metasploit-framework/lib/msf/core/model/cred.rb

module Msf
class DBManager

class Cred < ActiveRecord::Base
	include DBSave
	belongs_to :service

	KEY_ID_REGEX = /([0-9a-fA-F:]{47})/ # Could be more strict

	# Returns its workspace
	def workspace
		self.service.host.workspace
	end

	# Returns its key id. If this is not an ssh-type key, returns nil.
	def ssh_key_id
		return nil unless self.ptype =~ /^ssh_/
		return nil unless self.proof =~ KEY_ID_REGEX
		$1.downcase # Can't run into NilClass problems.
	end

	# Returns all private keys with matching key ids, including itself
	# If this is not an ssh-type key, always returns an empty array.
	def ssh_private_keys
		return [] unless self.ssh_key_id
		matches = self.class.all(:conditions => ["creds.ptype = ? AND creds.proof ILIKE ?", "ssh_key", "%#{self.ssh_key_id}%"])
		matches.select {|c| c.workspace == self.workspace}
	end

	# Returns all public keys with matching key ids, including itself
	# If this is not an ssh-type key, always returns an empty array.
	def ssh_public_keys
		return [] unless self.ssh_key_id
		matches = self.class.all(:conditions => ["creds.ptype = ? AND creds.proof ILIKE ?", "ssh_pubkey", "%#{self.ssh_key_id}%"])
		matches.select {|c| c.workspace == self.workspace}
	end

	# Returns all keys with matching key ids, including itself
	# If this is not an ssh-type key, always returns an empty array.
	def ssh_keys
		(self.ssh_private_keys | self.ssh_public_keys)
	end
	
	def ssh_key_matches?(other_cred)
		return false unless other_cred.kind_of? self.class
		return false unless self.ptype == other_cred.ptype
		case self.ptype
		when "ssh_key"
			matches = self.ssh_private_keys
		when "ssh_pubkey"
			matches = self.ssh_public_keys
		else
			false
		end
		matches.include?(self) and matches.include?(other_cred)
	end

end

end
end
Fixes #2412. Adds a creds table, modifies the db_report_auth API, adds the db_creds and db_add_cred commands. git-svn-id: file:///home/svn/framework3/trunk@10034 4d416f70-5f16-0410-b530-b9f4589650da 2010-08-18 00:58:20 +00:00			`module Msf`
			`class DBManager`

			`class Cred < ActiveRecord::Base`
			`include DBSave`
			`belongs_to :service`
Adds a mechanism to compare stored SSH keys by key id. git-svn-id: file:///home/svn/framework3/trunk@13154 4d416f70-5f16-0410-b530-b9f4589650da 2011-07-12 16:33:54 +00:00
Adds SSHKey gem and some other ssh goodies Pubkeys are now stored as loot, and the Cred model has new and exciting ways to discover which pubkeys match which privkeys. Squashed commit of the following: commit 036d2eb61500da7e161f50d348a44fbf615f6e17 Author: Tod Beardsley <todb@metasploit.com> Date: Sun Jan 8 22:23:32 2012 -0600 Updates ssh credentials to easily find common keys Instead of making the modules do all the work of cross-checking keys, this introduces a few new methods to the Cred model to make this more universal. Also includes the long-overdue workspace() method for credentials. So far, nothing actually implements it, but it's nice that it's there now. commit c28430a721fc6272e48329bed902dd5853b4a75a Author: Tod Beardsley <todb@metasploit.com> Date: Sun Jan 8 20:10:40 2012 -0600 Adding back cross-checking for privkeys. Needs to test to see if anything depends on order, but should be okay to mark up the privkey proof with this as well. commit dd3563995d4d3c015173e730eebacf471c671b4f Author: Tod Beardsley <todb@metasploit.com> Date: Sun Jan 8 16:49:56 2012 -0600 Add SSHKey gem, convert PEM pubkeys to SSH pubkeys commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd Author: Tod Beardsley <todb@metasploit.com> Date: Sun Jan 8 13:51:55 2012 -0600 Store pubkeys as loot for reuse. Yanked cross checking for now, will drop back in before pushing. commit aad12b31a897db2952999f7be0161df1f59b6000 Author: Tod Beardsley <todb@metasploit.com> Date: Sun Jan 8 02:10:12 2012 -0600 Fixes up a couple typos in ssh_identify_pubkeys commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803 Author: Tod Beardsley <todb@metasploit.com> Date: Sat Jan 7 17:18:33 2012 -0600 Updates to ssh_identify_pubkeys and friends Switches reporting to cred-based rather than note-based, accurately deal with DSA keys, adds disable_agent option to other ssh modules, and reports successful ssh_login attempts pubkey fingerprints as well. This last thing Leads to some double accounting of creds, so I'm not super-thrilled, but it sure makes searching for ssh_pubkey types a lot easier.... maybe a better solution is to just have a special method for the cred model, though. 2012-01-09 04:28:37 +00:00			`KEY_ID_REGEX = /([0-9a-fA-F:]{47})/ # Could be more strict`

