Use the latest cred API, no more report_auth_info

2015-09-04 13:43:15 -05:00 · 2015-09-04 13:43:15 -05:00 · cf6d5fac2a
parent d55757350d
commit cf6d5fac2a
7 changed files with 232 additions and 46 deletions
--- a/modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb
+++ b/modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb
@ -175,15 +175,14 @@ class Metasploit3 < Msf::Auxiliary
        @plain_passwords[i] << " (ISO-8859-1 hex chars)"
      end

-      report_auth_info({
-       :host => rhost,
-       :port => rport,
-       :user => @users[i][0],
-       :pass => @plain_passwords[i],
-       :type => "password",
-       :sname => (ssl ? "https" : "http"),
-       :proof => "Leaked encrypted password from #{@users[i][3]}: #{@users[i][1]}:#{@users[i][2]}"
-      })
+      report_cred(
+        ip: rhost,
+        port: rport,
+        user: @users[i][0],
+        password: @plain_passwords[i],
+        service_name: (ssl ? "https" : "http"),
+        proof: "Leaked encrypted password from #{@users[i][3]}: #{@users[i][1]}:#{@users[i][2]}"
+      )

      users_table << [@users[i][0], @users[i][1], @users[i][2], @plain_passwords[i], user_type(@users[i][3])]
    end
@ -191,6 +190,32 @@ class Metasploit3 < Msf::Auxiliary
    print_line(users_table.to_s)
  end

+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      origin_type: :service,
+      module_fullname: fullname,
+      username: opts[:user],
+      private_data: opts[:password],
+      private_type: :password
+    }.merge(service_data)
+
+    login_data = {
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::UNTRIED,
+      proof: opts[:proof]
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
  def user_type(database)
    user_type = database

--- a/modules/auxiliary/admin/scada/modicon_password_recovery.rb
+++ b/modules/auxiliary/admin/scada/modicon_password_recovery.rb
@ -90,18 +90,45 @@ class Metasploit3 < Msf::Auxiliary
    end
  end

+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      origin_type: :service,
+      module_fullname: fullname,
+      username: opts[:user],
+      private_data: opts[:password],
+      private_type: :password
+    }.merge(service_data)
+
+    login_data = {
+      last_attempted_at: Time.now,
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::SUCCESSFUL,
+      proof: opts[:proof]
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
  def setup_ftp_connection
    vprint_status "#{ip}:#{rport} - FTP - Connecting"
-    if connect_login()
+    conn = connect_login
+    if conn
      print_status("#{ip}:#{rport} - FTP - Login succeeded")
-      report_auth_info(
-        :host => ip,
-        :port => rport,
-        :proto => 'tcp',
-        :user => user,
-        :pass => pass,
-        :ptype => 'password_ro',
-        :active => true
+      report_cred(
+        ip: ip,
+        port: rport,
+        user: user,
+        password: pass,
+        service_name: 'modicon',
+        proof: "connect_login: #{conn}"
      )
      return true
    else
--- a/modules/auxiliary/dos/http/wordpress_long_password_dos.rb
+++ b/modules/auxiliary/dos/http/wordpress_long_password_dos.rb
@ -68,16 +68,41 @@ class Metasploit3 < Msf::Auxiliary
    datastore['TIMEOUT']
  end

+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      origin_type: :service,
+      module_fullname: fullname,
+      username: opts[:user]
+    }.merge(service_data)
+
+    login_data = {
+      last_attempted_at: DateTime.now,
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::SUCCESSFUL,
+      proof: opts[:proof]
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
  def user_exists(user)
    exists = wordpress_user_exists?(user)
    if exists
      print_good("#{peer} - Username \"#{username}\" is valid")
-      report_auth_info(
-        :host => rhost,
-        :sname => (ssl ? 'https' : 'http'),
-        :user => user,
-        :port => rport,
-        :proof => "WEBAPP=\"Wordpress\", VHOST=#{vhost}"
+      report_cred(
+        ip: rhost,
+        port: rport,
+        user: user,
+        service_name: (ssl ? 'https' : 'http'),
+        proof: "WEBAPP=\"Wordpress\", VHOST=#{vhost}"
      )

      return true
--- a/modules/auxiliary/gather/apache_rave_creds.rb
+++ b/modules/auxiliary/gather/apache_rave_creds.rb
@ -103,6 +103,33 @@ class Metasploit3 < Msf::Auxiliary
    }
  end

