-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Aux module for Sentry CDU enum #2321
Conversation
'Name' => 'Sentry Switched CDU Bruteforce Login Utility', | ||
'Description' => %{ | ||
This module scans for ServerTech's Sentry Switched CDU (Cabinet Power Distribution Unit) web login portals, and performs login brute force to identify valid credentials. | ||
Vendor site: www.servertech.com. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add this as a reference URL
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As far as I know URL References shouldn't be general (including vendors), but URL's referencing materials about the specific technique used in the Metasploit module. So I think doesn't worth to add the vendor site as URL Reference.
Feel free to correct me if I'm wrong!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree, will remove it.
Modified the code to have it work with 1 request instead of 3. Thanks Meatballs1!
I liked the idea of checking before proceeding with the auth brute... just was recommending to merge the check_conn? and is_app_sentry? in one check.... I guess was not explained very well :P Let me do a pull request against your branch :) |
@juushya, did a pull request to your repo and branch: https://github.com/juushya/metasploit-framework/pull/1 I like the way of proceeding in the pull request above, checking for the app (in just one request) before proceeding with the auth brute. Saves one request while checking, and the resultant code is readable and review-friendly I think. Feel free to review, test, discuss, etc and land once you feel comfortable with it! This pull request will be automatically updated! |
Review pr2321
Thanks @juushya , processing! |
Module wasn't working. New pull request on https://github.com/juushya/metasploit-framework/pull/2
Please feel free to test the module after changes. If works, please sends us a pcap of the module working to msfdev[at]metasploit.com in order to verify. Feel free to ask about pgp keys if you need it. Really thanks! |
@juushya: @jvazquez-r7 is waiting on you. |
Retab and fix PR2321
@jvazquez-r7 @wchen-r7 Hey guys. Sorry for my late reply, I was occupied with a project. I have merged the pull request now. Making request to / or /index.html, both work fine. So I've not made any change to /index.html in the module code. I will read the retab / indentation link you shared above. Is msftidy updated to validate it as well? Thanks! |
Thanks, @juushya! |
Processing the new input! |
pcap looks good, landing! thans @juushya ! |
No description provided.