FTP mixin: Fixes & improvements#21416
Conversation
cfba246 to
d15b4b2
Compare
|
Thanks for the feedback @adfoster-r7 - Forced pushed with changes. |
0974f67 to
f5ba15a
Compare
|
Its now able to report_service on a non-ftp service, as well as report_host on a service that is down. Before$ git checkout master
Already on 'master'
Your branch is up to date with 'origin/master'.
$ ./msfconsole -q -x 'workspace -D;
use auxiliary/scanner/ftp/ftp_version;
set RHOSTS 10.0.0.10;'
[*] Deleted workspace: default
[*] Recreated the default workspace
RHOSTS => 10.0.0.10
msf auxiliary(scanner/ftp/ftp_version) > set RPORT 22
RPORT => 22
msf auxiliary(scanner/ftp/ftp_version) > run
[*] 10.0.0.10:22 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ftp/ftp_version) > workspace -v
Workspaces
==========
current name hosts services vulns creds loots notes
------- ---- ----- -------- ----- ----- ----- -----
* default 0 0 0 0 0 0
msf auxiliary(scanner/ftp/ftp_version) >
msf auxiliary(scanner/ftp/ftp_version) >
msf auxiliary(scanner/ftp/ftp_version) >
msf auxiliary(scanner/ftp/ftp_version) >
msf auxiliary(scanner/ftp/ftp_version) > set RPORT 999
RPORT => 999
msf auxiliary(scanner/ftp/ftp_version) > run
[*] 10.0.0.10:999 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ftp/ftp_version) >
msf auxiliary(scanner/ftp/ftp_version) > workspace -v
Workspaces
==========
current name hosts services vulns creds loots notes
------- ---- ----- -------- ----- ----- ----- -----
* default 1 0 0 0 0 0
msf auxiliary(scanner/ftp/ftp_version) >After$ git checkout ftp_mixin
branch 'ftp_mixin' set up to track 'origin/ftp_mixin'.
Switched to a new branch 'ftp_mixin'
$ ./msfconsole -q -x 'workspace -D;
use auxiliary/scanner/ftp/ftp_version;
set RHOSTS 10.0.0.10;'
[*] Deleted workspace: default
[*] Recreated the default workspace
RHOSTS => 10.0.0.10
msf auxiliary(scanner/ftp/ftp_version) > set RPORT 22
RPORT => 22
msf auxiliary(scanner/ftp/ftp_version) > run
[*] 10.0.0.10:22 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ftp/ftp_version) > workspace -v
Workspaces
==========
current name hosts services vulns creds loots notes
------- ---- ----- -------- ----- ----- ----- -----
* default 1 1 0 0 0 0
msf auxiliary(scanner/ftp/ftp_version) > services
Services
========
host port proto name state info resource parents
---- ---- ----- ---- ----- ---- -------- -------
10.0.0.10 22 tcp open {}
msf auxiliary(scanner/ftp/ftp_version) >
msf auxiliary(scanner/ftp/ftp_version) >
msf auxiliary(scanner/ftp/ftp_version) >
msf auxiliary(scanner/ftp/ftp_version) > workspace -D
[*] Deleted workspace: default
[*] Recreated the default workspace
msf auxiliary(scanner/ftp/ftp_version) > set RPORT 999
RPORT => 999
msf auxiliary(scanner/ftp/ftp_version) > run
[*] 10.0.0.10:999 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ftp/ftp_version) > workspace -v
Workspaces
==========
current name hosts services vulns creds loots notes
------- ---- ----- -------- ----- ----- ----- -----
* default 1 0 0 0 0 0
msf auxiliary(scanner/ftp/ftp_version) > |
90e0406 to
7e8de0b
Compare
113cc53 to
15d8920
Compare
|
Think I've finished tweaking with this PR! |
cdelafuente-r7
left a comment
There was a problem hiding this comment.
Thanks @g0tmi1k for these updates. I left a few suggestions and comments. Please, add specs to test all these changes. We started to require strict unit tests for library changes.
Also, this PR was suppose to be related to the fingerprinting using Recog, but, it looks like it updates more things in the library. Please, consider splitting it in multiple PR's if there is no dependency between these changes.
45ffc94 to
e909c17
Compare
|
Hello once again @cdelafuente-r7. Please let me know any other changes that fits! |
cdelafuente-r7
left a comment
There was a problem hiding this comment.
Thanks @g0tmi1k for your last updates. I left some comments.
|
Hi once again @cdelafuente-r7 - think everything as been addressed/answered =) |
cdelafuente-r7
left a comment
There was a problem hiding this comment.
Specs are failing due to the addition of # frozen_string_literal: true. This is due to an issue in #recv_ftp_resp (lib/msf/core/exploit/remote/ftp.rb): @ftpbuff is now frozen by default and this method tries to modify it. This is not related to this PR. So, please remove the # frozen_string_literal: true directive for now and we will fix the mixin later in an other PR. Sorry about that.
Also, a good practice is to run the specs locally to detect any issue like this, specially if you updated them:
bundle exec rspec spec/lib/msf/core/exploit/remote/ftp_spec.rb
LLM was used here
|
Noted @cdelafuente-r7. Think its good now (passing local!) |
|
Thanks @g0tmi1k ! This looks good to me. I'll go ahead and land it. |
Release NotesThis updates the Exploit::Remote::Ftp mixin to improve target fingerprinting. It now leverages recog to fingerprint targets from their banners and adds ftp_fingerprint and ftp_list_directory methods to assist with target enumeration. |
|
Woohoo! Thanks @cdelafuente-r7 🥳 |
This started from @cdelafuente-r7's feedback in #21380 (comment)
This PR fixes a few things:
banner_versionftp_fingerprint)Use recog
Target is Metasploitable 2.
After
Proof