Land rapid7#5479, @wchen-r7 Updates kloxo_sqli to use the new cred API

jvazquez-r7 · jvazquez-r7 · commit c95b3bb31dab · 2015-06-19T10:32:21.000-05:00
diff --git a/modules/exploits/linux/http/kloxo_sqli.rb b/modules/exploits/linux/http/kloxo_sqli.rb
@@ -73,6 +73,33 @@ def initialize(info = {})
       ], self.class)
   end
 
+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      module_fullname: fullname,
+      post_reference_name: self.refname,
+      private_data: opts[:password],
+      origin_type: :service,
+      private_type: :password,
+      username: opts[:user]
+    }.merge(service_data)
+
+    login_data = {
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::SUCCESSFUL,
+      last_attempted_at: opts[:attempt_time]
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
   def check
     return Exploit::CheckCode::Safe unless webcommand_exists?
     return Exploit::CheckCode::Safe if exploit_sqli(1, bad_char(0))
@@ -94,13 +121,13 @@ def exploit
     @session = send_login
     fail_with(Failure::NoAccess, "#{peer} - Login with admin/#{@password} failed...") if @session.nil?
 
-    report_auth_info(
-      :host => rhost,
-      :port => rport,
-      :user => 'admin',
-      :pass => @password,
-      :type => 'password',
-      :sname => (ssl ? 'https' : 'http')
+    report_cred(
+      ip: rhost,
+      port: rport,
+      user: 'admin',
+      service_name: 'http',
+      password: @password,
+      attempt_time: DateTime.now
     )
 
     print_status("#{peer} - Retrieving the server name...")
