Land rapid7#5452, @wchen-r7 Update tortoisesvn to use the new cred API

jvazquez-r7 · jvazquez-r7 · commit dca2607d54fd · 2015-06-06T01:35:40.000-05:00
diff --git a/modules/post/windows/gather/credentials/tortoisesvn.rb b/modules/post/windows/gather/credentials/tortoisesvn.rb
@@ -89,14 +89,15 @@ def get_proxy_data
     else
       source_id = nil
     end
-    report_auth_info(
-    :host  => Rex::Socket.resolv(http_proxy_host), # TODO: Fix up report_host?
-    :port => http_proxy_port,
-    :sname => "http",
-    :source_id => source_id,
-    :source_type => "exploit",
-    :user => http_proxy_username,
-    :pass => http_proxy_password)
+
+    report_cred(
+      ip: ::Rex::Socket.resolv(http_proxy_host), # TODO: Fix up report_host?
+      port: http_proxy_port,
+      service_name: 'http',
+      user: http_proxy_username,
+      password: http_proxy_password
+    )
+
   end
 
   def get_config_files
@@ -122,6 +123,34 @@ def get_config_files
 
   end
 
+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      module_fullname: fullname,
+      post_reference_name: self.refname,
+      session_id: session_db_id,
+      origin_type: :session,
+      private_data: opts[:password],
+      private_type: :password,
+      username: opts[:user]
+    }.merge(service_data)
+
+    login_data = {
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::UNTRIED,
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
+
   def analyze_file(filename)
     config = client.fs.file.new(filename, 'r')
     contents = config.read
@@ -177,14 +206,15 @@ def analyze_file(filename)
     else
       source_id = nil
     end
-    report_auth_info(
-    :host  => ::Rex::Socket.resolv_to_dotted(host), # XXX: Workaround for unresolved hostnames
-    :port => portnum,
-    :sname => sname,
-    :source_id => source_id,
-    :source_type => "exploit",
-    :user => user_name,
-    :pass => password)
+
+    report_cred(
+      ip: ::Rex::Socket.resolv_to_dotted(host), # XXX: Workaround for unresolved hostnames
+      port: portnum,
+      service_name: sname,
+      user: user_name,
+      password: password
+    )
+
     vprint_status("Should have reported...")
 
     # Set savedpwds to 1 on return
@@ -202,8 +232,8 @@ def run
     else
       print_status("Searching for TortoiseSVN...")
       prepare_railgun
-      get_config_files()
-      get_proxy_data()
+      get_config_files
+      get_proxy_data
     end
 
     print_status("Complete")
