BirthME, Doulas

Although normally called by SecGen, secgen_local.rb scripts can be executed directly, and accept all the parameter inputs as command line arguments, and returns the output in JSON format to stdout. *release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! Como detectar, habilitar e desabilitar SMBv1, SMBv2 e SMBv3 no Windows How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows. )\n raise BadcharError.new(state.encoded, 0, 0, 0)\n end\n\n buf\n end\n\n #\n # Appends the encoded context portion.\n #\n def encode_end(state)\n state.encoded += state.context\n end\n\n #\n # Generate the instructions that will be used to produce a valid\n # block after decoding using the sub instruction in conjunction with\n # two UTF8/tolower safe values.\n #\n def try_sub(state, block)\n buf = \"\\x68\";\n vbuf = ''\n ctx = ''\n carry = 0\n\n block.each_byte { |b|\n # It's impossible to reach 0x7f, 0x80, 0x81 with two subs\n # of a value that is < 0x80 without NULLs.\n return nil if (b == 0x80 or b == 0x81 or b == 0x7f)\n\n x = 0\n y = 0\n attempts = 0\n prev_carry = carry\n\n begin\n carry = prev_carry\n\n if (b > 0x80)\n diff = 0x100 - b\n y = rand(0x80 - diff - 1).to_i + 1\n x = (0x100 - (b - y + carry))\n carry = 1\n else\n diff = 0x7f - b\n x = rand(diff - 1) + 1\n y = (b + x + carry) & 0xff\n carry = 0\n end\n\n attempts += 1\n\n # Lame.\n return nil if (attempts > 512)\n\n end while (is_badchar(state, x) or is_badchar(state, y))\n\n vbuf += [x].pack('C')\n ctx += [y].pack('C')\n }\n\n buf += vbuf + \"\\x5f\\x29\\x39\\x03\\x0c\\x24\"\n\n state.context += ctx\n\n return buf\n\n end\n\n #\n # Generate instructions that will be used to produce a valid block after\n # decoding using the add instruction in conjunction with two UTF8/tolower\n # safe values.\n #\n def try_add(state, block)\n buf = \"\\x68\"\n vbuf = ''\n ctx = ''\n\n block.each_byte { |b|\n # It's impossible to produce 0xff and 0x01 using two non-NULL,\n # tolower safe, and UTF8 safe values.\n return nil if (b == 0xff or b == 0x01 or b == 0x00)\n\n attempts = 0\n\n begin\n xv = rand(b - 1) + 1\n\n attempts += 1\n\n # Lame.\n return nil if (attempts > 512)\n\n end while (is_badchar(state, xv) or is_badchar(state, b - xv))\n\n vbuf += [xv].pack('C')\n ctx += [b - xv].pack('C')\n }\n\n buf += vbuf + \"\\x5f\\x01\\x39\\x03\\x0c\\x24\"\n\n state.context += ctx\n\n return buf\n end\n\n def is_badchar(state, val)\n ((val >= 0x41 and val <= 0x5a) or val >= 0x80) or Rex::Text.badchar_index([val].pack('C'), state.badchars)\n end\nend\n", "metasploitReliability": "", "metasploitHistory": ""}, "lastseen": "2019-10-22T12:14:40", "differentElements": ["description", "modified", "published", "sourceData", "sourceHref", "title"], "edition": 55}, {"bulletin": {"id": "MSF:AUXILIARY/SCANNER/SMB/SMB1", "hash": "d52b4a7349bfdfed69120e316a13882a", "type": "metasploit", "bulletinFamily": "exploit", "title": "SMBv1 Protocol Detection", "description": "Detect systems that support the SMBv1 protocol\n", "published": "2017-09-14T21:59:39", "modified": "2017-09-18T20:02:38", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2019-10-22T16:26:00", "history": [], "viewCount": 255, "enchantments": {"score": {"value": 