mysql and pop3 now

2014-08-01 14:30:33 -05:00 · 2014-08-01 14:30:33 -05:00 · b74813b9a1
parent 2e7738c788
commit b74813b9a1
4 changed files with 27 additions and 73 deletions
--- a/lib/metasploit/framework/login_scanner/mysql.rb
+++ b/lib/metasploit/framework/login_scanner/mysql.rb
@ -23,7 +23,11 @@ module Metasploit

        def attempt_login(credential)
          result_options = {
-              credential: credential
+              credential: credential,
+              host: host,
+              port: port,
+              protocol: 'tcp',
+              service_name: 'mysql'
          }

          # manage our behind the scenes socket. Close any existing one and open a new one
--- a/lib/metasploit/framework/login_scanner/pop3.rb
+++ b/lib/metasploit/framework/login_scanner/pop3.rb
@ -26,7 +26,11 @@ module Metasploit
        def attempt_login(credential)
          result_options = {
            credential: credential,
-            status: Metasploit::Model::Login::Status::INCORRECT
+            status: Metasploit::Model::Login::Status::INCORRECT,
+            host: host,
+            port: port,
+            protocol: 'tcp',
+            service_name: 'pop3'
          }

          disconnect if self.sock
--- a/modules/auxiliary/scanner/mysql/mysql_login.rb
+++ b/modules/auxiliary/scanner/mysql/mysql_login.rb
@ -56,46 +56,20 @@ class Metasploit3 < Msf::Auxiliary
            connection_timeout: 30
        )

-        service_data = {
-            address: ip,
-            port: rport,
-            service_name: 'mysql',
-            protocol: 'tcp',
-            workspace_id: myworkspace_id
-        }
-
        scanner.scan! do |result|
+          credential_data = result.to_h
+          credential_data.merge!(
+              module_fullname: self.fullname,
+              workspace_id: myworkspace_id
+          )
          if result.success?
-            credential_data = {
-                module_fullname: self.fullname,
-                origin_type: :service,
-                private_data: result.credential.private,
-                private_type: :password,
-                username: result.credential.public
-            }
-            credential_data.merge!(service_data)
-
            credential_core = create_credential(credential_data)
+            credential_data[:core] = credential_core
+            create_credential_login(credential_data)

-            login_data = {
-                core: credential_core,
-                last_attempted_at: DateTime.now,
-                status: Metasploit::Model::Login::Status::SUCCESSFUL
-            }
-            login_data.merge!(service_data)
-
-            create_credential_login(login_data)
            print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}"
          else
-            invalidate_login(
-                address: ip,
-                port: rport,
-                protocol: 'tcp',
-                public: result.credential.public,
-                private: result.credential.private,
-                realm_key: nil,
-                realm_value: nil,
-                status: result.status)
+            invalidate_login(credential_data)
            print_status "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
          end
        end
--- a/modules/auxiliary/scanner/pop3/pop3_login.rb
+++ b/modules/auxiliary/scanner/pop3/pop3_login.rb
@ -71,10 +71,17 @@ class Metasploit3 < Msf::Auxiliary
    )

    scanner.scan! do |result|
+      credential_data = result.to_h
+      credential_data.merge!(
+          module_fullname: self.fullname,
+          workspace_id: myworkspace_id
+      )
      case result.status
      when Metasploit::Model::Login::Status::SUCCESSFUL
        print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}' '#{result.proof.to_s.gsub(/[\r\n\e\b\a]/, ' ')}'"
-        do_report(result)
+        credential_core = create_credential(credential_data)
+        credential_data[:core] = credential_core
+        create_credential_login(credential_data)
        next
      when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
        print_brute :level => :verror, :ip => ip, :msg => "Could not connect"
@ -83,16 +90,7 @@ class Metasploit3 < Msf::Auxiliary
      end

      # If we got here, it didn't work
-      invalidate_login(
-        address: ip,
-        port: rport,
-        protocol: 'tcp',
-        public: result.credential.public,
-        private: result.credential.private,
-        realm_key: result.credential.realm_key,
-        realm_value: result.credential.realm,
-        status: result.status
-      )
+      invalidate_login(credential_data)
    end
  end

@ -100,32 +98,6 @@ class Metasploit3 < Msf::Auxiliary
    datastore['SSL'] ? 'pop3s' : 'pop3'
  end

-  def do_report(result)
-    service_data = {
-      address: rhost,
-      port: rport,
-      service_name: service_name,
-      protocol: 'tcp',
-      workspace_id: myworkspace_id
-    }

-    credential_data = {
-      module_fullname: self.fullname,
-      origin_type: :service,
-      private_data: result.credential.private,
-      private_type: :password,
-      username: result.credential.public,
-    }.merge(service_data)
-
-    credential_core = create_credential(credential_data)
-
-    login_data = {
-      core: credential_core,
-      last_attempted_at: DateTime.now,
-      status: result.status
-    }.merge(service_data)
-
-    create_credential_login(login_data)
-  end

 end