updating parts of cisco to use creds

Author: darkbushido

lib/msf/core/auxiliary/cisco.rb

@@ -32,30 +32,54 @@ def cisco_ios_decrypt7(inp)
     end
     clear
   end
+  
+  def create_credential_and_login(opts={})
+    return nil unless active_db?
 
-  def cisco_ios_config_eater(thost, tport, config)
+    if self.respond_to?(:[]) and self[:task]
+      opts[:task_id] ||= self[:task].record.id
+    end
+
+    core               = opts.fetch(:core, create_credential(opts))
+    access_level       = opts.fetch(:access_level, nil)
+    last_attempted_at  = opts.fetch(:last_attempted_at, nil)
+    status             = opts.fetch(:status, Metasploit::Model::Login::Status::UNTRIED)
+
+    login_object = nil
+    retry_transaction do
+      service_object = create_credential_service(opts)
+      login_object = Metasploit::Credential::Login.where(core_id: core.id, service_id: service_object.id).first_or_initialize
+
+      if opts[:task_id]
+        login_object.tasks << Mdm::Task.find(opts[:task_id])
+      end
+
+      login_object.access_level      = access_level if access_level
+      login_object.last_attempted_at = last_attempted_at if last_attempted_at
+      if status == Metasploit::Model::Login::Status::UNTRIED
+        if login_object.last_attempted_at.nil?
+          login_object.status = status
+        end
+      else
+        login_object.status = status
+      end
+      login_object.save!
+    end
+
+    login_object
+  end
+  
 
-    #
-    # Create a template hash for cred reporting
-    #
-    # cred_info = {
-    #   :host  => thost,
-    #   :port  => tport,
-    #   :user  => "",
-    #   :pass  => "",
-    #   :type  => "",
-    #   :collect_type => "",
-    #   :active => true
-    # }
+  def cisco_ios_config_eater(thost, tport, config)
 
     credential_data = {
       address: thost,
       port: tport,
       protocol: 'tcp',
       workspace_id: myworkspace_id,
-    
       origin_type: :service,
       module_fullname: self.fullname,
+      status: Metasploit::Model::Login::Status::UNTRIED
     }
 
     # Default SNMP to UDP
@@ -87,8 +111,8 @@ def cisco_ios_config_eater(thost, tport, config)
 
             cred = credential_data.dup
             cred[:private_data] = shash
-            cred[:private_type] = :password_hash
-            create_credential(cred)
+            cred[:private_type] = :password
+            create_credential_and_login(cred)
 
           end
 
@@ -100,7 +124,7 @@ def cisco_ios_config_eater(thost, tport, config)
             cred = credential_data.dup
             cred[:private_data] = shash
             cred[:private_type] = :password
-            create_credential(cred)
+            create_credential_and_login(cred)
           end
 
         when /^\s*enable password (.*)/i
@@ -110,7 +134,7 @@ def cisco_ios_config_eater(thost, tport, config)
           cred = credential_data.dup
           cred[:private_data] = spass
           cred[:private_type] = :password
-          create_credential(cred)
+          create_credential_and_login(cred)
 
 #
 # SNMP
@@ -120,21 +144,17 @@ def cisco_ios_config_eater(thost, tport, config)
           scomm = $1.strip
           print_good("#{thost}:#{tport} SNMP Community (#{stype}): #{scomm}")
 
+          cred = credential_data.dup
           if stype.downcase == "ro"
-            ptype = "password_ro"
+            cred[:access_level] = "RO"
           else
-            ptype = "password"
+            cred[:access_level] = "RW"
           end
-
-          cred = cred_info.dup
-          cred[:sname] = "snmp"
-          cred[:pass] = scomm
-          cred[:type] = ptype
-          cred[:collect_type] = ptype
-          cred[:proto] = "udp"
-          cred[:port]  = 161
-          store_cred(cred)
-
+          cred[:protocol] = "udp"
+          cred[:port] = 161
+          cred[:private_data] = scomm
+          cred[:private_type] = :password
+          create_credential_and_login(cred)
 #
 # VTY Passwords
 #

