From 4946fc297f77894b6887fe1da8a8dbca92182ea6 Mon Sep 17 00:00:00 2001
From: Dean Welch <dean_welch@rapid7.com>
Date: Wed, 20 Mar 2024 12:14:49 +0000
Subject: [PATCH] Add user affordance for scanner modules that can create a new
 session

---
 .../auxiliary/scanner/mssql/mssql_login.rb    | 20 ++++++++++++++++--
 .../auxiliary/scanner/mysql/mysql_login.rb    | 18 +++++++++++++++-
 .../scanner/postgres/postgres_login.rb        | 21 ++++++++++++++++---
 modules/auxiliary/scanner/smb/smb_login.rb    | 20 ++++++++++++++++--
 4 files changed, 71 insertions(+), 8 deletions(-)

diff --git a/modules/auxiliary/scanner/mssql/mssql_login.rb b/modules/auxiliary/scanner/mssql/mssql_login.rb
index cea5846537..dd1770fdee 100644
--- a/modules/auxiliary/scanner/mssql/mssql_login.rb
+++ b/modules/auxiliary/scanner/mssql/mssql_login.rb
@@ -56,6 +56,19 @@ class MetasploitModule < Msf::Auxiliary
     end
   end
 
+  def run
+    results = super
+    logins = results.flat_map { |_k, v| v[:successful_logins] }
+    sessions = results.flat_map { |_k, v| v[:successful_sessions] }
+    print_status("Bruteforce completed, #{logins.size} credentials were successful.")
+    if datastore['CreateSession']
+      print_status("#{sessions.size} MSSQL sessions were opened successfully.")
+    else
+      print_status('You can open an MSSQL session with these credentials and CreateSession set to true')
+    end
+    results
+  end
+
   def run_host(ip)
     print_status("#{rhost}:#{rport} - MSSQL - Starting authentication scanner.")
 
@@ -102,7 +115,8 @@ class MetasploitModule < Msf::Auxiliary
         local_port: datastore['CPORT'],
         local_host: datastore['CHOST']
     )
-
+    successful_logins = []
+    successful_sessions = []
     scanner.scan! do |result|
       credential_data = result.to_h
       credential_data.merge!(
@@ -114,11 +128,12 @@ class MetasploitModule < Msf::Auxiliary
         credential_data[:core] = credential_core
         create_credential_login(credential_data)
         print_good "#{ip}:#{rport} - Login Successful: #{result.credential}"
+        successful_logins << result
 
         if create_session?
           begin
             mssql_client = result.proof
-            session_setup(result, mssql_client)
+            successful_sessions << session_setup(result, mssql_client)
           rescue ::StandardError => e
             elog('Failed: ', error: e)
             print_error(e)
@@ -130,6 +145,7 @@ class MetasploitModule < Msf::Auxiliary
         vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
       end
     end
+    { successful_logins: successful_logins, successful_sessions: successful_sessions }
   end
 
   def session_setup(result, client)
diff --git a/modules/auxiliary/scanner/mysql/mysql_login.rb b/modules/auxiliary/scanner/mysql/mysql_login.rb
index 909f929ad9..18a6d3a704 100644
--- a/modules/auxiliary/scanner/mysql/mysql_login.rb
+++ b/modules/auxiliary/scanner/mysql/mysql_login.rb
@@ -60,6 +60,18 @@ class MetasploitModule < Msf::Auxiliary
     [rhost,rport].join(":")
   end
 
+  def run
+    results = super
+    logins = results.flat_map { |_k, v| v[:successful_logins] }
+    sessions = results.flat_map { |_k, v| v[:successful_sessions] }
+    print_status("Bruteforce completed, #{logins.size} credentials were successful.")
+    if datastore['CreateSession']
+      print_status("#{sessions.size} MySQL sessions were opened successfully.")
+    else
+      print_status('You can open an MySQL session with these credentials and CreateSession set to true')
+    end
+    results
+  end
 
   def run_host(ip)
     begin
@@ -90,6 +102,8 @@ class MetasploitModule < Msf::Auxiliary
             local_host: datastore['CHOST']
         )
 
+        successful_logins = []
+        successful_sessions = []
         scanner.scan! do |result|
           credential_data = result.to_h
           credential_data.merge!(
@@ -102,11 +116,12 @@ class MetasploitModule < Msf::Auxiliary
             create_credential_login(credential_data)
 
             print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"
+            successful_logins << result
 
             if create_session?
               begin
                 mysql_client = result.proof
-                session_setup(result, mysql_client)
+                successful_sessions << session_setup(result, mysql_client)
               rescue ::StandardError => e
                 elog('Failed: ', error: e)
                 print_error(e)
@@ -125,6 +140,7 @@ class MetasploitModule < Msf::Auxiliary
     rescue ::Rex::ConnectionError, ::EOFError => e
       vprint_error "#{target} - Unable to connect: #{e.to_s}"
     end
+    { successful_logins: successful_logins, successful_sessions: successful_sessions }
   end
 
