New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

server/capture docs and consistency updates #10938

Merged
merged 5 commits into from Nov 13, 2018

Conversation

@h00die
Contributor

h00die commented Nov 9, 2018

Sorry to cram so many things in one PR, but little issues were bothering me.

  1. Fix a typo in auxiliary/server/capture/ftp docs
  2. add auxiliary/server/capture/http_basic docs. I hope that I made it clear enough that there was no actual vuln at the wordpress.com site, @todb-r7 can you give it a quick look over plz (See HTML Injection Social Engineering section), and let me know if it needs to be more obvious, or if another example (suggest a site?) should be used.
  3. Add auxiliary/server/capture/imap docs
  4. Add auxiliary/server/capture/mysql docs
  5. auxiliary/server/capture/http_basic used a unique string for printing the creds it got, so i synced it (more or less) to what the other modules were printing for consistency
  6. auxiliary/server/capture/imap now has a configurable banner, like I did for ftp, and gave some examples of ones I saw in shodan.io as examples
  7. auxiliary/server/capture/imap had a print_status instead of print_good which was not consistent with other modules, nor correct
  8. corrected the link to docs within auxiliary/server/capture/mysql
  9. auxiliary/server/capture/mysql was not properly storing the hash, it saved to pass then referenced password. Also saved it as a nonreplayable hash instead of a password. Fixed, example below.

Verification

  • check docs for spelling/grammar/examples
  • try http_basic to make sure it prints the creds correctly
  • try imap to see if it prints good instead of status, also check the banner
  • click the link in the mysql comment

Pre mysql creds fix:

msf5 > use auxiliary/server/capture/mysql 
msf5 auxiliary(server/capture/mysql) > run
[*] Auxiliary module running as background job 0.
msf5 auxiliary(server/capture/mysql) > 
[*] Started service listener on 0.0.0.0:3306 
[*] Server started.

msf5 auxiliary(server/capture/mysql) > creds
Credentials
===========

host  origin  service  public  private  realm  private_type
----  ------  -------  ------  -------  -----  ------------

msf5 auxiliary(server/capture/mysql) > mysql -u user -ppassword -h 127.0.0.1
[*] exec: mysql -u user -ppassword -h 127.0.0.1

ERROR 1045 (28000): Access denied for user 'user'@'127.0.0.1' (using password: YES)

[+] 127.0.0.1:35610 - User: user; Challenge: 112233445566778899aabbccddeeff1122334455; Response: 42e3928bba9eec017860b977a1700d7a774656f5
msf5 auxiliary(server/capture/mysql) > creds
Credentials
===========

host       origin     service                  public  private  realm  private_type
----       ------     -------                  ------  -------  -----  ------------
127.0.0.1  127.0.0.1  3306/tcp (mysql_client)  user                    Blank password

post fix

msf5 auxiliary(server/capture/mysql) > run
[*] Auxiliary module running as background job 1.
msf5 auxiliary(server/capture/mysql) > 
[*] Started service listener on 0.0.0.0:3306 
[*] Server started.

msf5 auxiliary(server/capture/mysql) > mysql -u user -ppassword -h 127.0.0.1
[*] exec: mysql -u user -ppassword -h 127.0.0.1

ERROR 1045 (28000): Access denied for user 'user'@'127.0.0.1' (using password: YES)

[+] 127.0.0.1:35618 - User: user; Challenge: 112233445566778899aabbccddeeff1122334455; Response: 42e3928bba9eec017860b977a1700d7a774656f5
msf5 auxiliary(server/capture/mysql) > creds
Credentials
===========

host       origin     service                  public  private                                                                                        realm  private_type
----       ------     -------                  ------  -------                                                                                        -----  ------------
127.0.0.1  127.0.0.1  3306/tcp (mysql_client)  user    user:$mysql$112233445566778899aabbccddeeff1122334455$42e3928bba9eec017860b977a1700d7a774656f5         Nonreplayable hash
@Green-m

This comment has been minimized.

Contributor

Green-m commented Nov 9, 2018

@h00die

This comment has been minimized.

Contributor

h00die commented Nov 9, 2018

good catch, i'm getting rusty with old age. git mv complete

h00die added some commits Nov 9, 2018

@h00die

This comment has been minimized.

Contributor

h00die commented Nov 9, 2018

@Green-m sorry for adding 2 more things, but when i woke up a few min ago i realized mysql was not storing the hash, and it was saving it as a password not a hash. Fixed that up so its storing right. This PR has lots and lots in it, but theyre all relatively minor at least

@h00die h00die added the bug label Nov 9, 2018

@h00die h00die requested a review from todb-r7 Nov 10, 2018

@bcoles bcoles added this to the Module documentation milestone Nov 10, 2018

@bcoles bcoles added this to To Do in Module documentation Nov 10, 2018

@Green-m

This comment has been minimized.

Contributor

Green-m commented Nov 13, 2018

I am going to land this since most r7 employees are busy with CTF. Thanks!

@Green-m Green-m self-assigned this Nov 13, 2018

@Green-m Green-m merged commit bf15fa0 into rapid7:master Nov 13, 2018

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

Green-m added a commit that referenced this pull request Nov 13, 2018

Land #10938, add docs for modules and fix bug.
Add docs for auxiliary module http_basic/imap/mysql, and fix a bug
in modules/auxiliary/server/capture/mysql.rb
@Green-m

This comment has been minimized.

Contributor

Green-m commented Nov 13, 2018

Release Notes

This adds documentation and consistency improvements for server/capture modules.

msjenkins-r7 added a commit that referenced this pull request Nov 13, 2018

Land #10938, add docs for modules and fix bug.
Add docs for auxiliary module http_basic/imap/mysql, and fix a bug
in modules/auxiliary/server/capture/mysql.rb

@h00die h00die deleted the h00die:capture_docs branch Nov 15, 2018

@bcoles bcoles moved this from To Do to Done in Module documentation Dec 3, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment