report cracked credentials
also makes mssql_hashdump report the credentials it logged in with
This commit is contained in:
parent
62f4054858
commit
d3c77b345c
2
Gemfile
2
Gemfile
|
@ -7,7 +7,7 @@ group :db do
|
|||
# Needed for Msf::DbManager
|
||||
gem 'activerecord', '>= 3.0.0', '< 4.0.0'
|
||||
# Metasploit::Credential database models
|
||||
gem 'metasploit-credential', git: 'github-metasploit-credential:rapid7/metasploit-credential.git', tag: 'v0.4.1-electro-release'
|
||||
gem 'metasploit-credential', git: 'github-metasploit-credential:rapid7/metasploit-credential.git', tag: 'v0.4.5-electro-release'
|
||||
# Database models shared between framework and Pro.
|
||||
gem 'metasploit_data_models', '~> 0.17.1'
|
||||
# Needed for module caching in Mdm::ModuleDetails
|
||||
|
|
|
@ -43,6 +43,15 @@ class Metasploit3 < Msf::Auxiliary
|
|||
cracker.crack do |line|
|
||||
print_status line
|
||||
end
|
||||
|
||||
print_status "Cracked Passwords this run:"
|
||||
cracker.each_cracked_password do |password_line|
|
||||
next if password_line.blank?
|
||||
next unless password_line =~ /\w+:\w+:\d+:/
|
||||
username, password, core_id = password_line.split(':')
|
||||
create_cracked_credential( username: username, password: password, core_id: core_id)
|
||||
print_good password_line
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -35,6 +35,39 @@ class Metasploit3 < Msf::Auxiliary
|
|||
return
|
||||
end
|
||||
|
||||
service_data = {
|
||||
address: ip,
|
||||
port: rport,
|
||||
service_name: 'mssql',
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
module_fullname: self.fullname,
|
||||
origin_type: :service,
|
||||
private_data: datastore['PASSWORD'],
|
||||
private_type: :password,
|
||||
username: datastore['USERNAME']
|
||||
}
|
||||
|
||||
if datastore['USE_WINDOWS_AUTHENT']
|
||||
credential_data[:realm_key] = Metasploit::Credential::Realm::Key::ACTIVE_DIRECTORY_DOMAIN
|
||||
credential_data[:realm_value] = datastore['DOMAIN']
|
||||
end
|
||||
credential_data.merge!(service_data)
|
||||
|
||||
credential_core = create_credential(credential_data)
|
||||
|
||||
login_data = {
|
||||
core: credential_core,
|
||||
last_attempted_at: DateTime.now,
|
||||
status: Metasploit::Credential::Login::Status::SUCCESSFUL
|
||||
}
|
||||
login_data.merge!(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
|
||||
#Grabs the Instance Name and Version of MSSQL(2k,2k5,2k8)
|
||||
instancename= mssql_query(mssql_enumerate_servername())[:rows][0][0].split('\\')[1]
|
||||
print_status("Instance Name: #{instancename.inspect}")
|
||||
|
|
Loading…
Reference in New Issue