improved credential reporting

jmartin-tech · jmartin-tech · commit 7f8a5d38346f · 2017-12-20T15:09:11.000-06:00
diff --git a/lib/metasploit/framework/login_scanner/directadmin.rb b/lib/metasploit/framework/login_scanner/directadmin.rb
@@ -8,7 +8,6 @@ class DirectAdmin < HTTP
 
         DEFAULT_PORT  = 443 
         PRIVATE_TYPES = [ :password ]
-        LOGIN_STATUS  = Metasploit::Model::Login::Status # Shorter name
 
 
         # Checks if the target is Direct Admin Web Control Panel. The login module should call this.
@@ -73,7 +72,7 @@ def get_login_state(username, password)
           })
 
           unless res
-            return {:status => LOGIN_STATUS::UNABLE_TO_CONNECT, :proof => res.to_s}
+            return {:status => Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, :proof => res.to_s}
           end
 
           # After login, the application should give us a new SID
@@ -82,10 +81,10 @@ def get_login_state(username, password)
           @last_sid = sid # Update our SID
 
           if res.headers['Location'].to_s.include?('/') && !sid.blank?
-            return {:status => LOGIN_STATUS::SUCCESSFUL, :proof => res.to_s}
+            return {:status => Metasploit::Model::Login::Status::SUCCESSFUL, :proof => res.to_s}
           end
 
-          {:status => LOGIN_STATUS::INCORRECT, :proof => res.to_s}
+          {:status => Metasploit::Model::Login::Status::INCORRECT, :proof => res.to_s}
         end
 
 
@@ -100,14 +99,15 @@ def attempt_login(credential)
             proof: nil,
             host: host,
             port: port,
-            protocol: 'tcp'
+            protocol: 'tcp',
+            service_name: ssl ? 'https' : 'http'
           }
 
           begin
             result_opts.merge!(get_login_state(credential.public, credential.private))
           rescue ::Rex::ConnectionError => e
             # Something went wrong during login. 'e' knows what's up.
-            result_opts.merge!(status: LOGIN_STATUS::UNABLE_TO_CONNECT, proof: e.message)
+            result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e.message)
           end
 
           Result.new(result_opts)
diff --git a/modules/auxiliary/scanner/http/directadmin_login.rb b/modules/auxiliary/scanner/http/directadmin_login.rb
@@ -61,63 +61,23 @@ def scanner(ip)
     }.call
   end
 
-
-  def report_good_cred(ip, port, result)
-    service_data = {
-      address: ip,
-      port: port,
-      service_name: 'http',
-      protocol: 'tcp',
-      workspace_id: myworkspace_id
-    }
-
-    credential_data = {
-      module_fullname: self.fullname,
-      origin_type: :service,
-      private_data: result.credential.private,
-      private_type: :password,
-      username: result.credential.public,
-    }.merge(service_data)
-
-    login_data = {
-      core: create_credential(credential_data),
-      last_attempted_at: DateTime.now,
-      status: result.status,
-      proof: result.proof
-    }.merge(service_data)
-
-    create_credential_login(login_data)
-  end
-
-
-  def report_bad_cred(ip, rport, result)
-    invalidate_login(
-      address: ip,
-      port: rport,
-      protocol: 'tcp',
-      public: result.credential.public,
-      private: result.credential.private,
-      realm_key: result.credential.realm_key,
-      realm_value: result.credential.realm,
-      status: result.status,
-      proof: result.proof
-    )
-  end
-
-
   # Attempts to login
   def bruteforce(ip)
     scanner(ip).scan! do |result|
+      credential_data = result.to_h.merge({
+        workspace_id: myworkspace_id,
+        module_fullname: self.fullname,
+      })
       case result.status
       when Metasploit::Model::Login::Status::SUCCESSFUL
         print_brute(:level => :good, :ip => ip, :msg => "Success: '#{result.credential}'")
-        report_good_cred(ip, rport, result)
+        create_credential_and_login(credential_data)
       when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
         vprint_brute(:level => :verror, :ip => ip, :msg => result.proof)
-        report_bad_cred(ip, rport, result)
+        invalidate_login(credential_data)
       when Metasploit::Model::Login::Status::INCORRECT
         vprint_brute(:level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'")
-        report_bad_cred(ip, rport, result)
+        invalidate_login(credential_data)
       end
     end
   end
