dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix show command parsing 

this ius better than a regex and handles special charachters
in usernames and passwords far better than the previous way
This commit is contained in:
David Maloney 2014-06-20 10:48:42 -05:00
parent 3c85601426
commit a929a55404
No known key found for this signature in database
GPG Key ID: DEDBA9DC3A913DB2
3 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Gemfile
View File

@ -7,7 +7,7 @@ group :db do
# Needed for Msf::DbManager
gem 'activerecord', '>= 3.0.0', '< 4.0.0'
# Metasploit::Credential database models
gem 'metasploit-credential', git: 'github-metasploit-credential:rapid7/metasploit-credential.git', tag: 'v0.4.5-electro-release'
gem 'metasploit-credential', git: 'github-metasploit-credential:rapid7/metasploit-credential.git', tag: 'v0.4.6-electro-release'
# Database models shared between framework and Pro.
gem 'metasploit_data_models', '~> 0.17.2.pre.metasploit.pre.data.pre.models.pre.search'
# Needed for module caching in Mdm::ModuleDetails

6
Gemfile.lock
View File

@ -1,9 +1,9 @@
GIT
remote: github-metasploit-credential:rapid7/metasploit-credential.git
revision: b861156ed09cd4069541c60a611d89e302389d4c
tag: v0.4.3-electro-release
revision: 7ef85cf01921e176524592957b650c6df9f0be84
tag: v0.4.6-electro-release
specs:
metasploit-credential (0.4.3.pre.electro.pre.release)
metasploit-credential (0.4.6.pre.electro.pre.release)
metasploit-concern (~> 0.1.0)
metasploit-model (>= 0.24.1.pre.semantic.pre.versioning.pre.2.pre.0, < 0.25)
metasploit_data_models (>= 0.17.2.pre.metasploit.pre.data.pre.models.pre.search, < 0.18)

12
modules/auxiliary/analyze/jtr_mssql_fast.rb
View File

@ -70,12 +70,16 @@ class Metasploit3 < Msf::Auxiliary
print_status "Cracked Passwords this run:"
cracker_instance.each_cracked_password do |password_line|
password_line.chomp!
next if password_line.blank?
# We look for the outpuy line containing username:password:core.id: for our actual password results
next unless password_line =~ /\w+:\w+:\d+:/
username, password, core_id = password_line.split(':')
fields = password_line.split(":")
# If we don't have an expected minimum number of fields, this is probably not a hash line
next unless fields.count >=3
username = fields.shift
core_id = fields.pop
password = fields.join(':') # Anything left must be the password. This accounts for passwords with : in them
print_good password_line
create_cracked_credential( username: username, password: password, core_id: core_id)
print_good password_line.chomp
end
end