convert store_valid_credential to named params

jmartin-tech · jmartin-tech · commit e2fe70d5311f · 2017-05-05T18:23:15.000-05:00
diff --git a/lib/msf/core/module/auth.rb b/lib/msf/core/module/auth.rb
@@ -1,5 +1,5 @@
 module Msf::Module::Auth
-  def store_valid_credential(user, private, private_type, proof = nil)
+  def store_valid_credential(user:, private:, private_type: :password, proof: nil)
     service_data = {}
     if self.respond_to? ("service_details")
       service_data = service_details
diff --git a/modules/auxiliary/admin/http/wp_custom_contact_forms.rb b/modules/auxiliary/admin/http/wp_custom_contact_forms.rb
@@ -113,7 +113,7 @@ def run
     # login successful
     if cookie
       print_status("User #{username} with password #{password} successfully created")
-      store_valid_credential(username, password, :password, cookie)
+      store_valid_credential(user: username, private: password, proof: cookie)
     else
       print_error("User creation failed")
       return
diff --git a/modules/auxiliary/admin/http/wp_easycart_privilege_escalation.rb b/modules/auxiliary/admin/http/wp_easycart_privilege_escalation.rb
@@ -78,7 +78,7 @@ def run
       print_error("Failed to authenticate with WordPress")
       return
     end
-    store_valid_credential(username, password, :password, cookie)
+    store_valid_credential(user: username, private: password, proof: cookie)
     print_good("Authenticated with WordPress")
 
     new_email = "#{Rex::Text.rand_text_alpha(5)}@#{Rex::Text.rand_text_alpha(5)}.com"
diff --git a/modules/auxiliary/admin/http/wp_wplms_privilege_escalation.rb b/modules/auxiliary/admin/http/wp_wplms_privilege_escalation.rb
@@ -98,7 +98,7 @@ def run
     print_status("Authenticating with WordPress using #{username}:#{password}...")
     cookie = wordpress_login(username, password)
     fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil?
-    store_valid_credential(username, password, :password, cookie)
+    store_valid_credential(user: username, private: password, proof: cookie)
     print_good("Authenticated with WordPress")
 
     new_email = "#{Rex::Text.rand_text_alpha(5)}@#{Rex::Text.rand_text_alpha(5)}.com"
diff --git a/modules/auxiliary/dos/http/wordpress_long_password_dos.rb b/modules/auxiliary/dos/http/wordpress_long_password_dos.rb
@@ -84,7 +84,7 @@ def user_exists(user)
     exists = wordpress_user_exists?(user)
     if exists
       print_good("Username \"#{username}\" is valid")
-      store_valid_credential(user, nil, :password, "WEBAPP=\"Wordpress\", VHOST=#{vhost}")
+      store_valid_credential(user: user, private: nil, proof: "WEBAPP=\"Wordpress\", VHOST=#{vhost}")
       return true
     else
       print_error("\"#{user}\" is not a valid username")
diff --git a/modules/auxiliary/scanner/http/cisco_ironport_enum.rb b/modules/auxiliary/scanner/http/cisco_ironport_enum.rb
@@ -150,7 +150,7 @@ def do_login(user, pass)
       if res and res.get_cookies.include?('authenticated=')
         print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")
 
-        store_valid_credential(user, pass, :password, res.get_cookies.inspect)
+        store_valid_credential(user: user, private: pass, proof: res.get_cookies.inspect)
         return :next_user
 
       else
diff --git a/modules/auxiliary/scanner/http/wordpress_login_enum.rb b/modules/auxiliary/scanner/http/wordpress_login_enum.rb
@@ -110,7 +110,8 @@ def service_details
         module_fullname: fullname,
         origin_type: :service,
         last_attempted_at: DateTime.now,
-        status: Metasploit::Model::Login::Status::SUCCESSFUL
+        # infer status from state when called
+        status: (@validate_only ? Metasploit::Model::Login::Status::UNTRIED : Metasploit::Model::Login::Status::SUCCESSFUL)
     }
   end
 
@@ -120,14 +121,9 @@ def validate_user(user=nil)
     exists = wordpress_user_exists?(user)
     if exists
       print_good("#{target_uri} - WordPress User-Validation - Username: '#{user}' - is VALID")
-
-      report_cred(
-        ip: rhost,
-        port: rport,
-        user: user,
-        status: Metasploit::Model::Login::Status::UNTRIED
-      )
-
+      @validate_only = true
+      store_valid_credential(user: user, private: nil)
+      @validate_only = false
       @users_found[user] = :reported
       return :next_user
     else
@@ -145,7 +141,7 @@ def do_login(user=nil, pass=nil)
     if cookie
       print_good("#{target_uri} - WordPress Brute Force - SUCCESSFUL login for '#{user}' : '#{pass}'")
 
