Land rapid7#8327, Simplify storing credentials

Author: egypt

lib/msf/core/exploit/http/client.rb

@@ -772,6 +772,16 @@ def http_fingerprint(opts={})
     fprint[:signature]
   end
 
+  def service_details
+    {
+      origin_type: :service,
+      protocol: 'tcp',
+      service_name: (ssl ? 'https' : 'http'),
+      address: rhost,
+      port: rport
+    }
+  end
+
 protected
 
   attr_accessor :client

lib/msf/core/module.rb

@@ -15,6 +15,7 @@ module Msf
 ###
 class Module
   autoload :Arch, 'msf/core/module/arch'
+  autoload :Auth, 'msf/core/module/auth'
   autoload :Author, 'msf/core/module/author'
   autoload :AuxiliaryAction, 'msf/core/module/auxiliary_action'
   autoload :Compatibility, 'msf/core/module/compatibility'
@@ -40,6 +41,7 @@ class Module
   autoload :UUID, 'msf/core/module/uuid'
 
   include Msf::Module::Arch
+  include Msf::Module::Auth
   include Msf::Module::Author
   include Msf::Module::Compatibility
   include Msf::Module::DataStore

lib/msf/core/module/auth.rb

@@ -0,0 +1,33 @@
+module Msf::Module::Auth
+  def store_valid_credential(user:, private:, private_type: :password, proof: nil)
+    service_data = {}
+    if self.respond_to? ("service_details")
+      service_data = service_details
+    end
+
+    creation_data = {
+        module_fullname: self.fullname,
+        username: user,
+        private_data: private,
+        private_type: private_type,
+        workspace_id: myworkspace_id
+    }.merge(service_data)
+
+    if service_data.empty?
+      cred_data = {
+        origin_type: :import,
+        filename: 'msfconsole' # default as values provided on the console
+      }.merge(creation_data)
+      create_credential(cred_data)
+    else
+      login_data = {
+        proof: proof,
+        last_attempted_at: DateTime.now,
+        status: Metasploit::Model::Login::Status::SUCCESSFUL
+      }.merge(creation_data)
+      create_credential_and_login(login_data)
+    end
+
+    nil
+  end
+end

modules/auxiliary/admin/http/wp_custom_contact_forms.rb

@@ -62,33 +62,6 @@ def get_table_prefix
     table_prefix
   end
 
-  def report_cred(opts)
-    service_data = {
-      address: opts[:ip],
-      port: opts[:port],
-      service_name: opts[:service_name],
-      protocol: 'tcp',
-      workspace_id: myworkspace_id
-    }
-
-    credential_data = {
-      origin_type: :service,
-      module_fullname: fullname,
-      username: opts[:user],
-      private_data: opts[:password],
-      private_type: :password
-    }.merge(service_data)
-
-    login_data = {
-      last_attempted_at: DateTime.now,
-      core: create_credential(credential_data),
-      status: Metasploit::Model::Login::Status::SUCCESSFUL,
-      proof: opts[:proof]
-    }.merge(service_data)
-
-    create_credential_login(login_data)
-  end
-
   def run
     username = Rex::Text.rand_text_alpha(10)
     password = Rex::Text.rand_text_alpha(20)
@@ -122,17 +95,10 @@ def run
     # test login
     cookie = wordpress_login(username, password)
 
-    # login successfull
+    # login successful
     if cookie
       print_status("User #{username} with password #{password} successfully created")
-      report_cred(
-        ip: rhost,
-        port: rport,
-        user: username,
-        password: password,
-        service_name: 'WordPress',
-        proof: cookie
-      )
+      store_valid_credential(user: username, private: password, proof: cookie)
     else
       print_error("User creation failed")
       return

modules/auxiliary/admin/http/wp_easycart_privilege_escalation.rb

@@ -78,6 +78,7 @@ def run
       print_error("Failed to authenticate with WordPress")
       return
     end
+    store_valid_credential(user: username, private: password, proof: cookie)
     print_good("Authenticated with WordPress")
 
     new_email = "#{Rex::Text.rand_text_alpha(5)}@#{Rex::Text.rand_text_alpha(5)}.com"

modules/auxiliary/admin/http/wp_wplms_privilege_escalation.rb

@@ -98,6 +98,7 @@ def run
     print_status("Authenticating with WordPress using #{username}:#{password}...")
     cookie = wordpress_login(username, password)
     fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil?
+    store_valid_credential(user: username, private: password, proof: cookie)
     print_good("Authenticated with WordPress")
 
     new_email = "#{Rex::Text.rand_text_alpha(5)}@#{Rex::Text.rand_text_alpha(5)}.com"

