Lucene search
ThelightcosineMSF:AUXILIARY-SCANNER-WINRM-WINRM_AUTH_METHODS-HistoryOct 19, 2012 - 8:08 p.m.
WinRM Authentication Method Detection
2012-10-1920:08:58
thelightcosine
www.rapid7.com
13
This module sends a request to an HTTP/HTTPS service to see if it is a WinRM service. If it is a WinRM service, it also gathers the Authentication Methods supported.
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::WinRM
include Msf::Auxiliary::Report
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'WinRM Authentication Method Detection',
'Description' => %q{
This module sends a request to an HTTP/HTTPS service to see if it is a WinRM service.
If it is a WinRM service, it also gathers the Authentication Methods supported.
},
'Author' => [ 'thelightcosine' ],
'License' => MSF_LICENSE
)
deregister_options('USERNAME', 'PASSWORD')
end
def run_host(ip)
resp = make_unauthenticated_request
return nil if resp.nil?
if (resp.code == 401) && resp.headers['Server'] && resp.headers['Server'].include?('Microsoft-HTTPAPI')
methods = parse_auth_methods(resp)
desc = resp.headers['Server'] + ' Authentication Methods: ' + methods.to_s
report_service(
host: ip,
port: rport,
proto: 'tcp',
name: 'winrm',
info: desc
)
print_good "#{ip}:#{rport}: Negotiate protocol supported" if methods.include? 'Negotiate'
print_good "#{ip}:#{rport}: Kerberos protocol supported" if methods.include? 'Kerberos'
print_good "#{ip}:#{rport}: Basic protocol supported" if methods.include? 'Basic'
else
print_error "#{ip}:#{rport} Does not appear to be a WinRM server"
end
end
end