			`# Returns its workspace`
			`def workspace`
			`self.service.host.workspace`
			`end`

			`# Returns its key id. If this is not an ssh-type key, returns nil.`
			`def ssh_key_id`
			`return nil unless self.ptype =~ /^ssh_/`
			`return nil unless self.proof =~ KEY_ID_REGEX`
			`$1.downcase # Can't run into NilClass problems.`
			`end`

			`# Returns all private keys with matching key ids, including itself`
			`# If this is not an ssh-type key, always returns an empty array.`
			`def ssh_private_keys`
			`return [] unless self.ssh_key_id`
			`matches = self.class.all(:conditions => ["creds.ptype = ? AND creds.proof ILIKE ?", "ssh_key", "%#{self.ssh_key_id}%"])`
			`matches.select {\|c\| c.workspace == self.workspace}`
			`end`

			`# Returns all public keys with matching key ids, including itself`
			`# If this is not an ssh-type key, always returns an empty array.`
			`def ssh_public_keys`
			`return [] unless self.ssh_key_id`
			`matches = self.class.all(:conditions => ["creds.ptype = ? AND creds.proof ILIKE ?", "ssh_pubkey", "%#{self.ssh_key_id}%"])`
			`matches.select {\|c\| c.workspace == self.workspace}`
			`end`

			`# Returns all keys with matching key ids, including itself`
			`# If this is not an ssh-type key, always returns an empty array.`
			`def ssh_keys`
			`(self.ssh_private_keys \| self.ssh_public_keys)`
Adds a mechanism to compare stored SSH keys by key id. git-svn-id: file:///home/svn/framework3/trunk@13154 4d416f70-5f16-0410-b530-b9f4589650da 2011-07-12 16:33:54 +00:00			`end`
Add back in ssh_key_matches?() 2012-01-09 04:45:00 +00:00
			`def ssh_key_matches?(other_cred)`
A great big pile of fixes to the ssh scanners Not sure how this managed to fall out of master -- some of these fixes are five days old, and should certianly have been merged in prior to just now. 2012-01-13 19:49:21 +00:00			`return false unless other_cred.kind_of? self.class`
			`return false unless self.ptype == other_cred.ptype`
			`case self.ptype`
			`when "ssh_key"`
			`matches = self.ssh_private_keys`
			`when "ssh_pubkey"`
			`matches = self.ssh_public_keys`
			`else`
			`false`
			`end`
Add back in ssh_key_matches?() 2012-01-09 04:45:00 +00:00			`matches.include?(self) and matches.include?(other_cred)`
			`end`
Adds a mechanism to compare stored SSH keys by key id. git-svn-id: file:///home/svn/framework3/trunk@13154 4d416f70-5f16-0410-b530-b9f4589650da 2011-07-12 16:33:54 +00:00
Fixes #2412. Adds a creds table, modifies the db_report_auth API, adds the db_creds and db_add_cred commands. git-svn-id: file:///home/svn/framework3/trunk@10034 4d416f70-5f16-0410-b530-b9f4589650da 2010-08-18 00:58:20 +00:00			`end`

			`end`
			`end`