Fixes to post module cred reporting.

call to session.db_record.id would error if no db
was connected.
Fixes #6325

modules/post/multi/gather/filezilla_client_cred.rb

@@ -159,11 +159,16 @@ class Metasploit3 < Msf::Post
 			end
 			creds.each do |cred|
 				cred.each do |loot|
+					if session.db_record
+						source_id = session.db_record.id
+					else
+						source_id = nil
+					end
 					report_auth_info(
 						:host  => loot['host'],
 						:port => loot['port'],
 						:sname => 'FTP',
-						:source_id => session.db_record.id,
+						:source_id => source_id,
 						:source_type => "exploit",
 						:user => loot['user'],
 						:pass => loot['password'])

modules/post/windows/gather/credentials/coreftp.rb

@@ -57,6 +57,11 @@ class Metasploit3 < Msf::Post
 					pass = decrypt(epass)
 					pass = pass.gsub(/\x00/, '') if pass != nil and pass != ''
 					print_good("Host: #{host} Port: #{port} User: #{user}  Password: #{pass}")
+					if session.db_record
+						source_id = session.db_record.id
+					else
+						source_id = nil
+					end
 					auth =
 						{
 							:host => host,
@@ -65,7 +70,7 @@ class Metasploit3 < Msf::Post
 							:user => user,
 							:pass => pass,
 							:type => 'password',
-							:source_id => session.db_record.id,
+							:source_id => source_id,
 							:source_type => "exploit",
 							:active => true
 						}

modules/post/windows/gather/credentials/enum_cred_store.rb

@@ -160,13 +160,18 @@ class Metasploit3 < Msf::Post
 			ip_add= gethost(host)
 
 			unless ip_add.nil?
+				if session.db_record
+					source_id = session.db_record.id
+				else
+					source_id = nil
+				end
 				auth = {
 					:host => ip_add,
 					:port => port,
 					:user => cred["username"],
 					:pass => cred["password"],
 					:type => 'password',
-					:source_id => session.db_record.id,
+					:source_id => source_id,
 					:source_type => "exploit",
 					:active => true
 				}

modules/post/windows/gather/credentials/epo_sql.rb

@@ -142,13 +142,18 @@ class Metasploit3 < Msf::Post
 
 		if (db_ip)
 			# submit to reports
+			if session.db_record
+				source_id = session.db_record.id
+			else
+				source_id = nil
+			end
 			report_auth_info(
 				:host => db_ip,
 				:port => port,
 				:sname => 'mssql',
 				:user => full_user,
 				:pass => plaintext_passwd,
-				:source_id => session.db_record.id,
+				:source_id => source_id,
 				:source_type => "exploit",
 				:active => true
 			)

modules/post/windows/gather/credentials/filezilla_server.rb

@@ -148,6 +148,12 @@ class Metasploit3 < Msf::Post
 		creds.each do |cred|
 			credentials << [cred['host'], cred['port'], cred['user'], cred['password'], cred['ssl']]
 
+			if session.db_record
+				source_id = session.db_record.id
+			else
+				source_id = nil
+			end
+
 			# report the goods!
 			report_auth_info(
 				:host  => session.sock.peerhost,
@@ -157,7 +163,7 @@ class Metasploit3 < Msf::Post
 				:user => cred['user'],
 				:pass => cred['password'],
 				:ptype => "MD5 hash",
-				:source_id => session.db_record.id,
+				:source_id => source_id,
 				:source_type => "exploit",
 				:target_host => config['ftp_bindip'],
 				:target_port => config['ftp_port']
@@ -182,7 +188,11 @@ class Metasploit3 < Msf::Post
 
 		configuration << [config['ftp_port'], config['ftp_bindip'], config['admin_port'], config['admin_bindip'], config['admin_pass'],
 			config['ssl'], config['ssl_certfile'], config['ssl_keypass']]
-
+			if session.db_record
+				source_id = session.db_record.id
+			else
+				source_id = nil
+			end
 			# report the goods!
 			report_auth_info(
 				:host  => session,
@@ -192,7 +202,7 @@ class Metasploit3 < Msf::Post
 				:user => 'admin',
 				:pass => config['admin_pass'],
 				:type => "password",
-				:source_id => session.db_record.id,
+				:source_id => source_id,
 				:source_type => "exploit",
 				:target_host => config['admin_bindip'],
 				:target_port => config['admin_port']

