fix show command parsing
this ius better than a regex and handles special charachters in usernames and passwords far better than the previous way
This commit is contained in:
parent
3c85601426
commit
a929a55404
2
Gemfile
2
Gemfile
|
@ -7,7 +7,7 @@ group :db do
|
|||
# Needed for Msf::DbManager
|
||||
gem 'activerecord', '>= 3.0.0', '< 4.0.0'
|
||||
# Metasploit::Credential database models
|
||||
gem 'metasploit-credential', git: 'github-metasploit-credential:rapid7/metasploit-credential.git', tag: 'v0.4.5-electro-release'
|
||||
gem 'metasploit-credential', git: 'github-metasploit-credential:rapid7/metasploit-credential.git', tag: 'v0.4.6-electro-release'
|
||||
# Database models shared between framework and Pro.
|
||||
gem 'metasploit_data_models', '~> 0.17.2.pre.metasploit.pre.data.pre.models.pre.search'
|
||||
# Needed for module caching in Mdm::ModuleDetails
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
GIT
|
||||
remote: github-metasploit-credential:rapid7/metasploit-credential.git
|
||||
revision: b861156ed09cd4069541c60a611d89e302389d4c
|
||||
tag: v0.4.3-electro-release
|
||||
revision: 7ef85cf01921e176524592957b650c6df9f0be84
|
||||
tag: v0.4.6-electro-release
|
||||
specs:
|
||||
metasploit-credential (0.4.3.pre.electro.pre.release)
|
||||
metasploit-credential (0.4.6.pre.electro.pre.release)
|
||||
metasploit-concern (~> 0.1.0)
|
||||
metasploit-model (>= 0.24.1.pre.semantic.pre.versioning.pre.2.pre.0, < 0.25)
|
||||
metasploit_data_models (>= 0.17.2.pre.metasploit.pre.data.pre.models.pre.search, < 0.18)
|
||||
|
|
|
@ -70,12 +70,16 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
print_status "Cracked Passwords this run:"
|
||||
cracker_instance.each_cracked_password do |password_line|
|
||||
password_line.chomp!
|
||||
next if password_line.blank?
|
||||
# We look for the outpuy line containing username:password:core.id: for our actual password results
|
||||
next unless password_line =~ /\w+:\w+:\d+:/
|
||||
username, password, core_id = password_line.split(':')
|
||||
fields = password_line.split(":")
|
||||
# If we don't have an expected minimum number of fields, this is probably not a hash line
|
||||
next unless fields.count >=3
|
||||
username = fields.shift
|
||||
core_id = fields.pop
|
||||
password = fields.join(':') # Anything left must be the password. This accounts for passwords with : in them
|
||||
print_good password_line
|
||||
create_cracked_credential( username: username, password: password, core_id: core_id)
|
||||
print_good password_line.chomp
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue