diff --git a/VERSION b/VERSION index 65087b4..e25d8d9 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.1.4 +1.1.5 diff --git a/content/FTP/FTP.gsm b/content/FTP/FTP.gsm index 9b3dd81..268e320 100644 --- a/content/FTP/FTP.gsm +++ b/content/FTP/FTP.gsm @@ -145,8 +145,7 @@ sub activate { if ($login){ my $message="FTP Host supports anonymous login with $u:$p"; - #$MainScan->StoreGuessedPassword($target,"vuln", "FTP","$u","$p","GSM-FTP-1",$message); - # Instead of storing it in a flat file, use the credential manager + $MainScan->RecordVulnerability($target, "GSM-FTP-1", $message); $credentialManager->addCredential( 'type' => 'fto', 'user' => "$u", @@ -154,6 +153,7 @@ sub activate { 'system' => "$host", 'comment' => uc($protocol) . "/$port (GSM:$name)" ); + } #>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> diff --git a/content/LDAP/LDAP.gsm b/content/LDAP/LDAP.gsm index 98ff559..0b5d4b3 100644 --- a/content/LDAP/LDAP.gsm +++ b/content/LDAP/LDAP.gsm @@ -211,7 +211,7 @@ sub activate { my @credentials = $MainScan->ReadFile($credentialsFile); my @success; # Iterate over the credentials and test them - my $i=0; + my ($compromised,$i)=(0,0); for my $credential (@credentials){ # Skip lines that begin with whitespace next if ($credential =~ /^\s/); @@ -238,7 +238,7 @@ sub activate { } close $F; } - my $message="LDAP server found with default credentials."; + $compromised=1; #$MainScan->StoreGuessedPassword($target, "vuln", "LDAP", "$user", "$pass", "GSM-LDAP-2", $message); # Instead of storing it in a flat file, use the credential manager my $comment = uc($protocol) . "/$port (GSM:$name)"; @@ -254,6 +254,11 @@ sub activate { push @success, $credential; } + if ($compromised){ + my $message="LDAP server found with default credentials."; + $MainScan->RecordVulnerability($target, "GSM-LDAP-1", $message); + } + if ($namingContext){ $MainScan->SetListItem("$outputDir/hostInfo.txt","LDAPNamingContext: $namingContext"); } diff --git a/content/Oracle/Oracle.gsm b/content/Oracle/Oracle.gsm index ee75f39..04badfe 100644 --- a/content/Oracle/Oracle.gsm +++ b/content/Oracle/Oracle.gsm @@ -198,9 +198,6 @@ sub activate { $accounts++; $data{"$SID"}{'accounts'}=$accounts; $compromised=1; - my $message="Logged into Oracle database SID $SID with $user:$pass"; - #$MainScan->StoreGuessedPassword($target,"vuln", "Oracle","${SID}|$user","$pass","GSM-Oracle-1",$message); - # Instead of storing it in a flat file, use the credential manager $credentialManager->addCredential( 'type' => 'oracle', 'user' => "$user", @@ -212,19 +209,10 @@ sub activate { } } - ## List the SIDs with compromised accounts - #if ($compromised && open(ORA,">${outputDir}/oracleAccounts-${port}.txt")){ - # for my $sid (keys(%data)){ - # print ORA "*** SID: $sid ***\n"; - # my $accounts=$data{"$sid"}{'accounts'}; - # for (my $a=0; $a<$accounts; $a++){ - # my $user=$data{"$sid"}{'user'}{$a}; - # my $pass=$data{"$sid"}{'pass'}{$a}; - # print ORA "$user:$pass\n"; - # } - # } - # close ORA; - #} + if ($compromised){ + my $message="Logged into Oracle database SID $SID - run \"accounts\" to view credentials."; + $MainScan->RecordVulnerability($target, "GSM-Oracle-1", $message); + } } #>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> diff --git a/content/SSH/SSH.gsm b/content/SSH/SSH.gsm index d384d4c..9af50bc 100644 --- a/content/SSH/SSH.gsm +++ b/content/SSH/SSH.gsm @@ -211,6 +211,9 @@ sub activate { 'system' => "$host", 'comment' => uc($protocol) . "/$port (GSM:$name)" ); + + my $message="Logged in as $username password $password"; + $MainScan->RecordCompromise($target, "GSM-SSH-1", $message); last; } } diff --git a/content/VERSION b/content/VERSION index 65087b4..e25d8d9 100644 --- a/content/VERSION +++ b/content/VERSION @@ -1 +1 @@ -1.1.4 +1.1.5