+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      origin_type: :service,
+      module_fullname: fullname,
+      username: opts[:user],
+      private_data: opts[:password],
+      private_type: :password
+    }.merge(service_data)
+
+    login_data = {
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::UNTRIED,
+      proof: opts[:proof]
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
+
  def run

    print_status("#{rhost}:#{rport} - Fingerprinting...")
@ -183,13 +210,13 @@ class Metasploit3 < Msf::Auxiliary
      print_status("#{rhost}:#{rport} - Recovering Hashes...")
      json_info["result"]["resultSet"].each { |result|
        print_good("#{rhost}:#{rport} - Found cred: #{result["username"]}:#{result["password"]}")
-        report_auth_info(
-          :host => rhost,
-          :port => rport,
-          :sname => "Apache Rave",
-          :user => result["username"],
-          :pass => result["password"],
-          :active => result["enabled"]
+        report_cred(
+          ip: rhost,
+          port: rport,
+          service_name: 'Apache Rave',
+          user: result["username"],
+          password: result["password"],
+          proof: user_data
        )
      }

--- a/modules/auxiliary/gather/d20pass.rb
+++ b/modules/auxiliary/gather/d20pass.rb
@ -182,6 +182,32 @@ class Metasploit3 < Msf::Auxiliary
    return res
  end

+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      origin_type: :service,
+      module_fullname: fullname,
+      username: opts[:user],
+      private_data: opts[:password],
+      private_type: :password
+    }.merge(service_data)
+
+    login_data = {
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::UNTRIED,
+      proof: opts[:proof]
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
  # Parse the usernames, passwords, and security levels from the config
  # It's a little ugly (lots of hard-coded offsets).
  # The userdata starts at an offset dictated by the B014USERS config
@ -213,13 +239,13 @@ class Metasploit3 < Msf::Auxiliary
        break
      end
      logins <<  [accounttype,  accountname,  accountpass]
-      report_auth_info(
-        :host => datastore['RHOST'],
-        :port => 23,
-        :sname => "telnet",
-        :user => accountname,
-        :pass => accountpass,
-        :active => true
+      report_cred(
+        ip: datastore['RHOST'],
+        port: 23,
+        service_name: 'telnet',
+        user: accountname,
+        password: accountpass,
+        proof: accounttype
      )
    end
    if not logins.rows.empty?
--- a/modules/auxiliary/gather/doliwamp_traversal_creds.rb
+++ b/modules/auxiliary/gather/doliwamp_traversal_creds.rb
@ -151,6 +151,32 @@ class Metasploit3 < Msf::Auxiliary
    get_session_tokens ? Exploit::CheckCode::Vulnerable : Exploit::CheckCode::Safe
  end

+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      origin_type: :service,
+      module_fullname: fullname,
+      username: opts[:user],
+      private_data: opts[:password],
+      private_type: :password
+    }.merge(service_data)
+
+    login_data = {
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::UNTRIED,
+      proof: opts[:proof]
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
  def run
    return unless tokens = get_session_tokens
    credentials = []
@ -172,14 +198,14 @@ class Metasploit3 < Msf::Auxiliary
      'Columns' => ['Username', 'Password', 'Admin', 'E-mail']
    )
    credentials.each do |record|
-      report_auth_info({
-        :host  => rhost,
-        :port  => rport,
-        :sname => (ssl ? 'https' : 'http'),
-        :user  => record[0],
-        :pass  => record[1],
-        :source_type => 'vuln'
-      })
+      report_cred(
+        ip: rhost,
+        port: rport,
+        service_name: (ssl ? 'https' : 'http'),
+        user: record[0],
+        password: record[1],
+        proof: @cookie
+      )
      cred_table << [record[0], record[1], record[2], record[3]]
    end
    print_line
--- a/test/modules/auxiliary/test/report_auth_info.rb
+++ b/test/modules/auxiliary/test/report_auth_info.rb
@ -450,6 +450,36 @@ class Metasploit3 < Msf::Auxiliary
    mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'hp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
  end

+  def test_d20pass
+     mod = framework.auxiliary.create('gather/d20pass')
+     mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'hp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
+  end
+
+  def test_doliwamp_traversal_creds
+    mod = framework.auxiliary.create('gather/doliwamp_traversal_creds')
+    mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'hp', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
+  end
+
+  def test_apache_rave_creds
+    mod = framework.auxiliary.create('gather/apache_rave_creds')
+    mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'Apache Rave', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
+  end
+
+  def test_wordpress_long_password_dos
+    mod = framework.auxiliary.create('dos/http/wordpress_long_password_dos')
+    mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, proof: FAKE_PROOF)
+  end
+
+  def test_modicon_password_recovery
+    mod = framework.auxiliary.create('admin/scada/modicon_password_recovery')
+    mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
+  end
+
+  def test_advantech_webaccess_dbvisitor_sqli
+    mod = framework.auxiliary.create('admin/scada/advantech_webaccess_dbvisitor_sqli')
+    mod.report_cred(ip: FAKE_IP, port: FAKE_PORT, service_name: 'http', user: FAKE_USER, password: FAKE_PASS, proof: FAKE_PROOF)
+  end
+
  def run
    counter_all  = 0
    counter_good = 0