Merge pull request #3580 from dmaloney-r7/bug/MSP-10869/credential-parent

Credential Parent References
bug/bundler_fix
jvennix-r7 2014-07-29 14:00:59 -05:00
commit 0876302fba
2 changed files with 12 additions and 1 deletions

View File

@ -12,6 +12,9 @@ module Metasploit
# @return [Boolean] Whether BOTH a public and private are required
# (defaults to `true`)
attr_accessor :paired
# @!attribute parent
# @return [Object] the parent object that had .to_credential called on it to create this object
attr_accessor :parent
# @!attribute private
# The private credential component (e.g. username)
#

View File

@ -83,6 +83,7 @@ module Metasploit
# This could be a Credential object, or a Credential Core, or an Attempt object
# so make sure that whatever it is, we end up with a Credential.
credential = raw_cred.to_credential
credential.parent = raw_cred
if credential.realm.present? && self.class::REALM_KEY.present?
credential.realm_key = self.class::REALM_KEY
@ -129,7 +130,14 @@ module Metasploit
successful_users = Set.new
each_credential do |credential|
next if successful_users.include?(credential.public)
# For Pro bruteforce Reuse and Guess we need to note that we skipped an attempt.
if successful_users.include?(credential.public)
if credential.parent.respond_to?(:skipped)
credential.parent.skipped = true
credential.parent.save!
end
next
end
result = attempt_login(credential)
result.freeze