telnet and ssh next

Author: David Maloney

lib/metasploit/framework/login_scanner/ssh.rb

@@ -93,7 +93,12 @@ def attempt_login(credential)
             end
           end
 
-          ::Metasploit::Framework::LoginScanner::Result.new(result_options)
+          result = ::Metasploit::Framework::LoginScanner::Result.new(result_options)
+          result.host         = host
+          result.port         = port
+          result.protocol     = 'tcp'
+          result.service_name = 'ssh'
+          result
         end
 
         private

lib/metasploit/framework/login_scanner/telnet.rb

@@ -48,7 +48,11 @@ class Telnet
         # (see {Base#attempt_login})
         def attempt_login(credential)
           result_options = {
-              credential: credential
+              credential: credential,
+              host: host,
+              port: port,
+              protocol: 'tcp',
+              service_name: 'telnet'
           }
 
           if connect_reset_safe == :refused

modules/auxiliary/scanner/ssh/ssh_login.rb

@@ -92,33 +92,6 @@ def session_setup(result, ssh_socket)
     s
   end
 
-  def do_report(ip,port,result)
-    service_data = {
-      address: ip,
-      port: port,
-      service_name: 'ssh',
-      protocol: 'tcp',
-      workspace_id: myworkspace_id
-    }
-
-    credential_data = {
-      module_fullname: self.fullname,
-      origin_type: :service,
-      private_data: result.credential.private,
-      private_type: :password,
-      username: result.credential.public,
-    }.merge(service_data)
-
-    credential_core = create_credential(credential_data)
-
-    login_data = {
-      core: credential_core,
-      last_attempted_at: DateTime.now,
-      status: result.status
-    }.merge(service_data)
-
-    create_credential_login(login_data)
-  end
 
   def run_host(ip)
     @ip = ip
@@ -143,50 +116,30 @@ def run_host(ip)
     )
 
     scanner.scan! do |result|
+      credential_data = result.to_h
+      credential_data.merge!(
+          module_fullname: self.fullname,
+          workspace_id: myworkspace_id
+      )
       case result.status
       when Metasploit::Model::Login::Status::SUCCESSFUL
         print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}' '#{result.proof.to_s.gsub(/[\r\n\e\b\a]/, ' ')}'"
-        do_report(ip,rport,result)
+        credential_core = create_credential(credential_data)
+        credential_data[:core] = credential_core
+        create_credential_login(credential_data)
         session_setup(result, scanner.ssh_socket)
         :next_user
       when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
         print_brute :level => :verror, :ip => ip, :msg => "Could not connect"
         scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?
-        invalidate_login(
-            address: ip,
-            port: rport,
-            protocol: 'tcp',
-            public: result.credential.public,
-            private: result.credential.private,
-            realm_key: result.credential.realm_key,
-            realm_value: result.credential.realm,
-            status: result.status
-        )
+        invalidate_login(credential_data)
         :abort
       when Metasploit::Model::Login::Status::INCORRECT
         print_brute :level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'"
-        invalidate_login(
-            address: ip,
-            port: rport,
-            protocol: 'tcp',
-            public: result.credential.public,
-            private: result.credential.private,
-            realm_key: result.credential.realm_key,
-            realm_value: result.credential.realm,
-            status: result.status
-        )
+        invalidate_login(credential_data)
         scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?
         else
-          invalidate_login(
-              address: ip,
-              port: rport,
-              protocol: 'tcp',
-              public: result.credential.public,
-              private: result.credential.private,
-              realm_key: result.credential.realm_key,
-              realm_value: result.credential.realm,
-              status: result.status
-          )
+          invalidate_login(credential_data)
           scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?
       end
     end

modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb

@@ -180,34 +180,6 @@ def session_setup(result, ssh_socket)
     s
   end
 
-  def do_report(ip, port, result)
-    service_data = {
-      address: ip,
-      port: port,
-      service_name: 'ssh',
-      protocol: 'tcp',
-      workspace_id: myworkspace_id
-    }
-
-    credentail_data = {
-      module_fullname: self.fullname,
-      origin_type: :service,
-      private_data: result.credential.private,
-      private_type: :ssh_key,
-      username: result.credential.public,
-    }.merge(service_data)
-
-    credential_core = create_credential(credentail_data)
-
-    login_data = {
-      core: credential_core,
-      last_attempted_at: DateTime.now,
-      status: result.status,
-    }.merge(service_data)
-
-    create_credential_login(login_data)
-  end
-
   def run_host(ip)
     print_status("#{ip}:#{rport} SSH - Testing Cleartext Keys")
 
