Use the cred API correctly

2015-07-20 18:40:48 -05:00 · 2015-07-20 18:40:48 -05:00 · 1e17ac4ec7
parent 99c29052c7
commit 1e17ac4ec7
1 changed files with 46 additions and 27 deletions
--- a/modules/auxiliary/scanner/smb/smb_enumusers_domain.rb
+++ b/modules/auxiliary/scanner/smb/smb_enumusers_domain.rb
@ -21,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary
  def initialize
    super(
      'Name'        => 'SMB Domain User Enumeration',
-      'Version'     => '$Revision $',
      'Description' => 'Determine what domain users are logged into a remote system via a DCERPC to NetWkstaUserEnum.',
      'Author'      =>
        [
@ -54,7 +53,7 @@ class Metasploit3 < Msf::Auxiliary
    return value,idx
  end

-  def parse_NetWkstaEnumUsersInfo(resp)
+  def parse_net_wksta_enum_users_info(resp)
    accounts = [ Hash.new() ]

    idx = 20
@ -96,6 +95,35 @@ class Metasploit3 < Msf::Auxiliary
    @smbdirect || datastore['SMBDirect']
  end

+  def store_username(username, res, ip, rport)
+    service_data = {
+      address: ip,
+      port: rport,
+      service_name: 'smb',
+      protocol: 'tcp',
+      workspace_id: myworkspace_id,
+      proof: res
+    }
+
+    credential_data = {
+      origin_type: :service,
+      module_fullname: fullname,
+      username: username
+    }
+
+    credential_data.merge!(service_data)
+
+    credential_core = create_credential(credential_data)
+
+    login_data = {
+      core: credential_core,
+      status: Metasploit::Model::Login::Status::UNTRIED
+    }
+
+    login_data.merge!(service_data)
+    create_credential_login(login_data)
+  end
+
  def run_host(ip)

    [[139, false], [445, true]].each do |info|
@ -130,7 +158,7 @@ class Metasploit3 < Msf::Auxiliary

        resp = dcerpc.last_response ? dcerpc.last_response.stub_data : nil

-        accounts = parse_NetWkstaEnumUsersInfo(resp)
+        accounts = parse_net_wksta_enum_users_info(resp)
        accounts.shift

        if datastore['VERBOSE']
@ -154,16 +182,7 @@ class Metasploit3 < Msf::Auxiliary
          end

          print_good("#{ip} - Found user: #{comp_user}")
-          credential_core =  create_credential(
-            origin_type: :service,
-            address: ip,
-            port: rport,
-            service_name: 'smb',
-            protocol: 'tcp',
-            module_fullname: self.fullname,
-            workspace_id: myworkspace.id,
-            username: comp_user
-          )
+          store_username(comp_user, resp, ip, rport)
        end

      rescue ::Rex::Proto::SMB::Exceptions::ErrorCode => e