1.0, "vector": "NONE", "modified": "2019-10-22T16:26:00"}, "dependencies": {"references": [{"type": "thn", "idList": ["THN:9269E53DB7E4D99ED8A3314F02869A30"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310891968", "OPENVAS:1361412562310891961", "OPENVAS:1361412562310891967", "OPENVAS:1361412562310891962", "OPENVAS:1361412562310704546", "OPENVAS:1361412562310704545", "OPENVAS:1361412562310891966", "OPENVAS:1361412562310891965", "OPENVAS:1361412562310852742", "OPENVAS:1361412562310844204"]}, {"type": "mozilla", "idList": ["MFSA2019-34"]}, {"type": "ubuntu", "idList": ["USN-4162-1"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:F049AE2BB0739D7D9D8E368907DF1C29"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2348-1", "OPENSUSE-SU-2019:2344-1"]}, {"type": "kitploit", "idList": ["KITPLOIT:3183765424997503481"]}, {"type": "talosblog", "idList": ["TALOSBLOG:5A9BEF09DC8FF93E258E2D51361D11E8"]}], "modified": "2019-10-22T16:26:00"}}, "objectVersion": "1.4", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/smb/smb1.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n # Exploit mixins should go first\n include Msf::Exploit::Remote::Tcp\n\n # Scanner mixin should be near last\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Report\n\n # Aliases for common classes\n SIMPLE = Rex::Proto::SMB::SimpleClient\n XCEPT = Rex::Proto::SMB::Exceptions\n CONST = Rex::Proto::SMB::Constants\n\n def initialize\n super(\n 'Name' => 'SMBv1 Protocol Detection',\n 'Description' => 'Detect systems that support the SMBv1 protocol',\n 'Author' => 'Chance Johnson @loftwing',\n 'License' => MSF_LICENSE\n )\n\n register_options([ Opt::RPORT(445) ])\n end\n\n # Modified from smb2 module by @hdm\n # Fingerprint a single host\n def run_host(ip)\n begin\n connect\n\n # Only accept NT LM 0.12 dialect and WfW3.0\n dialects = ['PC NETWORK PROGRAM 1.0',\n 'LANMAN1.0',\n 'Windows for Workgroups 3.1a',\n 'LM1.2X002',\n 'LANMAN2.1',\n 'NT LM 0.12']\n data = dialects.collect { |dialect| \"\\x02\" + dialect + \"\\x00\" }.join('')\n\n pkt = Rex::Proto::SMB::Constants::SMB_NEG_PKT.make_struct\n pkt['Payload']['SMB'].v['Command'] = Rex::Proto::SMB::Constants::SMB_COM_NEGOTIATE\n pkt['Payload']['SMB'].v['Flags1'] = 0x08\n pkt['Payload']['SMB'].v['Flags2'] = 0xc801\n pkt['Payload'].v['Payload'] = data\n\n pkt['Payload']['SMB'].v['ProcessID'] = rand(0x10000)\n pkt['Payload']['SMB'].v['MultiplexID'] = rand(0x10000)\n\n sock.put(pkt.to_s)\n res = sock.get_once\n # expecting \\xff instead of \\xfe\n if res && res.index(\"\\xffSMB\")\n print_good(\"#{ip} supports SMBv1 dialect.\")\n report_note(\n host: ip,\n proto: 'tcp',\n sname: 'smb1',\n port: rport,\n type: \"supports SMB 1\"\n )\n end\n rescue ::Rex::ConnectionError\n rescue EOFError\n rescue Errno::ECONNRESET\n rescue ::Exception => e\n print_error(\"#{rhost}: #{e.class} #{e} #{e.backtrace}\")\n ensure\n disconnect\n end\n end\nend\n", "metasploitReliability": "", "metasploitHistory": ""}, "lastseen": "2019-10-22T16:26:00", "differentElements": ["sourceData"], "edition": 56}, {"bulletin": {"id": "MSF:AUXILIARY/SCANNER/SMB/SMB1", "hash": "4a41415b4060c2616dffebb2ed6729b1", "type": "metasploit", "bulletinFamily": "exploit", "title": "SMBv1 Protocol Detection", "description": "Detect systems that support the SMBv1 