Metasploit password capturing modules

I recently finished writing three Metasploit modules for capturing passwords for VNC, SQL Server and DB2 (and other DRDA based databases). Being new to the Metasploit project (from a development perspective), Ruby and Git I can honestly say it was a challenge. I probably spent more time understanding Git and Ruby than implementing the actual network services. Having contributed a lot of “client” scripts to the Nmap project I decided it was time to implement some server components and the Metasploit project seemed to be a good option. All in all, it was a fun project and the review process went very smoothly and the modules were merged quickly.

In terms of the modules, they’re pretty straight forward;

  • vnc.rb allows capturing challenge/response pairs for authentication suitable to send to JTR
  • mssql.rb allows capturing both NTLM challenge/response authentication and the weaker “encoded” passwords
  • drda.rb allows capturing and decoding EBDIC encoded username and passwords

I have a few more modules I hope to implement ones I finish some other stuff I’m currently working on.

This entry was posted in Uncategorized on by .

About admin

Patrik Karlsson created in 2001 as a way of assisting security professionals around the globe with the necessary tools for improving security in IT-systems. Patrik has developed all of the tools that are published on the site, he also maintains and improves them on a somewhat regular basis.