded: #{(ssl ? 'https' : 'http')}://#{ip}:#{rport}#{path}")
+				turl = "#{(ssl ? 'https' : 'http')}://#{ip}:#{rport}#{path}"
+				print_good("File uploaded: #{turl}")
 				report_vuln(
 					:host         => ip,
 					:port         => rport,
 					:proto        => 'tcp',
-					:name         => self.fullname,
-					:info         => "PUT Enabled",
+					:name         => self.name,
+					:info         => "Module #{self.fullname} confirmed write access to #{turl} via PUT",
 					:refs         => self.references,
 					:exploited_at => Time.now.utc
 				)
@@ -182,14 +183,15 @@ def run_host(ip)
 			if res.nil? or file_exists(path, data)
 				print_error("DELETE failed. File is still there.")
 			else
-				print_good("File deleted: #{(ssl ? 'https' : 'http')}://#{ip}:#{rport}#{path}")
+				turl = "#{(ssl ? 'https' : 'http')}://#{ip}:#{rport}#{path}"
+				print_good("File deleted: #{turl}")
 				report_vuln(
 					:host         => ip,
 					:port         => rport,
 					:proto        => 'tcp',
 					:sname => (ssl ? 'https' : 'http'),
-					:name         => self.fullname,
-					:info         => "DELETE ENABLED",
+					:name         => self.name,
+					:info         => "Module #{self.fullname} confirmed write access to #{turl} via DELETE",
 					:refs         => self.references,
 					:exploited_at => Time.now.utc
 				)

diff --git a/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb b/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb
@@ -22,13 +22,12 @@ class Metasploit3 < Msf::Auxiliary
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'   		=> 'MS09-020 IIS6 WebDAV Unicode Auth Bypass',
+			'Name'   		=> 'MS09-020 IIS6 WebDAV Unicode Authentication Bypass',
 			'Description'	=> %q{
-				Simplified version of MS09-020 IIS6 WebDAV Unicode Auth Bypass scanner. It attempts
-				to bypass authentication using the WebDAV IIS6 Unicode vulnerability
-				discovered by Kingcope. The vulnerability appears to be exploitable
-				where WebDAV is enabled on the IIS6 server, and any protected folder
-				requires either Basic, Digest or NTLM authentication.
+				This module attempts to to bypass authentication using the WebDAV IIS6 
+				Unicode vulnerability discovered by Kingcope. The vulnerability appears
+				to be exploitable where WebDAV is enabled on the IIS6 server, and any 
+				protected folder requires either Basic, Digest or NTLM authentication.
 			},
 			'Author' 		=> [ 'et', 'patrick' ],
 			'Version'		=> '$Revision$',
@@ -77,8 +76,8 @@ def run_host(ip)
 			if(not res)
 				print_error("NO Response.")
 			elsif (res.code.to_i == 401)
-				print_status("Confirmed protected folder #{wmap_base_url}#{tpath} #{res.code} (#{wmap_target_host})")
-				print_status("\tTesting for unicode bypass in IIS6 with WebDAV enabled using PROPFIND request.")
+				print_status("#{rhost}:#{rport} Confirmed protected folder #{wmap_base_url}#{tpath} #{res.code} (#{wmap_target_host})")
+				print_status("#{rhost}:#{rport} \tTesting for unicode bypass in IIS6 with WebDAV enabled using PROPFIND request.")
 
 				cset  = %W{ & ^ % $ # @ ! }
 				buff  = ''
@@ -100,24 +99,25 @@ def run_host(ip)
 				}, 20)
 
 				if (res.code.to_i == 207)
-					print_status("\tFound vulnerable WebDAV Unicode bypass.  #{wmap_base_url}#{tpath}#{bogus}/ #{res.code} (#{wmap_target_host})")
+					print_status("#{rhost}:#{rport} \tFound vulnerable WebDAV Unicode bypass.  #{wmap_base_url}#{tpath}#{bogus}/ #{res.code} (#{wmap_target_host})")
 
 
 					report_vuln(
 						{
 							:host	=> ip,
 							:port	=> rport,
 							:proto	=> 'tcp',
-							:name	=> self.fullname,
-							:info	=> "#{tpath}#{bogus} / Code: #{res.code}",
+							:sname  => ssl ? 'https' : 'http',
+							:name	=> self.name,
+							:info	=> "Module #{self.fullname} bypassed authentication with #{tpath}#{bogus} (response code #{res.code})",
 							:refs   => self.references,
 							:exploited_at => Time.now.utc
 						}
 					)
 