spec/lib/msf/core/auxiliary/cisco_spec.rb

@@ -13,36 +13,82 @@ def framework
           'DeferModuleLoads' => true
       )
     end
+    def active_db?
+      true
+    end
     def print_good(str=nil)
       raise StandardError.new("This method needs to be stubbed.")
     end
     def store_cred(hsh=nil)
       raise StandardError.new("This method needs to be stubbed.")
     end
     def fullname
-      "Dummy Class / Dummy Ref"
+      "auxiliary/scanner/snmp/cisco_dummy"
     end
   end
 
   subject(:aux_cisco) { DummyClass.new }
 
+  context '#create_credential_and_login' do
+    
+    let(:session) { FactoryGirl.create(:mdm_session) }
+
+    let(:task) { FactoryGirl.create(:mdm_task, workspace: workspace)}
+
+    let(:user) { FactoryGirl.create(:mdm_user)}
+
+    let(:workspace) { FactoryGirl.create(:mdm_workspace) }
+
+    subject(:test_object) { DummyClass.new }
+    
+    let(:workspace) { FactoryGirl.create(:mdm_workspace) }
+    let(:service) { FactoryGirl.create(:mdm_service, host: FactoryGirl.create(:mdm_host, workspace: workspace)) }
+    let(:task) { FactoryGirl.create(:mdm_task, workspace: workspace) }
+    
+    let(:login_data) {
+      {
+        address: service.host.address,
+        port: service.port,
+        service_name: service.name,
+        protocol: service.proto,
+        workspace_id: workspace.id,
+        origin_type: :service,
+        module_fullname: 'auxiliary/scanner/smb/smb_login',
+        realm_key: 'Active Directory Domain',
+        realm_value: 'contosso',
+        username: 'Username',
+        private_data: 'password',
+        private_type: :password,
+        status: Metasploit::Model::Login::Status::UNTRIED
+      }
+    }
+    it 'creates a Metasploit::Credential::Login' do
+      expect{test_object.create_credential_and_login(login_data)}.to change{Metasploit::Credential::Login.count}.by(1)
+    end
+    it "associates the Metasploit::Credential::Core with a task if passed" do
+      login = test_object.create_credential_and_login(login_data.merge(task_id: task.id))
+      expect(login.tasks).to include(task)
+    end
+  end
+  
   context '#cisco_ios_config_eater' do
 
     it 'deals with udp ports' do
       expect(aux_cisco).to receive(:print_good).with('127.0.0.1:161 Unencrypted Enable Password: 1511021F0725')
       expect(aux_cisco).to receive(:store_loot).with(
         "cisco.ios.config", "text/plain", "127.0.0.1", "enable password 1511021F0725", "config.txt", "Cisco IOS Configuration"
       )
-      expect(aux_cisco).to receive(:store_cred).with(
+      expect(aux_cisco).to receive(:create_credential_and_login).with(
         {
-          host: "127.0.0.1",
+          address: "127.0.0.1",
           port: 161,
-          user: "",
-          pass: "1511021F0725",
-          type: "password",
-          collect_type: "password",
-          active: true,
-          proto: 'udp'
+          protocol: "udp",
+          workspace_id: nil,
+          origin_type: :service,
+          module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
+          private_data: "1511021F0725",
+          private_type: :password,
+          status: Metasploit::Model::Login::Status::UNTRIED
         }
       )
       aux_cisco.cisco_ios_config_eater('127.0.0.1',161,'enable password 1511021F0725')
@@ -58,18 +104,20 @@ def fullname
         expect(aux_cisco).to receive(:store_loot).with(
           "cisco.ios.config", "text/plain", "127.0.0.1", "enable password 0 password0", "config.txt", "Cisco IOS Configuration"
         )
-        expect(aux_cisco).to receive(:create_credential).with(
+        expect(aux_cisco).to receive(:create_credential_and_login).with(
           {
             address: "127.0.0.1",
             port: 1337,
             protocol: "tcp",
             workspace_id: nil,
             origin_type: :service,
-            module_fullname: "Dummy Class / Dummy Ref",
+            module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
             private_data: "password0",
-            private_type: :password
+            private_type: :password,
+            status: Metasploit::Model::Login::Status::UNTRIED
           }
         )
+        
         aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'enable password 0 password0')
       end
 