modules/post/windows/gather/credentials/flashfxp.rb

@@ -89,11 +89,16 @@ class Metasploit3 < Msf::Post
 				passwd = decrypt(epass)
 
 				print_good("*** Host: #{host} Port: #{port} User: #{username}  Password: #{passwd} ***")
+				if session.db_record
+					source_id = session.db_record.id
+				else
+					source_id = nil
+				end
 				report_auth_info(
 					:host  => host,
 					:port => port,
 					:sname => 'FTP',
-					:source_id => session.db_record.id,
+					:source_id => source_id,
 					:source_type => "exploit",
 					:user => username,
 					:pass => passwd)

modules/post/windows/gather/credentials/ftpnavigator.rb

@@ -74,12 +74,16 @@ class Metasploit3 < Msf::Post
 			end
 
 			print_good("Host: #{server} Port: #{port} User: #{username} Pass: #{dpass}")
-
+			if session.db_record
+				source_id = session.db_record.id
+			else
+				source_id = nil
+			end
 			report_auth_info(
 				:host  => server,
 				:port => port,
 				:sname => 'ftp',
-				:source_id => session.db_record.id,
+				:source_id => source_id,
 				:source_type => "exploit",
 				:user => username,
 				:pass => dpass

modules/post/windows/gather/credentials/mremote.rb

@@ -87,11 +87,16 @@ class Metasploit3 < Msf::Post
 			pass=decrypt(decoded, @secret , iv, "AES-128-CBC")
 			print_good("HOST: #{host} PORT: #{port} PROTOCOL: #{proto} Domain: #{domain} USER: #{user} PASS: #{pass}")
 			user= "#{domain}\\#{user}" unless domain.nil? or domain.empty?
+			if session.db_record
+				source_id = session.db_record.id
+			else
+				source_id = nil
+			end
 			report_auth_info(
 				:host  => host,
 				:port => port,
 				:sname => proto,
-				:source_id => session.db_record.id,
+				:source_id => source_id,
 				:source_type => "exploit",
 				:user => user,
 				:pass => pass)

modules/post/windows/gather/credentials/outlook.rb

@@ -304,11 +304,16 @@ class Metasploit3 < Msf::Post
 				end
 
 				if got_user_pw == 1
+					if session.db_record
+						source_id = session.db_record.id
+					else
+						source_id = nil
+					end
 					report_auth_info(
 						:host  => host,
 						:port => portnum,
 						:sname => type,
-						:source_id => session.db_record.id,
+						:source_id => source_id,
 						:source_type => "exploit",
 						:user => user,
 						:pass => pass)
@@ -316,11 +321,16 @@ class Metasploit3 < Msf::Post
 				end
 
 				if smtp_use_auth != nil
+					if session.db_record
+						source_id = session.db_record.id
+					else
+						source_id = nil
+					end
 					report_auth_info(
 						:host  => smtp_server,
 						:port => smtp_port,
 						:sname => "SMTP",
-						:source_id => session.db_record.id,
+						:source_id => source_id,
 						:source_type => "exploit",
 						:user => smtp_user,
 						:pass => smtp_decrypted_password)

modules/post/windows/gather/credentials/smartftp.rb

@@ -113,10 +113,15 @@ class Metasploit3 < Msf::Post
 			pass = decrypt(epassword)
 
 			print_good("HOST: #{host} PORT: #{port} USER: #{user} PASS: #{pass}")
+			if session.db_record
+				source_id = session.db_record.id
+			else
+				source_id = nil
+			end
 			report_auth_info(
 						:host  => host,
 						:port => port,
-						:source_id => session.db_record.id,
+						:source_id => ssource_id,
 						:source_type => "exploit",
 						:user => user,
 						:pass => pass

