make only one each method

made the one true enumerator of credentials
for the login_scanner.

also covered the wierd http case where it can have a realm key
but no default realm.

Author: David Maloney

lib/metasploit/framework/login_scanner/base.rb

@@ -77,47 +77,39 @@ def attempt_login(credential)
             raise NotImplementedError
           end
 
-          # This method takes a {Metasploit::Framework::Credential} and yields
-          # one or more {Metasploit::Framework::Credential} objects, adjusted for
-          # any changes needed around realm. This will add default realms if they are
-          # needed, adjust realm keys appropriately, and even convert the realm into
-          # part of the public to try windows-based authentication schemes.
-          #
-          # @param [Metasploit::Framework::Credential] the base credential object
-          # @yieldparam [Metasploit::Framework::Credential] an adjusted credential object
-          # @raise [ArgumentError] if the credential is invalid
-          # @return [void]
-          def each_cred_adjusted_for_realm(credential)
-            unless credential.kind_of?(Metasploit::Framework::Credential) && credential.valid?
-              raise ArgumentError, "#{credential.inspect} is not a valid Metasploit::Framework::Credential"
-            end
 
-            if credential.realm.present? && self.class::REALM_KEY.present?
-              credential.realm_key = self.class::REALM_KEY
-              yield credential
-            elsif credential.realm.blank? && self.class::REALM_KEY.present?
-              credential.realm_key = self.class::REALM_KEY
-              credential.realm     = self.class::DEFAULT_REALM
-              yield credential
-            elsif credential.realm.present? && self.class::REALM_KEY.blank?
-              second_cred = credential.dup
-              # Strip the realm off here, as we don't want it
-              credential.realm = nil
-              credential.realm_key = nil
-              yield credential
-              # Some services can take a domain in the username like this even though
-              # they do not explicitly take a domain as part of the protocol.
-              second_cred.public = "#{second_cred.realm}\\#{second_cred.public}"
-              second_cred.realm = nil
-              second_cred.realm_key = nil
-              yield second_cred
-            else
-              # Strip any realm off here, as we don't want it
-              credential.realm = nil
-              credential.realm_key = nil
-              yield credential
+          def each_credential
+            cred_details.each do |raw_cred|
+              # This could be a Credential object, or a Credential Core, or an Attempt object
+              # so make sure that whatever it is, we end up with a Credential.
+              credential = raw_cred.to_credential
+
+              if credential.realm.present? && self.class::REALM_KEY.present?
+                credential.realm_key = self.class::REALM_KEY
+                yield credential
+              elsif credential.realm.blank? && self.class::REALM_KEY.present? && self.class::DEFAULT_REALM.present?
+                credential.realm_key = self.class::REALM_KEY
+                credential.realm     = self.class::DEFAULT_REALM
+                yield credential
+              elsif credential.realm.present? && self.class::REALM_KEY.blank?
+                second_cred = credential.dup
+                # Strip the realm off here, as we don't want it
+                credential.realm = nil
+                credential.realm_key = nil
+                yield credential
+                # Some services can take a domain in the username like this even though
+                # they do not explicitly take a domain as part of the protocol.
+                second_cred.public = "#{second_cred.realm}\\#{second_cred.public}"
+                second_cred.realm = nil
+                second_cred.realm_key = nil
+                yield second_cred
+              else
+                # Strip any realm off here, as we don't want it
+                credential.realm = nil
+                credential.realm_key = nil
+                yield credential
+              end
             end
-
           end
 
           # Attempt to login with every {Credential credential} in
@@ -134,25 +126,21 @@ def scan!
             consecutive_error_count = 0
             total_error_count = 0
 
-            cred_details.each do |raw_credential|
-              unadjusted_credential = raw_credential.to_credential
-              # Do some adjusting for Realms in here
-              each_cred_adjusted_for_realm(unadjusted_credential) do |credential|
-                result = attempt_login(credential)
-                result.freeze
-
-                yield result if block_given?
-
-                if result.success?
-                  consecutive_error_count = 0
-                  return nil if stop_on_success
-                else
-                  if result.status == :connection_error
-                    consecutive_error_count += 1
-                    total_error_count += 1
-                    return nil if consecutive_error_count >= 3
-                    return nil if total_error_count >= 10
-                  end
+            each_credential do |credential|
+              result = attempt_login(credential)
+              result.freeze
+
+              yield result if block_given?
+
+              if result.success?
+                consecutive_error_count = 0
+                break if stop_on_success
+              else
+                if result.status == :connection_error
+                  consecutive_error_count += 1
+                  total_error_count += 1
+                  break if consecutive_error_count >= 3
+                  break if total_error_count >= 10
                 end
               end
             end

lib/metasploit/framework/login_scanner/http.rb

@@ -12,12 +12,13 @@ class HTTP
         include Metasploit::Framework::LoginScanner::Base
         include Metasploit::Framework::LoginScanner::RexSocket
 