@@ -234,54 +206,32 @@ def run_host(ip)
     )
 
     scanner.scan! do |result|
-
+      credential_data = result.to_h
+      credential_data.merge!(
+          module_fullname: self.fullname,
+          workspace_id: myworkspace_id
+      )
       case result.status
-      when Metasploit::Model::Login::Status::SUCCESSFUL
-        print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential.public}' '#{result.proof.to_s.gsub(/[\r\n\e\b\a]/, ' ')}'"
-        do_report(ip,rport,result)
-        session_setup(result, scanner.ssh_socket)
-        :next_user
-      when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
-        print_brute :level => :verror, :ip => ip, :msg => "Could not connect"
-        invalidate_login(
-            address: ip,
-            port: rport,
-            protocol: 'tcp',
-            public: result.credential.public,
-            private: result.credential.private,
-            realm_key: result.credential.realm_key,
-            realm_value: result.credential.realm,
-            status: result.status
-        )
-        scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?
-        :abort
-      when Metasploit::Model::Login::Status::INCORRECT
-        print_brute :level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'"
-        invalidate_login(
-            address: ip,
-            port: rport,
-            protocol: 'tcp',
-            public: result.credential.public,
-            private: result.credential.private,
-            realm_key: result.credential.realm_key,
-            realm_value: result.credential.realm,
-            status: result.status
-        )
-        scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?
+        when Metasploit::Model::Login::Status::SUCCESSFUL
+          print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}' '#{result.proof.to_s.gsub(/[\r\n\e\b\a]/, ' ')}'"
+          credential_core = create_credential(credential_data)
+          credential_data[:core] = credential_core
+          create_credential_login(credential_data)
+          session_setup(result, scanner.ssh_socket)
+          :next_user
+        when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
+          print_brute :level => :verror, :ip => ip, :msg => "Could not connect"
+          scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?
+          invalidate_login(credential_data)
+          :abort
+        when Metasploit::Model::Login::Status::INCORRECT
+          print_brute :level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'"
+          invalidate_login(credential_data)
+          scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?
         else
-          invalidate_login(
-              address: ip,
-              port: rport,
-              protocol: 'tcp',
-              public: result.credential.public,
-              private: result.credential.private,
-              realm_key: result.credential.realm_key,
-              realm_value: result.credential.realm,
-              status: result.status
-          )
+          invalidate_login(credential_data)
           scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?
       end
-
     end
 
   end

modules/auxiliary/scanner/telnet/telnet_login.rb

@@ -68,47 +68,20 @@ def run_host(ip)
         telnet_timeout: datastore['TelnetTimeout']
     )
 
-    service_data = {
-        address: ip,
-        port: rport,
-        service_name: 'telnet',
-        protocol: 'tcp',
-        workspace_id: myworkspace_id
-    }
-
     scanner.scan! do |result|
+      credential_data = result.to_h
+      credential_data.merge!(
+          module_fullname: self.fullname,
+          workspace_id: myworkspace_id
+      )
       if result.success?
-        credential_data = {
-            module_fullname: self.fullname,
-            origin_type: :service,
-            private_data: result.credential.private,
-            private_type: :password,
-            username: result.credential.public
-        }
-        credential_data.merge!(service_data)
-
         credential_core = create_credential(credential_data)
-
-        login_data = {
-            core: credential_core,
-            last_attempted_at: DateTime.now,
-            status: Metasploit::Model::Login::Status::SUCCESSFUL
-        }
-        login_data.merge!(service_data)
-
-        create_credential_login(login_data)
+        credential_data[:core] = credential_core
+        create_credential_login(credential_data)
         print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}"
         start_telnet_session(ip,rport,result.credential.public,result.credential.private,scanner)
       else
-        invalidate_login(
-            address: ip,
-            port: rport,
-            protocol: 'tcp',
-            public: result.credential.public,
-            private: result.credential.private,
-            realm_key: nil,
-            realm_value: nil,
-            status: result.status)
+        invalidate_login(credential_data)
         print_status "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
       end
     end