@@ -86,16 +134,17 @@ def fullname
         expect(aux_cisco).to receive(:store_loot).with(
           "cisco.ios.config", "text/plain", "127.0.0.1", "enable password 7 1511021F0725", "config.txt", "Cisco IOS Configuration"
         )
-        expect(aux_cisco).to receive(:create_credential).with(
+        expect(aux_cisco).to receive(:create_credential_and_login).with(
           {
             address: "127.0.0.1",
             port: 1337,
             protocol: "tcp",
             workspace_id: nil,
             origin_type: :service,
-            module_fullname: "Dummy Class / Dummy Ref",
+            module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
             private_data: "cisco",
-            private_type: :password
+            private_type: :password,
+            status: Metasploit::Model::Login::Status::UNTRIED
           }
         )
         aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'enable password 7 1511021F0725')
@@ -108,16 +157,17 @@ def fullname
       expect(aux_cisco).to receive(:store_loot).with(
         "cisco.ios.config", "text/plain", "127.0.0.1", "enable password 1511021F0725", "config.txt", "Cisco IOS Configuration"
       )
-      expect(aux_cisco).to receive(:create_credential).with(
+      expect(aux_cisco).to receive(:create_credential_and_login).with(
         {
           address: "127.0.0.1",
           port: 1337,
           protocol: "tcp",
           workspace_id: nil,
           origin_type: :service,
-          module_fullname: "Dummy Class / Dummy Ref",
+          module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
           private_data: "1511021F0725",
-          private_type: :password
+          private_type: :password,
+          status: Metasploit::Model::Login::Status::UNTRIED
         }
       )
       aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'enable password 1511021F0725')
@@ -127,35 +177,37 @@ def fullname
 
       it 'with RO' do
         expect(aux_cisco).to receive(:print_good).with('127.0.0.1:1337 SNMP Community (RO): 1511021F0725')
-        expect(aux_cisco).to receive(:store_cred).with(
+        expect(aux_cisco).to receive(:create_credential_and_login).with(
           {
-            :host=>"127.0.0.1",
-            :port=>161,
-            :user=>"",
-            :pass=>"1511021F0725",
-            :type=>"password_ro",
-            :collect_type=>"password_ro",
-            :sname=>"snmp",
-            :proto=>"udp",
-            :active=>true
+            address: "127.0.0.1",
+            port: 161,
+            protocol: "udp",
+            workspace_id: nil,
+            origin_type: :service,
+            module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
+            private_data: "1511021F0725",
+            private_type: :password,
+            status: Metasploit::Model::Login::Status::UNTRIED,
+            access_level: 'RO'
           }
         )
         aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'snmp-server community 1511021F0725 RO')
       end
 
       it 'with RW' do
         expect(aux_cisco).to receive(:print_good).with('127.0.0.1:1337 SNMP Community (RW): 1511021F0725')
-        expect(aux_cisco).to receive(:store_cred).with(
+        expect(aux_cisco).to receive(:create_credential_and_login).with(
           {
-            :host=>"127.0.0.1",
-            :port=>161,
-            :user=>"",
-            :pass=>"1511021F0725",
-            :type=>"password",
-            :collect_type=>"password",
-            :sname=>"snmp",
-            :proto=>"udp",
-            :active=>true
+            address: "127.0.0.1",
+            port: 161,
+            protocol: "udp",
+            workspace_id: nil,
+            origin_type: :service,
+            module_fullname: "auxiliary/scanner/snmp/cisco_dummy",
+            private_data: "1511021F0725",
+            private_type: :password,
+            status: Metasploit::Model::Login::Status::UNTRIED,
+            access_level: 'RW'
           }
         )
         aux_cisco.cisco_ios_config_eater('127.0.0.1',1337,'snmp-server community 1511021F0725 RW')