protocol\n", "published": "2017-09-14T21:59:39", "modified": "2017-09-18T20:02:38", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2019-10-22T20:02:27", "history": [], "viewCount": 257, "enchantments": {"score": {"value": 2.5, "vector": "NONE", "modified": "2019-10-22T20:02:27"}, "dependencies": {"references": [{"type": "threatpost", "idList": ["THREATPOST:9BC1B113CDD3C86D30DEB5648D4DB177"]}, {"type": "tenable", "idList": ["TENABLE:0233D53A82E16C59E35C51B21491BD62"]}, {"type": "thn", "idList": ["THN:9269E53DB7E4D99ED8A3314F02869A30"]}, {"type": "mozilla", "idList": ["MFSA2019-34"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310891968", "OPENVAS:1361412562310891967", "OPENVAS:1361412562310891961", "OPENVAS:1361412562310704546", "OPENVAS:1361412562310891962", "OPENVAS:1361412562310704545", "OPENVAS:1361412562310891966", "OPENVAS:1361412562310891965", "OPENVAS:1361412562310844204", "OPENVAS:1361412562310114148"]}, {"type": "ubuntu", "idList": ["USN-4162-1"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:F049AE2BB0739D7D9D8E368907DF1C29"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2348-1", "OPENSUSE-SU-2019:2344-1"]}, {"type": "kitploit", "idList": ["KITPLOIT:3183765424997503481"]}, {"type": "talosblog", "idList": ["TALOSBLOG:5A9BEF09DC8FF93E258E2D51361D11E8"]}], "modified": "2019-10-22T20:02:27"}}, "objectVersion": "1.4", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/smb/smb1.rb", "sourceData": "", "metasploitReliability": "", "metasploitHistory": ""}, "lastseen": "2019-10-22T20:02:27", "differentElements": ["sourceData"], "edition": 57}, {"bulletin": {"id": "MSF:AUXILIARY/SCANNER/SMB/SMB1", "hash": "d52b4a7349bfdfed69120e316a13882a", "type": "metasploit", "bulletinFamily": "exploit", "title": "SMBv1 Protocol Detection", "description": "Detect systems that support the SMBv1 protocol\n", "published": "2017-09-14T21:59:39", "modified": "2017-09-18T20:02:38", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2019-10-22T22:05:37", "history": [], "viewCount": 263, "enchantments": {"score": {"value": -1.3, "vector": "NONE", "modified": "2019-10-22T22:05:37"}, "dependencies": {"references": [{"type": "kitploit", "idList": ["KITPLOIT:3074882932405142153"]}, {"type": "talosblog", "idList": ["TALOSBLOG:6631705A9B0F56348E3E1A97469105A1"]}, {"type": "nessus", "idList": ["JUNIPER_JSA10956.NASL", "GOOGLE_CHROME_78_0_3904_87.NASL", "REDHAT-RHSA-2019-3281.NASL", "REDHAT-RHSA-2019-3286.NASL", "MACOSX_FUSION_VMSA_2019_0019.NASL", "OPENSUSE-2019-2418.NASL", "ORACLELINUX_ELSA-2019-3286.NASL", "SL_20191031_PHP_ON_SL7_X.NASL", "CENTOS_RHSA-2019-3193.NASL", "CENTOS_RHSA-2019-3210.NASL"]}], "modified": "2019-10-22T22:05:37"}}, "objectVersion": "1.4", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/smb/smb1.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n # Exploit mixins should go first\n include Msf::Exploit::Remote::Tcp\n\n # Scanner mixin should be near last\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Report\n\n # Aliases for common classes\n SIMPLE = Rex::Proto::SMB::SimpleClient\n XCEPT = Rex::Proto::SMB::Exceptions\n CONST = Rex::Proto::SMB::Constants\n\n def initialize\n super(\n 'Name' => 'SMBv1 Protocol Detection',\n 'Description' => 'Detect systems that support the SMBv1 protocol',\n 'Author' => 'Chance Johnson @loftwing',\n 'License' => MSF_LICENSE\n )\n\n register_options([ Opt::RPORT(445) ])\n end\n\n # Modified from smb2 module by @hdm\n # Fingerprint a single host\n def run_host(ip)\n begin\n connect\n\n # Only accept NT LM 0.12 dialect and WfW3.0\n dialects = ['PC NETWORK PROGRAM 1.0',\n 'LANMAN1.0',\n 'Windows for Workgroups 3.1a',\n 'LM1.2X002',\n 'LANMAN2.1',\n 'NT LM 0.12']\n data = dialects.collect { |dialect| \"\\x02\" + dialect + \"\\x00\" }.join('')\n\n pkt = Rex::Proto::SMB::Constants::SMB_NEG_PKT.make_struct\n pkt['Payload']['SMB'].v['Command'] = Rex::Proto::SMB::Constants::SMB_COM_NEGOTIATE\n pkt['Payload']['SMB'].v['Flags1'] = 0x08\n pkt['Payload']['SMB'].v['Flags2'] = 0xc801\n pkt['Payload'].v['Payload'] = data\n\n pkt['Payload']['SMB'].v['ProcessID'] = rand(0x10000)\n pkt['Payload']['SMB'].v['MultiplexID'] = rand(0x10000)\n\n sock.put(pkt.to_s)\n res = sock.get_once\n # expecting \\xff instead of \\xfe\n if res && res.index(\"\\xffSMB\")\n print_good(\"#{ip} supports SMBv1 dialect.\")\n report_note(\n host: ip,\n proto: 'tcp',\n sname: 'smb1',\n port: rport,\n type: \"supports SMB 1\"\n )\n end\n rescue ::Rex::ConnectionError\n rescue EOFError\n rescue Errno::ECONNRESET\n rescue ::Exception => e\n print_error(\"#{rhost}: #{e.class} #{e} #{e.backtrace}\")\n ensure\n disconnect\n end\n end\nend\n", "metasploitReliability": "", "metasploitHistory": ""}, "lastseen": "2019-10-22T22:05:37", "differentElements": ["modified", "published"], "edition": 58}, {"bulletin": {"id": "MSF:AUXILIARY/SCANNER/SMB/SMB1", "hash": "321cba7dbb2921986893265ac3288c25", "type": "metasploit", "bulletinFamily": "exploit", "title": "SMBv1 Protocol Detection", "description": "Detect systems that support the SMBv1 protocol\n", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2019-11-06T08:35:16", "history": [], "viewCount": 263, "enchantments": {"score": {"value": 0.5, "vector": "NONE", "modified": "2019-11-06T08:35:16"}, "dependencies": {"references": [{"type": "kitploit", "idList": ["KITPLOIT:7323577050718865961"]}, {"type": "nessus", "idList": ["CISCO_PRIME_INFRASTRUCTURE_SA-20190515-PI-RCE.NASL", "SOLARIS10_X86_119060-73.NASL", "UBUNTU_USN-4170-3.NASL", "JIRA_CVE-2019-14999.NASL", "SOLARIS10_119059-74.NASL", "SOLARIS10_X86_125720-71.NASL", "SOLARIS10_125719-60.NASL", "SUSE_SU-2019-2890-1.NASL", "JUNIPER_JSA10974.NASL", "JUNIPER_JSA10965.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143052", "OPENVAS:1361412562310143062", "OPENVAS:1361412562310143091"]}, {"type": "zeroscience", "idList": ["ZSL-2019-5541", "ZSL-2019-5540"]}, {"type": "ubuntu", "idList": ["USN-4170-3"]}, {"type": "ics", "idList": ["ICSMA-19-274-01"]}], "modified": "2019-11-06T08:35:16"}}, "objectVersion": "1.4", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/smb/smb1.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n # Exploit mixins should go first\n include Msf::Exploit::Remote::Tcp\n\n # Scanner mixin should be near last\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Report\n\n # Aliases for common classes\n SIMPLE = Rex::Proto::SMB::SimpleClient\n XCEPT = Rex::Proto::SMB::Exceptions\n CONST = Rex::Proto::SMB::Constants\n\n def initialize\n super(\n 'Name' => 'SMBv1 Protocol Detection',\n 'Description' => 'Detect systems that support the SMBv1 protocol',\n 'Author' => 'Chance Johnson @loftwing',\n 'License' => MSF_LICENSE\n )\n\n register_options([ Opt::RPORT(445) ])\n end\n\n # Modified from smb2 module by @hdm\n # Fingerprint a single host\n def run_host(ip)\n begin\n connect\n\n # Only accept NT LM 0.12 dialect and WfW3.0\n dialects = ['PC NETWORK PROGRAM 1.0',\n 'LANMAN1.0',\n 'Windows for Workgroups 3.1a',\n 'LM1.2X002',\n 'LANMAN2.1',\n 'NT LM 0.12']\n data = dialects.collect { |dialect| \"\\x02\" + dialect + \"\\x00\" }.join('')\n\n pkt = Rex::Proto::SMB::Constants::SMB_NEG_PKT.make_struct\n pkt['Payload']['SMB'].v['Command'] = Rex::Proto::SMB::Constants::SMB_COM_NEGOTIATE\n pkt['Payload']['SMB'].v['Flags1'] = 0x08\n pkt['Payload']['SMB'].v['Flags2'] = 0xc801\n pkt['Payload'].v['Payload'] = data\n\n pkt['Payload']['SMB'].v['ProcessID'] = rand(0x10000)\n pkt['Payload']['SMB'].v['MultiplexID'] = rand(0x10000)\n\n sock.put(pkt.to_s)\n res = sock.get_once\n # expecting \\xff instead of \\xfe\n if res && res.index(\"\\xffSMB\")\n print_good(\"#{ip} supports SMBv1 dialect.\")\n report_note(\n host: ip,\n proto: 'tcp',\n sname: 'smb1',\n port: rport,\n type: \"supports SMB 1\"\n )\n end\n rescue ::Rex::ConnectionError\n rescue EOFError\n rescue Errno::ECONNRESET\n rescue ::Exception => e\n print_error(\"#{rhost}: #{e.class} #{e} #{e.backtrace}\")\n ensure\n disconnect\n end\n end\nend\n", "metasploitReliability": "", "metasploitHistory": ""}, "lastseen": "2019-11-06T08:35:16", "differentElements": ["modified", "published"], "edition": 59}, {"bulletin": {"id": "MSF:AUXILIARY/SCANNER/SMB/SMB1", "hash": "d52b4a7349bfdfed69120e316a13882a", "type": "metasploit", "bulletinFamily": "exploit", "title": "SMBv1 Protocol Detection", "description": "Detect systems that support the SMBv1 protocol\n", "published": "2017-09-14T21:59:39", "modified": "2017-09-18T20:02:38", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2019-11-06T10:41:41", "history": [], "viewCount": 282, "enchantments": {"score": {"value": -0.3, "vector": "NONE", "modified": "2019-11-06T10:41:41"}, "dependencies": {"references": [{"type": "kitploit", "idList": ["KITPLOIT:7323577050718865961"]}, {"type": "nessus", "idList": ["SOLARIS10_119059-74.NASL", "CISCO_PRIME_INFRASTRUCTURE_SA-20190515-PI-RCE.NASL", "JIRA_CVE-2019-14999.NASL", "SOLARIS10_X86_119060-73.NASL", "UBUNTU_USN-4170-3.NASL", "SUSE_SU-2019-2890-1.NASL", "SOLARIS10_X86_125720-71.NASL", "SOLARIS10_125719-60.NASL", "JUNIPER_JSA10974.NASL", "JUNIPER_JSA10965.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143052", "OPENVAS:1361412562310143062", "OPENVAS:1361412562310143091", "OPENVAS:1361412562310143090"]}, {"type": "zeroscience", "idList": ["ZSL-2019-5540", "ZSL-2019-5541"]}, {"type": "ics", "idList": ["ICSMA-19-274-01"]}], "modified": "2019-11-06T10:41:41"}}, "objectVersion": "1.4", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/smb/smb1.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n # Exploit mixins should go first\n include Msf::Exploit::Remote::Tcp\n\n # Scanner mixin should be near last\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Report\n\n # Aliases for common classes\n SIMPLE = Rex::Proto::SMB::SimpleClient\n XCEPT = Rex::Proto::SMB::Exceptions\n CONST = Rex::Proto::SMB::Constants\n\n def initialize\n super(\n 'Name' => 'SMBv1 Protocol Detection',\n 'Description' => 'Detect systems that support the SMBv1 protocol',\n 'Author' => 'Chance Johnson @loftwing',\n 'License' => MSF_LICENSE\n )\n\n register_options([ Opt::RPORT(445) ])\n end\n\n # Modified from smb2 module by @hdm\n # Fingerprint a single host\n def run_host(ip)\n begin\n connect\n\n # Only accept NT LM 0.12 dialect and WfW3.0\n dialects = ['PC NETWORK PROGRAM 1.0',\n 'LANMAN1.0',\n 'Windows for Workgroups 3.1a',\n 'LM1.2X002',\n 'LANMAN2.1',\n 'NT LM 0.12']\n data = dialects.collect { |dialect| \"\\x02\" + dialect + \"\\x00\" }.join('')\n\n pkt = Rex::Proto::SMB::Constants::SMB_NEG_PKT.make_struct\n pkt['Payload']['SMB'].v['Command'] = Rex::Proto::SMB::Constants::SMB_COM_NEGOTIATE\n pkt['Payload']['SMB'].v['Flags1'] = 0x08\n pkt['Payload']['SMB'].v['Flags2'] = 0xc801\n pkt['Payload'].v['Payload'] = data\n\n pkt['Payload']['SMB'].v['ProcessID'] = rand(0x10000)\n pkt['Payload']['SMB'].v['MultiplexID'] = rand(0x10000)\n\n sock.put(pkt.to_s)\n res = sock.get_once\n # expecting \\xff instead of \\xfe\n if res && res.index(\"\\xffSMB\")\n print_good(\"#{ip} supports SMBv1 dialect.\")\n report_note(\n host: ip,\n proto: 'tcp',\n sname: 'smb1',\n port: rport,\n type: \"supports SMB 1\"\n )\n end\n rescue ::Rex::ConnectionError\n rescue EOFError\n rescue Errno::ECONNRESET\n rescue ::Exception => e\n print_error(\"#{rhost}: #{e.class} #{e} #{e.backtrace}\")\n ensure\n disconnect\n end\n end\nend\n", "metasploitReliability": "", "metasploitHistory": ""}, "lastseen": "2019-11-06T10:41:41", "differentElements": ["modified", "published"], "edition": 60}, {"bulletin": {"id": "MSF:AUXILIARY/SCANNER/SMB/SMB1", "hash": "321cba7dbb2921986893265ac3288c25", "type": "metasploit", "bulletinFamily": "exploit", "title": "SMBv1 Protocol Detection", "description": "Detect systems that support the SMBv1 protocol\n", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2019-11-23T17:16:10", "history": [], "viewCount": 282, "enchantments": {"score": {"value": -0.0, "vector": "NONE", "modified": "2019-11-23T17:16:10"}, "dependencies": {"references": [{"type": "talosblog", "idList": ["TALOSBLOG:F707E3F271E987A8739DBDECFEEFAE22"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143164", "OPENVAS:1361412562310143162"]}, {"type": "nessus", "idList": ["SUSE_SU-2019-3034-1.NASL", "SUSE_SU-2019-3030-1.NASL", "SUSE_SU-2019-3033-1.NASL", "FEDORA_2019-6BC8BE9D84.NASL", "FEDORA_2019-8B0BA02338.NASL", "FEDORA_2019-9C2AD3B018.NASL", "REDHAT-RHSA-2019-3929.NASL", "REDHAT-RHSA-2019-3927.NASL", "REDHAT-RHSA-2019-3942.NASL", "REDHAT-RHSA-2019-3940.NASL"]}], "modified": "2019-11-23T17:16:10"}}, "objectVersion": "1.4", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/smb/smb1.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n # Exploit mixins should go first\n include Msf::Exploit::Remote::Tcp\n\n # Scanner mixin should be near last\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Report\n\n # Aliases for common classes\n SIMPLE = Rex::Proto::SMB::SimpleClient\n XCEPT = Rex::Proto::SMB::Exceptions\n CONST = Rex::Proto::SMB::Constants\n\n def initialize\n super(\n 'Name' => 'SMBv1 Protocol Detection',\n 'Description' => 'Detect systems that support the SMBv1 protocol',\n 'Author' => 'Chance Johnson @loftwing',\n 'License' => MSF_LICENSE\n )\n\n register_options([ Opt::RPORT(445) ])\n end\n\n # Modified from smb2 module by @hdm\n # Fingerprint a single host\n def run_host(ip)\n begin\n connect\n\n # Only accept NT LM 0.12 dialect and WfW3.0\n dialects = ['PC NETWORK PROGRAM 1.0',\n 'LANMAN1.0',\n 'Windows for Workgroups 3.1a',\n 'LM1.2X002',\n 'LANMAN2.1',\n 'NT LM 0.12']\n data = dialects.collect { |dialect| \"\\x02\" + dialect + \"\\x00\" }.join('')\n\n pkt = Rex::Proto::SMB::Constants::SMB_NEG_PKT.make_struct\n pkt['Payload']['SMB'].v['Command'] = Rex::Proto::SMB::Constants::SMB_COM_NEGOTIATE\n pkt['Payload']['SMB'].v['Flags1'] = 0x08\n pkt['Payload']['SMB'].v['Flags2'] = 0xc801\n pkt['Payload'].v['Payload'] = data\n\n pkt['Payload']['SMB'].v['ProcessID'] = rand(0x10000)\n pkt['Payload']['SMB'].v['MultiplexID'] = rand(0x10000)\n\n sock.put(pkt.to_s)\n res = sock.get_once\n # expecting \\xff instead of \\xfe\n if res && res.index(\"\\xffSMB\")\n print_good(\"#{ip} supports SMBv1 dialect.\")\n report_note(\n host: ip,\n proto: 'tcp',\n sname: 'smb1',\n port: rport,\n type: \"supports SMB 1\"\n )\n end\n rescue ::Rex::ConnectionError\n rescue EOFError\n rescue Errno::ECONNRESET\n rescue ::Exception => e\n print_error(\"#{rhost}: #{e.class} #{e} #{e.backtrace}\")\n ensure\n disconnect\n end\n end\nend\n", "metasploitReliability": "", "metasploitHistory": ""}, "lastseen": "2019-11-23T17:16:10", "differentElements": ["modified", "published"], "edition": 61}, {"bulletin": {"id": "MSF:AUXILIARY/SCANNER/SMB/SMB1", "hash": "d52b4a7349bfdfed69120e316a13882a", "type": "metasploit", "bulletinFamily": "exploit", "title": "SMBv1 Protocol Detection", "description": "Detect systems that support the SMBv1 protocol\n", "published": "2017-09-14T21:59:39", "modified": "2017-09-18T20:02:38", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2019-11-23T19:16:51", "history": [], "viewCount": 282, "enchantments": {"score": {"value": -0.0, "vector": "NONE", "modified": "2019-11-23T19:16:51"}, "dependencies": {"references": [{"type": "talosblog", "idList": ["TALOSBLOG:F707E3F271E987A8739DBDECFEEFAE22"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143164"]}, {"type": "nessus", "idList": ["FEDORA_2019-8B0BA02338.NASL", "FEDORA_2019-9C2AD3B018.NASL", "REDHAT-RHSA-2019-3929.NASL", "REDHAT-RHSA-2019-3927.NASL", "FEDORA_2019-074BF7D2D3.NASL", "FEDORA_2019-5AE4FD9203.NASL", "FEDORA_2019-6BC8BE9D84.NASL", "OPENSUSE-2019-2541.NASL", "SUSE_SU-2019-3033-1.NASL", "FEDORA_2019-0182D0B304.NASL"]}], "modified": "2019-11-23T19:16:51"}}, "objectVersion": "1.4", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/smb/smb1.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n # Exploit mixins should go first\n include Msf::Exploit::Remote::Tcp\n\n # Scanner mixin should be near last\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Report\n\n # Aliases for common classes\n SIMPLE = Rex::Proto::SMB::SimpleClient\n XCEPT = Rex::Proto::SMB::Exceptions\n CONST = Rex::Proto::SMB::Constants\n\n def initialize\n super(\n 'Name' => 'SMBv1 Protocol Detection',\n 'Description' => 'Detect systems that support the SMBv1 protocol',\n 'Author' => 'Chance Johnson @loftwing',\n 'License' => MSF_LICENSE\n )\n\n register_options([ Opt::RPORT(445) ])\n end\n\n # Modified from smb2 module by @hdm\n # Fingerprint a single host\n