-      store_valid_credential(user, pass, :password, cookie)
+      store_valid_credential(user: user, private: pass, proof: cookie)
 
       return :next_user
     else
diff --git a/modules/auxiliary/scanner/http/wp_nextgen_galley_file_read.rb b/modules/auxiliary/scanner/http/wp_nextgen_galley_file_read.rb
@@ -98,7 +98,7 @@ def run_host(ip)
       print_error("Unable to login as: #{user}")
       return
     end
-    store_valid_credential(user, password, :password, cookie)
+    store_valid_credential(user: user, private: password, proof: cookie)
 
     vprint_status("Trying to get nonce...")
     nonce = get_nonce(cookie)
diff --git a/modules/auxiliary/scanner/http/wp_subscribe_comments_file_read.rb b/modules/auxiliary/scanner/http/wp_subscribe_comments_file_read.rb
@@ -120,7 +120,7 @@ def run_host(ip)
       print_error("Unable to login as: #{user}")
       return
     end
-    store_valid_credential(user, password, :password, cookie)
+    store_valid_credential(user: user, private: password, proof: cookie)
 
     vprint_status("Trying to get nonce...")
     nonce = get_nonce(cookie)
diff --git a/modules/exploits/unix/webapp/wp_admin_shell_upload.rb b/modules/exploits/unix/webapp/wp_admin_shell_upload.rb
@@ -71,7 +71,7 @@ def exploit
     cookie = wordpress_login(username, password)
     fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil?
     print_good("Authenticated with WordPress")
-    store_valid_credential(username, password, :password, cookie)
+    store_valid_credential(user: username, private: password, proof: cookie)
 
     print_status("Preparing payload...")
     plugin_name = Rex::Text.rand_text_alpha(10)
diff --git a/modules/exploits/unix/webapp/wp_ajax_load_more_file_upload.rb b/modules/exploits/unix/webapp/wp_ajax_load_more_file_upload.rb
@@ -77,7 +77,7 @@ def exploit
     vprint_status("Trying to login as #{username}")
     cookie = wordpress_login(username, password)
     fail_with(Failure::NoAccess, "#{peer} - Unable to login as: #{username}") if cookie.nil?
-    store_valid_credential(username, password, :password, cookie)
+    store_valid_credential(user: username, private: password, proof: cookie)
 
     vprint_status("Trying to get nonce")
     nonce = get_nonce(cookie)
diff --git a/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb b/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb
@@ -128,7 +128,7 @@ def exploit
         end
       else
         print_good("Authenticated with WordPress")
-        store_valid_credential(username, password, :password, cookie)
+        store_valid_credential(user: username, private: password, proof: cookie)
       end
     end
 
diff --git a/modules/exploits/unix/webapp/wp_photo_gallery_unrestricted_file_upload.rb b/modules/exploits/unix/webapp/wp_photo_gallery_unrestricted_file_upload.rb
@@ -75,7 +75,7 @@ def exploit
     cookie = wordpress_login(username, password)
     fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil?
     print_good("Authenticated with WordPress")
-    store_valid_credential(username, password, :password, cookie)
+    store_valid_credential(user: username, private: password, proof: cookie)
 
     print_status("Preparing payload...")
     payload_name = Rex::Text.rand_text_alpha(10)
diff --git a/modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb b/modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb
@@ -64,7 +64,7 @@ def exploit
       print_error("Unable to login as #{user}")
       return
     end
-    store_valid_credential(username, password, :password, cookie)
+    store_valid_credential(user: username, private: password, proof: cookie)
 
     print_status("Trying to upload payload")
     filename = "#{rand_text_alpha_lower(8)}.php"
diff --git a/modules/exploits/unix/webapp/wp_total_cache_exec.rb b/modules/exploits/unix/webapp/wp_total_cache_exec.rb
@@ -112,7 +112,7 @@ def exploit
         fail_with(Failure::NoAccess, "#{peer} - Login wasn't successful")
       end
       print_status("login successful")
-      store_valid_credential(@user, @password, :password, @cookie)
+      store_valid_credential(user: @user, private: @password, proof: @cookie)
     else
       print_status("Trying unauthenticated exploitation...")
     end
diff --git a/modules/exploits/unix/webapp/wp_wptouch_file_upload.rb b/modules/exploits/unix/webapp/wp_wptouch_file_upload.rb
@@ -121,7 +121,7 @@ def exploit
       print_error("Unable to login as #{user}")
       return
     end
-    store_valid_credential(user, password, :password, cookie)
+    store_valid_credential(user: user, private: password, proof: cookie)
 
     print_status("Trying to get nonce")
     nonce = get_nonce(cookie)
