I recently finished writing three Metasploit modules for capturing passwords for VNC, SQL Server and DB2 (and other DRDA based databases). Being new to the Metasploit project (from a development perspective), Ruby and Git I can honestly say it was a challenge. I probably spent more time understanding Git and Ruby than implementing the actual network services. Having contributed a lot of “client” scripts to the Nmap project I decided it was time to implement some server components and the Metasploit project seemed to be a good option. All in all, it was a fun project and the review process went very smoothly and the modules were merged quickly.

In terms of the modules, they’re pretty straight forward;

• vnc.rb allows capturing challenge/response pairs for authentication suitable to send to JTR
• mssql.rb allows capturing both NTLM challenge/response authentication and the weaker “encoded” passwords
• drda.rb allows capturing and decoding EBDIC encoded username and passwords

I have a few more modules I hope to implement ones I finish some other stuff I’m currently working on.

This entry was posted on Thursday, July 12th, 2012 at 5:16 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.