def run_host(ip)\n begin\n connect\n\n # Only accept NT LM 0.12 dialect and WfW3.0\n dialects = ['PC NETWORK PROGRAM 1.0',\n 'LANMAN1.0',\n 'Windows for Workgroups 3.1a',\n 'LM1.2X002',\n 'LANMAN2.1',\n 'NT LM 0.12']\n data = dialects.collect { |dialect| \"\\x02\" + dialect + \"\\x00\" }.join('')\n\n pkt = Rex::Proto::SMB::Constants::SMB_NEG_PKT.make_struct\n pkt['Payload']['SMB'].v['Command'] = Rex::Proto::SMB::Constants::SMB_COM_NEGOTIATE\n pkt['Payload']['SMB'].v['Flags1'] = 0x08\n pkt['Payload']['SMB'].v['Flags2'] = 0xc801\n pkt['Payload'].v['Payload'] = data\n\n pkt['Payload']['SMB'].v['ProcessID'] = rand(0x10000)\n pkt['Payload']['SMB'].v['MultiplexID'] = rand(0x10000)\n\n sock.put(pkt.to_s)\n res = sock.get_once\n # expecting \\xff instead of \\xfe\n if res && res.index(\"\\xffSMB\")\n print_good(\"#{ip} supports SMBv1 dialect.\")\n report_note(\n host: ip,\n proto: 'tcp',\n sname: 'smb1',\n port: rport,\n type: \"supports SMB 1\"\n )\n end\n rescue ::Rex::ConnectionError\n rescue EOFError\n rescue Errno::ECONNRESET\n rescue ::Exception => e\n print_error(\"#{rhost}: #{e.class} #{e} #{e.backtrace}\")\n ensure\n disconnect\n end\n end\nend\n", "metasploitReliability": "", "metasploitHistory": ""}, "lastseen": "2019-11-23T19:16:51", "differentElements": ["description", "modified", "published", "sourceData", "sourceHref", "title"], "edition": 62}, {"bulletin": {"id": "MSF:AUXILIARY/SCANNER/SMB/SMB1", "hash": "dafc56bf6b97010d950e395296012eaf", "type": "metasploit", "bulletinFamily": "exploit", "title": "Oracle Application Testing Suite WebLogic Server Administration Console War Deployment", "description": "This module abuses a feature in WebLogic Server's Administration Console to install a malicious Java application in order to gain remote code execution. Alas, it\n# does produce tolower safe and UTF8 safe payloads. ';\n when :invalid_server\n print_error 'The server you specified was invalid';\n when :not_on_primary\n print_error 'You must be on the primary domain controller to do that';\n when :user_not_found\n print_error 'User did not exist! Courses focus on real-world skills and applicability, preparing you for real-life challenges. \n\n \n \n #ruby modules/encoders/string/base64/secgen_local/local.rb --strings_to_encode \"encode this\" --strings_to_encode \"and this\"\n BASE64 Encoder\n Encoding '[\"encode this\", \"and this\"]'\n Encoded: [\"ZW5jb2RlIHRoaXM=\", \"YW5kIHRoaXM=\"]\n [\"ZW5jb2RlIHRoaXM=\",\"YW5kIHRoaXM=\"]\n\n \n\n\n[ ! This removes the requirement for end users of the framework to understand SecGen's configuration specification. In the meantime, the scanners can only scan to a single Synology NAS ]( \"Z.C. The sysadmin\n login is added to the local SQL Server using native SQL clients and\n stored procedures.

No bull. A Librarian-Puppet file is created to manage modules, and some required modules may be obtained via PuppetForge, and therefore an Internet connection is required when building the project. This encoder has been found useful on\n situations where '&' (0x26) is a badchar. For example, a scenario could specify the creation of a system with a remotely exploitable vulnerability that would result in user-level compromise, and a locally exploitable flaw that would result in root-level compromise.