modules/auxiliary/dos/http/wordpress_long_password_dos.rb

@@ -66,43 +66,11 @@ def timeout
     datastore['TIMEOUT']
   end
 
-  def report_cred(opts)
-    service_data = {
-      address: opts[:ip],
-      port: opts[:port],
-      service_name: opts[:service_name],
-      protocol: 'tcp',
-      workspace_id: myworkspace_id
-    }
-
-    credential_data = {
-      origin_type: :service,
-      module_fullname: fullname,
-      username: opts[:user]
-    }.merge(service_data)
-
-    login_data = {
-      last_attempted_at: DateTime.now,
-      core: create_credential(credential_data),
-      status: Metasploit::Model::Login::Status::SUCCESSFUL,
-      proof: opts[:proof]
-    }.merge(service_data)
-
-    create_credential_login(login_data)
-  end
-
   def user_exists(user)
     exists = wordpress_user_exists?(user)
     if exists
       print_good("Username \"#{username}\" is valid")
-      report_cred(
-        ip: rhost,
-        port: rport,
-        user: user,
-        service_name: (ssl ? 'https' : 'http'),
-        proof: "WEBAPP=\"Wordpress\", VHOST=#{vhost}"
-      )
-
+      store_valid_credential(user: user, private: nil, proof: "WEBAPP=\"Wordpress\", VHOST=#{vhost}")
       return true
     else
       print_error("\"#{user}\" is not a valid username")

modules/auxiliary/scanner/http/cisco_ironport_enum.rb

@@ -115,31 +115,8 @@ def is_app_ironport?
       end
   end
 
-  def report_cred(opts)
-    service_data = {
-      address: opts[:ip],
-      port: opts[:port],
-      service_name: 'Cisco IronPort Appliance',
-      protocol: 'tcp',
-      workspace_id: myworkspace_id
-    }
-
-    credential_data = {
-      origin_type: :service,
-      module_fullname: fullname,
-      username: opts[:user],
-      private_data: opts[:password],
-      private_type: :password
-    }.merge(service_data)
-
-    login_data = {
-      last_attempted_at: DateTime.now,
-      core: create_credential(credential_data),
-      status: Metasploit::Model::Login::Status::SUCCESSFUL,
-      proof: opts[:proof]
-    }.merge(service_data)
-
-    create_credential_login(login_data)
+  def service_details
+    super.merge({service_name: 'Cisco IronPort Appliance'})
   end
 
   #
@@ -166,7 +143,7 @@ def do_login(user, pass)
       if res and res.get_cookies.include?('authenticated=')
         print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")
 
-        report_cred(ip: rhost, port: rport, user: user, password: pass, proof: res.get_cookies.inspect)
+        store_valid_credential(user: user, private: pass, proof: res.get_cookies.inspect)
         return :next_user
 
       else

modules/auxiliary/scanner/http/wordpress_login_enum.rb

@@ -100,56 +100,19 @@ def run_host(ip)
     end
   end
 
-
-  def report_cred(opts)
-    service_data = {
-      address: opts[:ip],
-      port: opts[:port],
-      service_name: ssl ? 'https' : 'http',
-      protocol: 'tcp',
-      workspace_id: myworkspace_id
-    }
-
-    credential_data = {
-      origin_type: :service,
-      module_fullname: fullname,
-      username: opts[:user]
-    }.merge(service_data)
-
-    if opts[:password]
-      credential_data.merge!(
-        private_data: opts[:password],
-        private_type: :password
-      )
-    end
-
-    login_data = {
-      core: create_credential(credential_data),
-      status: opts[:status]
-    }.merge(service_data)
-
-    if opts[:attempt_time]
-      login_data.merge!(last_attempted_at: opts[:attempt_time])
-    end
-
-    create_credential_login(login_data)
-  end
-
-
   def validate_user(user=nil)
     print_status("#{target_uri} - WordPress User-Validation - Checking Username:'#{user}'")
 
     exists = wordpress_user_exists?(user)
     if exists
       print_good("#{target_uri} - WordPress User-Validation - Username: '#{user}' - is VALID")
-
-      report_cred(
-        ip: rhost,
-        port: rport,
-        user: user,
+      connection_details = {
+        module_fullname: self.fullname,
+        username: user,
+        workspace_id: myworkspace_id,
         status: Metasploit::Model::Login::Status::UNTRIED
-      )
-
+      }.merge(service_details)
+      create_credential_and_login(connection_details)
       @users_found[user] = :reported
       return :next_user
     else
@@ -167,14 +130,7 @@ def do_login(user=nil, pass=nil)
     if cookie
       print_good("#{target_uri} - WordPress Brute Force - SUCCESSFUL login for '#{user}' : '#{pass}'")
 
-      report_cred(
-        ip: rhost,
-        port: rport,
-        user: user,
-        password: pass,
-        status: Metasploit::Model::Login::Status::SUCCESSFUL,
-        attempt_time: DateTime.now
-      )
+      store_valid_credential(user: user, private: pass, proof: cookie)
 
       return :next_user
     else

modules/auxiliary/scanner/http/wp_nextgen_galley_file_read.rb

@@ -98,6 +98,7 @@ def run_host(ip)
       print_error("Unable to login as: #{user}")
       return
     end
+    store_valid_credential(user: user, private: password, proof: cookie)
 
     vprint_status("Trying to get nonce...")
     nonce = get_nonce(cookie)