   # Tmtm's rbmysql is only good for recent versions of mysql, according
diff --git a/modules/auxiliary/scanner/postgres/postgres_login.rb b/modules/auxiliary/scanner/postgres/postgres_login.rb
index 8c2d83de99..ca0f75715e 100644
--- a/modules/auxiliary/scanner/postgres/postgres_login.rb
+++ b/modules/auxiliary/scanner/postgres/postgres_login.rb
@@ -64,6 +64,19 @@ class MetasploitModule < Msf::Auxiliary
     end
   end
 
+  def run
+    results = super
+    logins = results.flat_map { |_k, v| v[:successful_logins] }
+    sessions = results.flat_map { |_k, v| v[:successful_sessions] }
+    print_status("Bruteforce completed, #{logins.size} credentials were successful.")
+    if datastore['CreateSession']
+      print_status("#{sessions.size} Postgres sessions were opened successfully.")
+    else
+      print_status('You can open a Postgres session with these credentials and CreateSession set to true')
+    end
+    results
+  end
+
   # Loops through each host in turn. Note the current IP address is both
   # ip and datastore['RHOST']
   def run_host(ip)
@@ -85,7 +98,8 @@ class MetasploitModule < Msf::Auxiliary
       framework_module: self,
       use_client_as_proof: create_session?
     )
-
+    successful_logins = []
+    successful_sessions = []
     scanner.scan! do |result|
       credential_data = result.to_h
       credential_data.merge!(
@@ -98,11 +112,12 @@ class MetasploitModule < Msf::Auxiliary
         create_credential_login(credential_data)
 
         print_good "#{ip}:#{rport} - Login Successful: #{result.credential}"
+        successful_logins << result
 
         if create_session?
           begin
             postgresql_client = result.proof
-            session_setup(result, postgresql_client)
+            successful_sessions << session_setup(result, postgresql_client)
           rescue ::StandardError => e
             elog('Failed: ', error: e)
             print_error(e)
@@ -114,7 +129,7 @@ class MetasploitModule < Msf::Auxiliary
         vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
       end
     end
-
+    { successful_logins: successful_logins, successful_sessions: successful_sessions }
   end
 
   # Alias for RHOST
diff --git a/modules/auxiliary/scanner/smb/smb_login.rb b/modules/auxiliary/scanner/smb/smb_login.rb
index 4a56974ef3..bb651e2914 100644
--- a/modules/auxiliary/scanner/smb/smb_login.rb
+++ b/modules/auxiliary/scanner/smb/smb_login.rb
@@ -88,6 +88,19 @@ class MetasploitModule < Msf::Auxiliary
     end
   end
 
+  def run
+    results = super
+    logins = results.flat_map { |_k, v| v[:successful_logins] }
+    sessions = results.flat_map { |_k, v| v[:successful_sessions] }
+    print_status("Bruteforce completed, #{logins.size} credentials were successful.")
+    if datastore['CreateSession']
+      print_status("#{sessions.size} SMB sessions were opened successfully.")
+    else
+      print_status('You can open an SMB session with these credentials and CreateSession set to true')
+    end
+    results
+  end
+
   def run_host(ip)
     print_brute(level: :vstatus, ip: ip, msg: 'Starting SMB login bruteforce')
 
@@ -156,7 +169,8 @@ class MetasploitModule < Msf::Auxiliary
     cred_collection = prepend_db_hashes(cred_collection)
 
     @scanner.cred_details = cred_collection
-
+    successful_logins = []
+    successful_sessions = []
     @scanner.scan! do |result|
       case result.status
       when Metasploit::Model::Login::Status::LOCKED_OUT
@@ -173,11 +187,12 @@ class MetasploitModule < Msf::Auxiliary
         :next_user
       when Metasploit::Model::Login::Status::SUCCESSFUL
         print_brute level: :good, ip: ip, msg: "Success: '#{result.credential}' #{result.access_level}"
+        successful_logins << result
         report_creds(ip, rport, result)
         if create_session?
           begin
             smb_client = result.proof
-            session_setup(result, smb_client)
+            successful_sessions << session_setup(result, smb_client)
           rescue StandardError => e
             elog('Failed to setup the session', error: e)
             print_brute level: :error, ip: ip, msg: "Failed to setup the session - #{e.class} #{e.message}"
@@ -217,6 +232,7 @@ class MetasploitModule < Msf::Auxiliary
         )
       end
     end
+    { successful_logins: successful_logins, successful_sessions: successful_sessions }
   end
 
   # This logic is not universal ie a local account will not care about workgroup