Aux module for Sentry CDU enum

[juushya]

No description provided.

[Meatballs1]

Add this as a reference URL

[jvazquez-r7]

As far as I know URL References shouldn't be general (including vendors), but URL's referencing materials about the specific technique used in the Metasploit module. So I think doesn't worth to add the vendor site as URL Reference.

Feel free to correct me if I'm wrong!

[juushya]

I agree, will remove it.

[jvazquez-r7]

I liked the idea of checking before proceeding with the auth brute... just was recommending to merge the check_conn? and is_app_sentry? in one check.... I guess was not explained very well :P Let me do a pull request against your branch :)

[jvazquez-r7]

@juushya, did a pull request to your repo and branch: https://github.com/juushya/metasploit-framework/pull/1

I like the way of proceeding in the pull request above, checking for the app (in just one request) before proceeding with the auth brute. Saves one request while checking, and the resultant code is readable and review-friendly I think. Feel free to review, test, discuss, etc and land once you feel comfortable with it! This pull request will be automatically updated!

[jvazquez-r7]

Thanks @juushya , processing!

[jvazquez-r7]

Module wasn't working. New pull request on https://github.com/juushya/metasploit-framework/pull/2

• Module wasn't working: Hardcoded strings were being used as credentials :? On the other hand, according to my testing the authentication queries must be done against the index.html resource.

[+] x.x.x.x:80  - Running ServerTech Sentry Switched CDU
[*] x.x.x.x:80 - Starting login brute force...
[*] x.x.x.x:80  - [1/1] - Trying username:"admn" with password:"admn"
[+] x.x.x.x:80 - SUCCESSFUL LOGIN - "admn":"admn"
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(sentry_cdu_enum) > db_
db_connect        db_export         db_nmap           db_status         
db_disconnect     db_import         db_rebuild_cache  
msf auxiliary(sentry_cdu_enum) > creds 

Credentials
===========

host            port  user  pass  type      active?
----            ----  ----  ----  ----      -------
x.x.x.x  80    admn  admn  password  true

• These days a big retab effort has been done in the metasploit-framework in order to align it with the ruby best practices (https://github.com/rapid7/metasploit-framework/wiki/Indentation-Standards). Because of that, your pull request would cause conflict. This pull request also fix the Tabulation issue on your pull request, so it can be merged without conflicts.

Please feel free to test the module after changes. If works, please sends us a pcap of the module working to msfdev[at]metasploit.com in order to verify. Feel free to ask about pgp keys if you need it. Really thanks!

[wvu]

@juushya: @jvazquez-r7 is waiting on you.

[juushya]

@jvazquez-r7 @wchen-r7 Hey guys. Sorry for my late reply, I was occupied with a project. I have merged the pull request now.

Making request to / or /index.html, both work fine. So I've not made any change to /index.html in the module code.

I will read the retab / indentation link you shared above. Is msftidy updated to validate it as well?

Thanks!

[wvu]

Thanks, @juushya!

[jvazquez-r7]

Processing the new input!

[jvazquez-r7]

@juushya yeah, msftidy is updated to check tab indents:

0db9311

[jvazquez-r7]

pcap looks good, landing! thans @juushya !