modules/post/windows/gather/credentials/total_commander.rb

@@ -156,11 +156,16 @@ class Metasploit3 < Msf::Post
 			(host,port) = host.split(':')
 			port=21 if port==nil
 			print_good("*** Host: #{host} Port: #{port} User: #{username}  Password: #{passwd} ***")
+			if session.db_record
+				source_id = session.db_record.id
+			else
+				source_id = nil
+			end
 			report_auth_info(
 						:host  => host,
 						:port => port,
 						:sname => 'FTP',
-						:source_id => session.db_record.id,
+						:source_id => source_id,
 						:source_type => "exploit",
 						:user => username,
 						:pass => passwd

modules/post/windows/gather/credentials/vnc.rb

@@ -226,24 +226,34 @@ class Metasploit3 < Msf::Post
 					e[:port] = 5900
 				end
 				print_good("#{e[:name]} => #{e[:hash]} => #{e[:pass]} on port: #{e[:port]}")
+				if session.db_record
+					source_id = session.db_record.id
+				else
+					source_id = nil
+				end
 				report_auth_info(
 					:host  => session.sock.peerhost,
 					:sname => 'vnc',
 					:pass  => "#{e[:pass]}",
 					:port => "#{e[:port]}",
-					:source_id => session.db_record.id,
+					:source_id => source_id,
 					:source_type => "exploit",
 					:type => 'password'
 				)
 			end
 			if e[:viewonly_pass] != nil
 				print_good("VIEW ONLY: #{e[:name]} => #{e[:viewonly_hash]} => #{e[:viewonly_pass]} on port: #{e[:port]}")
+				if session.db_record
+					source_id = session.db_record.id
+				else
+					source_id = nil
+				end
 				report_auth_info(
 					:host  => session.sock.peerhost,
 					:sname => 'vnc',
 					:viewonly_pass  => "#{e[:viewonly_pass]}",
 					:port => "#{e[:port]}",
-					:source_id => session.db_record.id,
+					:source_id => source_id,
 					:source_type => "exploit",
 					:type => 'password_ro'
 				)

modules/post/windows/gather/credentials/winscp.rb

@@ -95,11 +95,16 @@ class Metasploit3 < Msf::Post
 					#Decrypt our password, and report on results
 					pass= decrypt_password(password, user+host)
 					print_status("Host: #{host}  Port: #{portnum} Protocol: #{proto}  Username: #{user}  Password: #{pass}")
+					if session.db_record
+						source_id = session.db_record.id
+					else
+						source_id = nil
+					end
 					report_auth_info(
 						:host  => host,
 						:port => portnum,
 						:sname => proto,
-						:source_id => session.db_record.id,
+						:source_id => source_id,
 						:source_type => "exploit",
 						:user => user,
 						:pass => pass
@@ -162,11 +167,16 @@ class Metasploit3 < Msf::Post
 						# Decrypt the password and report on all of the results
 						pass= decrypt_password(ini[group]['Password'], user+host)
 						print_status("Host: #{host}  Port: #{portnum} Protocol: #{proto}  Username: #{user}  Password: #{pass}")
+						if session.db_record
+							source_id = session.db_record.id
+						else
+							source_id = nil
+						end
 						report_auth_info(
 							:host  => host,
 							:port => portnum,
 							:sname => proto,
-							:source_id => session.db_record.id,
+							:source_id => source_id,
 							:source_type => "exploit",
 							:user => user,
 							:pass => pass

modules/post/windows/gather/credentials/wsftp_client.rb

@@ -72,11 +72,16 @@ class Metasploit3 < Msf::Post
 			next if passwd == nil or passwd == ""
 			port = 21 if port == nil
 			print_good("Host: #{host} Port: #{port} User: #{username}  Password: #{passwd}")
+			if session.db_record
+				source_id = session.db_record.id
+			else
+				source_id = nil
+			end
 			report_auth_info(
 				:host  => host,
 				:port => port,
 				:sname => 'FTP',
-				:source_id => session.db_record.id,
+				:source_id => source_id,
 				:source_type => "exploit",
 				:user => username,
 				:pass => passwd)