Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

expand utility for allegro_rompager_auth_bypass #11865

Merged
merged 1 commit into from May 30, 2019

Conversation

Projects
None yet
5 participants
@jmartin-r7
Copy link
Contributor

commented May 21, 2019

Adds an advanced options to ForceAttempt on hosts that report a fingerprint that appears vulnerable based on service fingerprints. While this does not add an algorithm to determine valid cookies for undocumented devices it will now attempt all known cookies against unknown hosts if the advanced option is set.

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • use auxiliary/admin/http/allegro_rompager_auth_bypass
  • Verify an existing known targets still works.

It would be nice to validate against a device not in the list which could be done against a TD-8616 that works with cookie [107369790, 17] by temporarily removing TD-8616 from the device list with the patch below since TD-8817 can also have the same cookie values.

diff --git a/modules/auxiliary/admin/http/allegro_rompager_auth_bypass.rb b/modules/auxiliary/admin/http/allegro_rompager_auth_bypass.rb
index 0979c5e965..db9d172c7c 100644
--- a/modules/auxiliary/admin/http/allegro_rompager_auth_bypass.rb
+++ b/modules/auxiliary/admin/http/allegro_rompager_auth_bypass.rb
@@ -92,14 +92,6 @@ class MetasploitModule < Msf::Auxiliary
                 [107366496, 13],
                 [107360133, 20]
             ]},
-        :'TD-8616'=>
-            {:name=> 'TP-Link', :model=>'TD-8616', :values=>[
-                [107371483, 21],
-                [107369790, 17],
-                [107371161, 1],
-                [107371426, 17],
-                [107370211, 5],
-            ]},
         :'TD-8817'=>
             {:name=> 'TP-Link', :model=>'TD-8817', :values=>[
                 [107369790, 17],

@jhart-r7 , @wvu-r7 thoughts on value of this change?

@wvu-r7

This comment has been minimized.

Copy link
Contributor

commented May 22, 2019

Looks fine to me.

@busterb busterb self-assigned this May 23, 2019

@y4tg4n

This comment has been minimized.

Copy link

commented May 25, 2019

I think it will be fine too.

@busterb busterb merged commit 310ee3b into rapid7:master May 30, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

busterb added a commit that referenced this pull request May 30, 2019

@busterb

This comment has been minimized.

Copy link
Member

commented May 30, 2019

Release Notes

The number of devices that can be targeted by the allegro_rompager_auth_bypass exploit module has been increased.

msjenkins-r7 added a commit that referenced this pull request May 30, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.