Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional timing options to snmp_login scanner #4722

Merged
merged 4 commits into from
Apr 16, 2015
Merged

Add additional timing options to snmp_login scanner #4722

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5fba54d
Add addtional timing options
Meatballs1 Feb 6, 2015
22664e6
Increase default timeout
Meatballs1 Feb 6, 2015
0debbbb
Fixup spec
Meatballs1 Feb 6, 2015
fcc21ff
Stylish like @limhoff-r7
Meatballs1 Mar 17, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
33 changes: 31 additions & 2 deletions lib/metasploit/framework/login_scanner/snmp.rb
View file
Open in desktop
Expand Up @@ -17,6 +17,35 @@ class SNMP
PRIVATE_TYPES = [ :password ]
REALM_KEY = nil

# @!attribute retries
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

YARD has advised that @!attribute is not meant to be used on attr_*. Use comments directly instead:

# The number of retries
#
# @return [Fixnum]
attr_accessor :retries

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should separate your attributes from your validations, so that all attributes are first, then all validations as the patten shown here

# @return [Fixnum] The number of retries
attr_accessor :retries

validates :retries,
presence: true,
numericality: {
only_integer: true,
greater_than_or_equal_to: 0
}

# @!attribute version
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

YARD has advised that @!attribute is not meant to be used on attr_*. Use comments directly instead:

# The SNMAP version to scan
#
# @return [String]
attr_accessor :version

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm lib/metasploit/framework is littered with this convention FYI. I will change here though

# @return [String] The SNMP version to scan
attr_accessor :version

validates :version,
presence: true,
inclusion: { in: ['1', '2c', 'all'] }

# This method returns an array of versions to scan
# @return [Array] An array of versions
def versions
case version
when '1'; [:SNMPv1]
when '2c'; [:SNMPv2c]
when 'all'; [:SNMPv1,:SNMPv2c]
end
end

# This method attempts a single login with a single credential against the target
# @param credential [Credential] The credential object to attmpt to login with
# @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object
Expand All @@ -29,14 +58,14 @@ def attempt_login(credential)
service_name: 'snmp'
}

[:SNMPv1, :SNMPv2c].each do |version|
versions.each do |version|
snmp_client = ::SNMP::Manager.new(
:Host => host,
:Port => port,
:Community => credential.public,
:Version => version,
:Timeout => connection_timeout,
:Retries => 2,
:Retries => retries,
:Transport => ::SNMP::RexUDPTransport,
:Socket => ::Rex::Socket::Udp.create('Context' => { 'Msf' => framework, 'MsfExploit' => framework_module })
)
Expand Down
9 changes: 7 additions & 2 deletions modules/auxiliary/scanner/snmp/snmp_login.rb
View file
Open in desktop
Expand Up @@ -30,7 +30,10 @@ def initialize
[
Opt::RPORT(161),
Opt::CHOST,
OptInt.new('CONNECTION_TIMEOUT', [true, 'The timeout value for each probe', 2]),
OptInt.new('RETRIES', [true, 'The number of retries per community string', 0]),
OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256]),
OptEnum.new('VERSION', [true, 'The SNMP version to scan', 'all', ['1','2c','all']]),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note used 'all' incase v3 is supported in future etc ;)

OptString.new('PASSWORD', [ false, 'The password to test' ]),
OptPath.new('PASS_FILE', [ false, "File containing communities, one per line",
File.join(Msf::Config.data_directory, "wordlists", "snmp_default_pass.txt")
Expand Down Expand Up @@ -61,9 +64,11 @@ def run_batch(batch)
cred_details: collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],
bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
connection_timeout: 2,
connection_timeout: datastore['CONNECTION_TIMEOUT'],
retries: datastore['RETRIES'],
version: datastore['VERSION'],
framework: framework,
framework_module: self,
framework_module: self
)

scanner.scan! do |result|
Expand Down
2 changes: 2 additions & 0 deletions spec/lib/metasploit/framework/login_scanner/snmp_spec.rb
View file
Open in desktop
Expand Up @@ -37,6 +37,8 @@
snmp_scanner.host = '127.0.0.1'
snmp_scanner.port = 161
snmp_scanner.connection_timeout = 1
snmp_scanner.retries = 0
snmp_scanner.version = 'all'
snmp_scanner.stop_on_success = true
snmp_scanner.cred_details = detail_group
end
Expand Down