first pass on fixing DB_ALL authbrute stuff

David Maloney · David Maloney · commit 7ff2ba0725b1 · 2015-01-07T11:30:39.000-06:00
DB_ALL_CREDS worked but DB_ALL_USER and DB_ALL_PASS
did not. working on fixing that.
This commit also does some nice DRY work in the auth_brute mixin

MSP-11986
diff --git a/lib/metasploit/framework/credential_collection.rb b/lib/metasploit/framework/credential_collection.rb
@@ -2,6 +2,18 @@
 
 class Metasploit::Framework::CredentialCollection
 
+  # @!attribute additional_privates
+  #   Additional privates to be combined
+  #
+  #   @return [Array<String>]
+  attr_accessor :additional_privates
+
+  # @!attribute additional_publics
+  #   Additional public to be combined
+  #
+  #   @return [Array<String>]
+  attr_accessor :additional_publics
+
   # @!attribute blank_passwords
   #   Whether each username should be tried with a blank password
   #   @return [Boolean]
@@ -62,6 +74,24 @@ def initialize(opts = {})
     self.prepended_creds ||= []
   end
 
+  # Adds a string as an addition private credential
+  # to be combined in the collection.
+  #
+  # @param [String] :private_str the string to use as a private
+  # @return [void]
+  def add_private(private_str='')
+    additional_privates << private_str
+  end
+
+  # Adds a string as an addition public credential
+  # to be combined in the collection.
+  #
+  # @param [String] :public_str the string to use as a public
+  # @return [void]
+  def add_public(public_str='')
+    additional_publics << public_str
+  end
+
   # Add {Credential credentials} that will be yielded by {#each}
   #
   # @see prepended_creds
diff --git a/lib/msf/core/auxiliary/auth_brute.rb b/lib/msf/core/auxiliary/auth_brute.rb
@@ -49,17 +49,57 @@ def setup
     @@max_per_service = nil
   end
 
+  # Yields each {Metasploit::Credential::Core} in the {Mdm::Workspace} with
+  # a private type of 'ntlm_hash'
+  #
+  # @yieldparam [Metasploit::Credential::Core]
+  def each_ntlm_cred
+    creds = Metasploit::Credential::Core.joins(:private).where(metasploit_credential_privates: { type: 'Metasploit::Credential::NTLMHash' }, workspace_id: myworkspace.id)
+    creds.each do |cred|
+      yield cred
+    end
+  end
+
+  # Yields each {Metasploit::Credential::Core} in the {Mdm::Workspace} with
+  # a private type of 'password'
+  #
+  # @yieldparam [Metasploit::Credential::Core]
+  def each_password_cred
+    creds = Metasploit::Credential::Core.joins(:private).where(metasploit_credential_privates: { type: 'Metasploit::Credential::Password' }, workspace_id: myworkspace.id)
+    creds.each do |cred|
+      yield cred
+    end
+  end
+
+  # Yields each {Metasploit::Credential::Core} in the {Mdm::Workspace} with
+  # a private type of 'ssh_key'
+  #
+  # @yieldparam [Metasploit::Credential::Core]
+  def each_ssh_cred
+    creds = Metasploit::Credential::Core.joins(:private).where(metasploit_credential_privates: { type: 'Metasploit::Credential::SSHKey' }, workspace_id: myworkspace.id)
+    creds.each do |cred|
+      yield cred
+    end
+  end
+
+  # Checks whether we should be adding creds from the DB to a CredCollection
+  #
+  # @return [TrueClass] if any of the datastore options for db creds are selected and the db is active
+  # @return [FalseClass] if none of the datastore options are selected OR the db is not active
+  def prepend_db_creds?
+    (datastore['DB_ALL_CREDS'] || datastore['DB_ALL_PASS'] || datastore['DB_ALL_USERS']) && framework.db.active
+  end
+
   # This method takes a {Metasploit::Framework::CredentialCollection} and prepends existing NTLMHashes
   # from the database. This allows the users to use the DB_ALL_CREDS option.
   #
   # @param cred_collection [Metasploit::Framework::CredentialCollection]
   #   the credential collection to add to
   # @return [Metasploit::Framework::CredentialCollection] the modified Credentialcollection
   def prepend_db_hashes(cred_collection)
-    if datastore['DB_ALL_CREDS'] && framework.db.active
-      creds = Metasploit::Credential::Core.joins(:private).where(metasploit_credential_privates: { type: 'Metasploit::Credential::NTLMHash' }, workspace_id: myworkspace.id)
-      creds.each do |cred|
-        cred_collection.prepend_cred(cred.to_credential)
+    if prepend_db_creds?
+      each_ntlm_cred do |cred|
+        process_cred_for_collection(cred_collection,cred)
       end
     end
     cred_collection
@@ -73,9 +113,8 @@ def prepend_db_hashes(cred_collection)
   # @return [Metasploit::Framework::CredentialCollection] the modified Credentialcollection
   def prepend_db_keys(cred_collection)
     if datastore['DB_ALL_CREDS'] && framework.db.active
-      creds = Metasploit::Credential::Core.joins(:private).where(metasploit_credential_privates: { type: 'Metasploit::Credential::SSHKey' }, workspace_id: myworkspace.id)
-      creds.each do |cred|
-        cred_collection.prepend_cred(cred.to_credential)
+      each_ssh_cred do |cred|
+        process_cred_for_collection(cred_collection,cred)
       end
     end
     cred_collection
@@ -89,14 +128,26 @@ def prepend_db_keys(cred_collection)
   # @return [Metasploit::Framework::CredentialCollection] the modified Credentialcollection
   def prepend_db_passwords(cred_collection)
     if datastore['DB_ALL_CREDS'] && framework.db.active
-      creds = Metasploit::Credential::Core.joins(:private).where(metasploit_credential_privates: { type: 'Metasploit::Credential::Password' }, workspace_id: myworkspace.id)
-      creds.each do |cred|
-        cred_collection.prepend_cred(cred.to_credential)
+      each_password_cred do |cred|
+        process_cred_for_collection(cred_collection,cred)
       end
     end
     cred_collection
   end
 
+  # Takes a {Metasploit::Credential::Core} and converts it into a
+  # {Metasploit::Framework::Credential} and processes it into the
+  # {Metasploit::Framework::CredentialCollection} as dictated by the
+  # selected datastore options.
+  #
+  # @param [Metasploit::Framework::CredentialCollection] the credential collection to add to
+  # @param [Metasploit::Credential::Core] the Credential Core to process
+  def process_cred_for_collection(cred_collection, cred)
+    msf_cred = cred.to_credential
+    cred_collection.prepend_cred(msf_cred) if datastore['DB_ALL_CREDS']
+    cred_collection.add_private(msf_cred.private) if datastore['DB_ALL_PASS']
+    cred_collection.add_public(msf_cred.public) if datastore['DB_ALL_USERS']
+  end
 
 
   # Checks all three files for usernames and passwords, and combines them into
