Skip to content

Commit f0261a4

Browse files
committed
Lands rapid7#4535, report_auth_info shoring up
2 parents da2e088 + f2c22b6 commit f0261a4

File tree

4 files changed

+102
-13
lines changed

4 files changed

+102
-13
lines changed

Gemfile.lock

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ PATH
2222
tzinfo
2323
metasploit-framework-db (4.11.0.pre.dev)
2424
activerecord (>= 3.2.21, < 4.0.0)
25-
metasploit-credential (~> 0.13.8)
25+
metasploit-credential (~> 0.13.10)
2626
metasploit-framework (= 4.11.0.pre.dev)
2727
metasploit_data_models (~> 0.21.3)
2828
pg (>= 0.11)
@@ -101,7 +101,7 @@ GEM
101101
gherkin (2.11.6)
102102
json (>= 1.7.6)
103103
hike (1.2.3)
104-
i18n (0.6.11)
104+
i18n (0.7.0)
105105
journey (1.0.4)
106106
jsobfu (0.2.1)
107107
rkelly-remix (= 0.0.6)
@@ -112,7 +112,7 @@ GEM
112112
metasploit-concern (0.3.0)
113113
activesupport (~> 3.0, >= 3.0.0)
114114
railties (< 4.0.0)
115-
metasploit-credential (0.13.8)
115+
metasploit-credential (0.13.10)
116116
metasploit-concern (~> 0.3.0)
117117
metasploit-model (~> 0.28.0)
118118
metasploit_data_models (~> 0.21.0)
@@ -135,15 +135,15 @@ GEM
135135
meterpreter_bins (0.0.12)
136136
method_source (0.8.2)
137137
mime-types (1.25.1)
138-
mini_portile (0.6.1)
138+
mini_portile (0.6.2)
139139
msgpack (0.5.9)
140140
multi_json (1.0.4)
141141
network_interface (0.0.1)
142142
nokogiri (1.6.5)
143143
mini_portile (~> 0.6.0)
144144
packetfu (1.1.9)
145145
pcaprub (0.11.3)
146-
pg (0.17.1)
146+
pg (0.18.1)
147147
polyglot (0.3.5)
148148
pry (0.10.0)
149149
coderay (~> 1.1.0)
@@ -175,7 +175,7 @@ GEM
175175
rb-readline (0.5.1)
176176
rdoc (3.12.2)
177177
json (~> 1.4)
178-
recog (1.0.6)
178+
recog (1.0.7)
179179
nokogiri
180180
redcarpet (3.1.2)
181181
rkelly-remix (0.0.6)

db/schema.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
#
1212
# It's strongly recommended to check this file into your version control system.
1313

14-
ActiveRecord::Schema.define(:version => 20140922170030) do
14+
ActiveRecord::Schema.define(:version => 20150106201450) do
1515

1616
create_table "api_keys", :force => true do |t|
1717
t.text "token"

lib/msf/core/auxiliary/report.rb

Lines changed: 94 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -125,13 +125,102 @@ def report_note(opts={})
125125
framework.db.report_note(opts)
126126
end
127127

128+
# This Legacy method is responsible for creating credentials from data supplied
129+
# by a module. This method is deprecated and the new Metasploit::Credential methods
130+
# should be used directly instead.
131+
#
132+
# @param :opts [Hash] the option hash
133+
# @option opts [String] :host the address of the host (also takes a {Mdm::Host})
134+
# @option opts [Fixnum] :port the port of the connected service
135+
# @option opts [Mdm::Service] :service an optional Service object to build the cred for
136+
# @option opts [String] :type What type of private credential this is (e.g. "password", "hash", "ssh_key")
137+
# @option opts [String] :proto Which transport protocol the service uses
138+
# @option opts [String] :sname The 'name' of the service
139+
# @option opts [String] :user The username for the cred
140+
# @option opts [String] :pass The private part of the credential (e.g. password)
128141
def report_auth_info(opts={})
142+
print_error "*** #{self.fullname} is still calling the deprecated report_auth_info method! This needs to be updated!"
129143
return if not db
130-
opts = {
131-
:workspace => myworkspace,
132-
:task => mytask
133-
}.merge(opts)
134-
framework.db.report_auth_info(opts)
144+
raise ArgumentError.new("Missing required option :host") if opts[:host].nil?
145+
raise ArgumentError.new("Missing required option :port") if (opts[:port].nil? and opts[:service].nil?)
146+
147+
if opts[:host].kind_of?(::Mdm::Host)
148+
host = opts[:host].address
149+
else
150+
host = opts[:host]
151+
end
152+
153+
type = :password
154+
case opts[:type]
155+
when "password"
156+
type = :password
157+
when "hash"
158+
type = :nonreplayable_hash
159+
when "ssh_key"
160+
type = :ssh_key
161+
end
162+
163+
case opts[:proto]
164+
when "tcp"
165+
proto = "tcp"
166+
when "udp"
167+
proto = "udp"
168+
else
169+
proto = "tcp"
170+
end
171+
172+
if opts[:service] && opts[:service].kind_of?(Mdm::Service)
173+
port = opts[:service].port
174+
proto = opts[:service].proto
175+
service_name = opts[:service].name
176+
host = opts[:service].host.address
177+
else
178+
port = opts.fetch(:port)
179+
service_name = opts.fetch(:sname, nil)
180+
end
181+
182+
username = opts.fetch(:user, nil)
183+
private = opts.fetch(:pass, nil)
184+
185+
service_data = {
186+
address: host,
187+
port: port,
188+
service_name: service_name,
189+
protocol: proto,
190+
workspace_id: myworkspace_id
191+
}
192+
193+
if self.type == "post"
194+
credential_data = {
195+
origin_type: :session,
196+
session_id: session_db_id,
197+
post_reference_name: self.refname
198+
}
199+
else
200+
credential_data = {
201+
origin_type: :service,
202+
module_fullname: self.fullname
203+
}
204+
credential_data.merge!(service_data)
205+
end
206+
207+
unless private.nil?
208+
credential_data[:private_type] = type
209+
credential_data[:private_data] = private
210+
end
211+
212+
unless username.nil?
213+
credential_data[:username] = username
214+
end
215+
216+
credential_core = create_credential(credential_data)
217+
218+
login_data ={
219+
core: credential_core,
220+
status: Metasploit::Model::Login::Status::UNTRIED
221+
}
222+
login_data.merge!(service_data)
223+
create_credential_login(login_data)
135224
end
136225

137226
def report_vuln(opts={})

metasploit-framework-db.gemspec

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
2929

3030
spec.add_runtime_dependency 'activerecord', *Metasploit::Framework::RailsVersionConstraint::RAILS_VERSION
3131
# Metasploit::Credential database models
32-
spec.add_runtime_dependency 'metasploit-credential', '~> 0.13.8'
32+
spec.add_runtime_dependency 'metasploit-credential', '~> 0.13.10'
3333
# Database models shared between framework and Pro.
3434
spec.add_runtime_dependency 'metasploit_data_models', '~> 0.21.3'
3535
# depend on metasploit-framewrok as the optional gems are useless with the actual code

0 commit comments

Comments
 (0)