Don't report duplicate Net-NTLM hashes

zeroSteiner · zeroSteiner · commit a47b3fe69471 · 2022-05-27T14:13:06.000-04:00
diff --git a/lib/msf/core/exploit/remote/smb/server/hash_capture.rb b/lib/msf/core/exploit/remote/smb/server/hash_capture.rb
@@ -54,14 +54,6 @@ def report_ntlm_type3(address:, ntlm_type1:, ntlm_type2:, ntlm_type3:)
 
     return if hash_type.nil?
 
-    # TODO: write method for mapping +major+ and +minor+ OS values to human-readable OS names.
-    # client_os_version = ::NTLM::OSVersion.read(type1_msg.os_version)
-    print_line "[SMB] #{hash_type} Client     : #{address}"
-    # print_line "[SMB] #{hash_type} Client OS  : #{client_os_version}"
-    print_line "[SMB] #{hash_type} Username   : #{domain}\\#{user}"
-    print_line "[SMB] #{hash_type} Hash       : #{combined_hash}"
-    print_line
-
     jtr_format = ntlm_message.ntlm_version == :ntlmv1 ? JTR_NTLMV1 : JTR_NTLMV2
 
     if active_db?
@@ -103,9 +95,31 @@ def report_ntlm_type3(address:, ntlm_type1:, ntlm_type2:, ntlm_type3:)
       # found_host.os_name = credential_options[:client_os_version]
       # found_host.save!
 
+      search_options = {
+        ptype: credential_options[:jtr_format],
+        realm: credential_options[:realm_value],
+        user: credential_options[:username],
+        hosts: credential_options[:address],
+        jtr_format: credential_options[:jtr_format],
+        type: Metasploit::Credential::NonreplayableHash,
+        workspace: framework.db.workspace
+      }
+      if framework.db.creds(search_options).count > 0
+        vprint_status("Skipping previously captured hash for #{credential_options[:realm_value]}\\#{credential_options[:username]}")
+        return
+      end
+
       create_credential(credential_options)
     end
 
+    # TODO: write method for mapping +major+ and +minor+ OS values to human-readable OS names.
+    # client_os_version = ::NTLM::OSVersion.read(type1_msg.os_version)
+    print_line "[SMB] #{hash_type} Client     : #{address}"
+    # print_line "[SMB] #{hash_type} Client OS  : #{client_os_version}"
+    print_line "[SMB] #{hash_type} Username   : #{domain}\\#{user}"
+    print_line "[SMB] #{hash_type} Hash       : #{combined_hash}"
+    print_line
+
     if datastore['JOHNPWFILE']
       path = build_jtr_file_name(jtr_format)
 
