and all the rest

finally!

Author: David Maloney

lib/metasploit/framework/login_scanner/vnc.rb

@@ -39,9 +39,15 @@ class VNC
         # @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object
         def attempt_login(credential)
           result_options = {
-              credential: credential
+              credential: credential,
+              host: host,
+              port: port,
+              protocol: 'tcp',
+              service_name: 'vnc'
           }
 
+          credential.public = nil
+
           begin
             # Make our initial socket to the target
             disconnect if self.sock

modules/auxiliary/scanner/http/tomcat_mgr_login.rb

@@ -112,46 +112,20 @@ def run_host(ip)
         connection_timeout: 10
     )
 
-    service_data = {
-        address: ip,
-        port: rport,
-        service_name: (ssl ? 'https' : 'http'),
-        protocol: 'tcp',
-        workspace_id: myworkspace_id
-    }
-
     scanner.scan! do |result|
+      credential_data = result.to_h
+      credential_data.merge!(
+          module_fullname: self.fullname,
+          workspace_id: myworkspace_id
+      )
       if result.success?
-        credential_data = {
-            module_fullname: self.fullname,
-            origin_type: :service,
-            private_data: result.credential.private,
-            private_type: :password,
-            username: result.credential.public
-        }
-        credential_data.merge!(service_data)
-
         credential_core = create_credential(credential_data)
+        credential_data[:core] = credential_core
+        create_credential_login(credential_data)
 
-        login_data = {
-            core: credential_core,
-            last_attempted_at: DateTime.now,
-            status: Metasploit::Model::Login::Status::SUCCESSFUL
-        }
-        login_data.merge!(service_data)
-
-        create_credential_login(login_data)
         print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}"
       else
-        invalidate_login(
-            address: ip,
-            port: rport,
-            protocol: 'tcp',
-            public: result.credential.public,
-            private: result.credential.private,
-            realm_key: nil,
-            realm_value: nil,
-            status: result.status)
+        invalidate_login(credential_data)
         print_status "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
       end
     end

modules/auxiliary/scanner/vnc/vnc_login.rb

@@ -77,45 +77,20 @@ def run_host(ip)
         connection_timeout: datastore['ConnectTimeout']
     )
 
-    service_data = {
-        address: ip,
-        port: rport,
-        service_name: 'vnc',
-        protocol: 'tcp',
-        workspace_id: myworkspace_id
-    }
-
     scanner.scan! do |result|
+      credential_data = result.to_h
+      credential_data.merge!(
+          module_fullname: self.fullname,
+          workspace_id: myworkspace_id
+      )
       if result.success?
-        credential_data = {
-            module_fullname: self.fullname,
-            origin_type: :service,
-            private_data: result.credential.private,
-            private_type: :password,
-        }
-        credential_data.merge!(service_data)
-
         credential_core = create_credential(credential_data)
+        credential_data[:core] = credential_core
+        create_credential_login(credential_data)
 
-        login_data = {
-            core: credential_core,
-            last_attempted_at: DateTime.now,
-            status: Metasploit::Model::Login::Status::SUCCESSFUL
-        }
-        login_data.merge!(service_data)
-
-        create_credential_login(login_data)
         print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}"
       else
-        invalidate_login(
-            address: ip,
-            port: rport,
-            protocol: 'tcp',
-            public: nil,
-            private: result.credential.private,
-            realm_key: nil,
-            realm_value: nil,
-            status: result.status)
+        invalidate_login(credential_data)
         print_status "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
       end
     end

modules/auxiliary/scanner/winrm/winrm_login.rb

@@ -58,42 +58,25 @@ def run_host(ip)
       stop_on_success: datastore['STOP_ON_SUCCESS'],
       connection_timeout: 10,
     )
-    scanner.scan! do |result|
-      if result.success?
 
-        service_data = {
-          address: ip,
-          port: rport,
-          service_name: 'winrm',
-          protocol: 'tcp',
-          workspace_id: myworkspace_id
-        }
-
-        credential_data = {
+    scanner.scan! do |result|
+      credential_data = result.to_h
+      credential_data.merge!(
           module_fullname: self.fullname,
-          origin_type: :service,
-          private_data: result.credential.private,
-          private_type: :password,
-          username: result.credential.public,
-          realm_key: Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN,
-          realm_value: result.credential.realm,
-        }.merge(service_data)
-
+          workspace_id: myworkspace_id
+      )
+      if result.success?
         credential_core = create_credential(credential_data)
-        login_data = {
-          access_level: 'Admin',
-          core: credential_core,
-          last_attempted_at: DateTime.now,
-          status: Metasploit::Model::Login::Status::SUCCESSFUL
-        }.merge(service_data)
+        credential_data[:core] = credential_core
+        create_credential_login(credential_data)
 
-        create_credential_login(login_data)
-
-        print_good "#{ip}:#{rport}: Valid credential found: #{result.credential}"
+        print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}"
       else
-        vprint_status "#{ip}:#{rport}: Login failed: #{result.credential}"
+        invalidate_login(credential_data)
+        print_status "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
       end
     end
+
   end