 				end
 			else
-				print_error("Folder does not require authentication. [#{res.code}]")
+				print_error("#{rhost}:#{rport} Folder does not require authentication. [#{res.code}]")
 			end
 		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
 		rescue ::Timeout::Error, ::Errno::E877PIPE

diff --git a/modules/auxiliary/scanner/http/options.rb b/modules/auxiliary/scanner/http/options.rb
@@ -67,8 +67,8 @@ def run_host(target_host)
 						:port	=> rport,
 						:proto => 'tcp',
 						:sname => (ssl ? 'https' : 'http'),
-						:name	=> self.fullname,
-						:info	=> res.headers['Allow'],
+						:name	=> "HTTP Trace Method Allowed",
+						:info	=> "Module #{self.fullname} detected TRACE access through the Allow header: #{res.headers['Allow']}",
 						:refs   => self.references,
 						:exploited_at => Time.now.utc
 					)

diff --git a/modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb b/modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb
@@ -17,7 +17,7 @@ class Metasploit4 < Msf::Auxiliary
 
 	def initialize
 		super(
-			'Name'        => 'Reverse Proxy Bypass Scanner',
+			'Name'        => 'Apache Reverse Proxy Bypass Vulnerability Scanner',
 			'Version'     => '$Revision$',
 			'Description' => %q{
 				Scan for poorly configured reverse proxy servers.
@@ -66,15 +66,15 @@ def make_request(host, uri, timeout=20)
 		end
 
 		if response.nil?
-			vprint_error "Request against #{host} timed out"
+			vprint_error "#{rhost}:#{rport} Request timed out"
 			return nil
 		end
 
 		seconds_transpired = (responded_at - requested_at).to_f
-		vprint_status "#{host} took #{seconds_transpired} seconds to respond to URI #{uri}"
+		vprint_status "#{rhost}:#{rport} Server took #{seconds_transpired} seconds to respond to URI #{uri}"
 
 		status_code = response.code
-		vprint_status "#{host} responded with status code #{status_code} to URI #{uri}"
+		vprint_status "#{rhost}:#{rport} Server responded with status code #{status_code} to URI #{uri}"
 
 		return {
 			:requested_at => requested_at,
@@ -92,7 +92,7 @@ def run_host(host)
 		end
 
 		if baseline[:status_code] == test_status_code
-			vprint_error "The baseline status code for #{host} matches our test's"
+			vprint_error "#{rhost}:#{rport} The baseline status code for #{host} matches our test's"
 			return
 		end
 
@@ -101,13 +101,14 @@ def run_host(host)
 
 		status_code = injection_info[:status_code]
 		if status_code == test_status_code
-			print_good "#{host}:#{rport} is vulnerable!"
+			print_good "#{rhost}:#{rport} Server appears to be vulnerable!"
 			report_vuln(
 				:host   => host,
 				:port   => rport,
 				:proto  => 'tcp',
-				:name   => self.fullname,
-				:info   => "Returned #{status_code} when requested #{uri}",
+				:sname  => ssl ? 'https' : 'http',
+				:name   => self.name,
+				:info   => "Module #{self.fullname} obtained #{status_code} when requesting #{uri}",
 				:refs   => self.references,
 				:exploited_at => injection_info[:requested_at]
 			)

diff --git a/modules/auxiliary/scanner/http/vmware_server_dir_trav.rb b/modules/auxiliary/scanner/http/vmware_server_dir_trav.rb
@@ -21,9 +21,9 @@ class Metasploit3 < Msf::Auxiliary
 
 	def initialize
 		super(
-			'Name'        => 'VMware Server Directory Transversal Vulnerability',
+			'Name'        => 'VMware Server Directory Traversal Vulnerability',
 			'Version'     => '$Revision$',
-			'Description' => 'This modules exploits the VMware Server Directory traversal
+			'Description' => 'This modules exploits the VMware Server Directory Traversal
 				vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before
 				2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5
 				allows remote attackers to read arbitrary files. Common VMware server ports
@@ -68,8 +68,8 @@ def run_host(target_host)
 						:host   => target_host,
 						:port	=> rport,
 						:proto  => 'tcp',
-						:name	=> self.fullname,
-						:info   => res.code,
+						:name	=> self.name,
+						:info   => "Module #{self.fullname} reports directory traversal of #{target_host}:#{rport} with response code #{res.code}",
 						:refs   => self.references,
 						:exploited_at => Time.now.utc
 					}

diff --git a/modules/auxiliary/scanner/misc/java_rmi_server.rb b/modules/auxiliary/scanner/misc/java_rmi_server.rb
@@ -19,7 +19,7 @@ class Metasploit3 < Msf::Auxiliary
 