+        DEFAULT_REALM        = nil
         DEFAULT_PORT         = 80
         DEFAULT_SSL_PORT     = 443
         LIKELY_PORTS         = [ 80, 443, 8000, 8080 ]
         LIKELY_SERVICE_NAMES = [ 'http', 'https' ]
         PRIVATE_TYPES        = [ :password ]
-        REALM_KEY            = nil
+        REALM_KEY            = Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN
 
         # @!attribute uri
         #   @return [String] The path and query string on the server to

lib/metasploit/framework/login_scanner/smb.rb

@@ -22,7 +22,7 @@ class SMB
         LIKELY_PORTS         = [ 139, 445 ]
         LIKELY_SERVICE_NAMES = [ "smb" ]
         PRIVATE_TYPES        = [ :password, :ntlm_hash ]
-        REALM_KEY           = Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN
+        REALM_KEY            = Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN
 
         module StatusCodes
           CORRECT_CREDENTIAL_STATUS_CODES = [

spec/lib/metasploit/framework/login_scanner/afp_spec.rb

@@ -6,7 +6,7 @@
 
   subject(:scanner) { described_class.new }
 
-  it_behaves_like 'Metasploit::Framework::LoginScanner::Base', false
+  it_behaves_like 'Metasploit::Framework::LoginScanner::Base', false, false
   it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
 
   it { should respond_to :login_timeout }

spec/lib/metasploit/framework/login_scanner/axis2_spec.rb

@@ -4,7 +4,7 @@
 
 describe Metasploit::Framework::LoginScanner::Axis2 do
 
-  it_behaves_like 'Metasploit::Framework::LoginScanner::Base', false
+  it_behaves_like 'Metasploit::Framework::LoginScanner::Base', true, false
   it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
   it_behaves_like 'Metasploit::Framework::LoginScanner::HTTP'
 

spec/lib/metasploit/framework/login_scanner/db2_spec.rb

@@ -9,7 +9,7 @@
   }
   subject(:login_scanner) { described_class.new }
 
-  it_behaves_like 'Metasploit::Framework::LoginScanner::Base', true
+  it_behaves_like 'Metasploit::Framework::LoginScanner::Base', true, true
   it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
 
   context '#attempt_login' do

spec/lib/metasploit/framework/login_scanner/ftp_spec.rb

@@ -45,7 +45,7 @@
     described_class.new
   }
 
-  it_behaves_like 'Metasploit::Framework::LoginScanner::Base', false
+  it_behaves_like 'Metasploit::Framework::LoginScanner::Base', false, false
   it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
 
 

spec/lib/metasploit/framework/login_scanner/http_spec.rb

@@ -4,7 +4,7 @@
 
 describe Metasploit::Framework::LoginScanner::HTTP do
 
-  it_behaves_like 'Metasploit::Framework::LoginScanner::Base', false
+  it_behaves_like 'Metasploit::Framework::LoginScanner::Base', true, false
   it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
   it_behaves_like 'Metasploit::Framework::LoginScanner::HTTP'
 

spec/lib/metasploit/framework/login_scanner/mssql_spec.rb

@@ -32,7 +32,7 @@
 
   subject(:login_scanner) { described_class.new }
 
-  it_behaves_like 'Metasploit::Framework::LoginScanner::Base', true
+  it_behaves_like 'Metasploit::Framework::LoginScanner::Base', true, true
   it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
   it_behaves_like 'Metasploit::Framework::LoginScanner::NTLM'
 

spec/lib/metasploit/framework/login_scanner/mysql_spec.rb

@@ -30,7 +30,7 @@
 
   subject(:login_scanner) { described_class.new }
 
-  it_behaves_like 'Metasploit::Framework::LoginScanner::Base', false
+  it_behaves_like 'Metasploit::Framework::LoginScanner::Base', false, false
   it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
 
   context '#attempt_login' do