allow the postgres librry to take an md5 hash
allow the raw md5 password hash to be passed in instead of a password for md5 authentication in postgres. Adds an extra exception class for when an md5 hash is given but the server expects a different form of authentication. MSP-12244
This commit is contained in:
parent
4b54517b95
commit
aa4038d539
|
@ -62,6 +62,11 @@ module Metasploit
|
|||
end
|
||||
rescue Rex::ConnectionError, EOFError, Timeout::Error => e
|
||||
result_options.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
|
||||
rescue Msf::Db::PostgresPR::AuthenticationMethodMismatch => e
|
||||
result_options.merge!({
|
||||
status: Metasploit::Model::Login::Status::INCORRECT,
|
||||
proof: e.message
|
||||
})
|
||||
end
|
||||
|
||||
if pg_conn
|
||||
|
|
|
@ -19,6 +19,9 @@ module PostgresPR
|
|||
|
||||
PROTO_VERSION = 3 << 16 #196608
|
||||
|
||||
class AuthenticationMethodMismatch < StandardError
|
||||
end
|
||||
|
||||
class Connection
|
||||
|
||||
# Allow easy access to these instance variables
|
||||
|
@ -58,7 +61,10 @@ class Connection
|
|||
@transaction_status = nil
|
||||
@params = {}
|
||||
establish_connection(uri)
|
||||
|
||||
|
||||
# Check if the password supplied is a Postgres-style md5 hash
|
||||
md5_hash_match = password.match(/md5([a-f0-9]{32})/)
|
||||
|
||||
@conn << StartupMessage.new(PROTO_VERSION, 'user' => user, 'database' => database).dump
|
||||
|
||||
loop do
|
||||
|
@ -67,19 +73,24 @@ class Connection
|
|||
case msg
|
||||
when AuthentificationClearTextPassword
|
||||
raise ArgumentError, "no password specified" if password.nil?
|
||||
raise AuthenticationMethodMismatch, "Server expected clear text password auth" if md5_hash_match
|
||||
@conn << PasswordMessage.new(password).dump
|
||||
|
||||
when AuthentificationCryptPassword
|
||||
raise ArgumentError, "no password specified" if password.nil?
|
||||
raise AuthenticationMethodMismatch, "Server expected crypt password auth" if md5_hash_match
|
||||
@conn << PasswordMessage.new(password.crypt(msg.salt)).dump
|
||||
|
||||
when AuthentificationMD5Password
|
||||
raise ArgumentError, "no password specified" if password.nil?
|
||||
require 'digest/md5'
|
||||
|
||||
m = Digest::MD5.hexdigest(password + user)
|
||||
if md5_hash_match
|
||||
m = md5_hash_match[1]
|
||||
else
|
||||
m = Digest::MD5.hexdigest(password + user)
|
||||
end
|
||||
m = Digest::MD5.hexdigest(m + msg.salt)
|
||||
m = 'md5' + m
|
||||
|
||||
@conn << PasswordMessage.new(m).dump
|
||||
|
||||
when AuthentificationKerberosV4, AuthentificationKerberosV5, AuthentificationSCMCredential
|
||||
|
|
Loading…
Reference in New Issue