 	def initialize
 		super(
-			'Name'        => 'Java RMI Server Endpoint Scanner',
+			'Name'        => 'Java RMI Server Insecure Endpoint Code Execution Scanner',
 			'Version'     => '$Revision$',
 			'Description' => 'Detect Java RMI endpoints',
 			'Author'     => ['mihi', 'hdm'],
@@ -95,14 +95,12 @@ def run_host(target_host)
 					report_service(:host => rhost, :port => rport, :name => "java-rmi", :info => "Class Loader: Disabled")
 				elsif buf.length > 0
 					print_good("#{rhost}:#{rport} Java RMI Endpoint Detected: Class Loader Enabled")
-					report_service(:host => rhost, :port => rport, :name => "java-rmi", :info => "Class Loader: Enabled")
+					svc = report_service(:host => rhost, :port => rport, :name => "java-rmi", :info => "Class Loader: Enabled")
 					report_vuln(
 						:host         => rhost,
-						:port         => rport,
-						:proto        => 'tcp',
-						:sname => (ssl ? 'https' : 'http'),
-						:name         => self.fullname,
-						:info         => "Class Loader: Enabled",
+						:service      => svc,
+						:name         => self.name,
+						:info         => "Module #{self.fullname} confirmed remote code execution via this RMI service",
 						:refs         => self.references
 					)
 				else

diff --git a/modules/auxiliary/scanner/telnet/telnet_encrypt_overflow.rb b/modules/auxiliary/scanner/telnet/telnet_encrypt_overflow.rb
@@ -50,7 +50,7 @@ def run_host(ip)
 
 				# This makes db_services look a lot nicer.
 				banner_sanitized = Rex::Text.to_hex_ascii(banner.to_s)
-				report_service(:host => rhost, :port => rport, :name => "telnet", :info => banner_sanitized)
+				svc = report_service(:host => rhost, :port => rport, :name => "telnet", :info => banner_sanitized)
 
 				# Check for encryption option ( IS(0) DES_CFB64(1) )
 				sock.put("\xff\xfa\x26\x00\x01\x01\x12\x13\x14\x15\x16\x17\x18\x19\xff\xf0")
@@ -124,12 +124,11 @@ def run_host(ip)
 				print_good("#{ip}:#{rport} VULNERABLE: #{banner_sanitized}")
 				report_vuln(
 					{
-							:host	=> ip,
-							:port	=> rport,
-							:proto  => 'tcp',
-							:name	=> self.fullname,
-							:info	=> banner_sanitized,
-							:refs   => self.references
+							:host	  => ip,
+							:service  => svc,
+							:name	  => self.name,
+							:info	  => "Module #{self.fullname} confirmed acceptance of a long key ID: #{banner_sanitized}",
+							:refs     => self.references
 					}
 				)
 

diff --git a/modules/auxiliary/scanner/vnc/vnc_none_auth.rb b/modules/auxiliary/scanner/vnc/vnc_none_auth.rb
@@ -53,7 +53,7 @@ def run_host(target_host)
 
 			ver = "#{vnc.majver}.#{vnc.minver}"
 			print_status("#{target_host}:#{rport}, VNC server protocol version : #{ver}")
-			report_service(
+			svc = report_service(
 				:host => rhost,
 				:port => rport,
 				:proto => 'tcp',
@@ -77,12 +77,11 @@ def run_host(target_host)
 				print_good("#{target_host}:#{rport}, VNC server security types includes None, free access!")
 				report_vuln(
 					{
-						:host => rhost,
-						:port => rport,
-						:proto => 'tcp',
-						:name	=> self.fullname,
-						:info => sec_type.join(","),
-						:refs => self.references,
+						:host         => rhost,
+						:service      => svc,
+						:name         => self.name,
+						:info         => "Module #{self.fullname} identified the VNC 'none' security type: #{sec_type.join(", ")}",
+						:refs         => self.references,
 						:exploited_at => Time.now.utc
 					})
 			end

diff --git a/modules/post/windows/gather/forensics/duqu_check.rb b/modules/post/windows/gather/forensics/duqu_check.rb
@@ -55,11 +55,11 @@ def run
 					match += 1
 					report_vuln(
 						:host          => session.session_host,
-						:name          => self.fullname,
-						:info          => "#{path}\\#{query} possible CVE-2011-3402 exploitation [Duqu] artifact.",
+						:name          => self.name,
+						:info          => "Module #{self.fullname} detected #{path}\\#{query} - possible CVE-2011-3402 exploitation [Duqu] artifact.",
 						:refs          => self.references,
-						:exploited_at  => Time.now.utc
-						)
+						:exploited_at  => Time.now.utc,
+					)
 				end
 			end
 		rescue # Probably should do something here...