Second verse, same as the first

2015-03-27 09:59:10 -05:00 · 2015-03-27 09:59:10 -05:00 · 466ef4349e
parent bf8146c8b5
commit 466ef4349e
3 changed files with 17 additions and 28 deletions
--- a/lib/msf/core/db_manager/exploit_attempt.rb
+++ b/lib/msf/core/db_manager/exploit_attempt.rb
@ -44,15 +44,6 @@ module Msf::DBManager::ExploitAttempt
    username   = opts.delete(:username)
    mname      = opts.delete(:module)

-    # Look up the host as appropriate
-    if not (host and host.kind_of? ::Mdm::Host)
-      if svc.kind_of? ::Mdm::Service
-        host = svc.host
-      else
-        host = get_host( :workspace => wspace, :address => host )
-      end
-    end
-
    # Bail if we dont have a host object
    return if not host

@ -153,18 +144,18 @@ module Msf::DBManager::ExploitAttempt
      vuln = find_vuln_by_refs(ref_objs, host, svc)
    end

-    # We have match, lets create a vuln_attempt record
-    if vuln
-      attempt_info = {
-        :vuln_id      => vuln.id,
+    attempt_info = {
        :attempted_at => timestamp || Time.now.utc,
        :exploited    => true,
+        :module       => mname,
        :username     => username  || "unknown",
-        :module       => mname
-      }
+    }
+    attempt_info[:session_id] = opts[:session_id] if opts[:session_id]
+    attempt_info[:loot_id]    = opts[:loot_id]    if opts[:loot_id]

-      attempt_info[:session_id] = opts[:session_id] if opts[:session_id]
-      attempt_info[:loot_id]    = opts[:loot_id]    if opts[:loot_id]
+    # We have match, lets create a vuln_attempt record
+    if vuln
+      attempt_info[:vuln_id]    = vuln.id,

      vuln.vuln_attempts.create(attempt_info)

@ -176,16 +167,6 @@ module Msf::DBManager::ExploitAttempt
    end

    # Report an exploit attempt all the same
-    attempt_info = {
-      :attempted_at => timestamp || Time.now.utc,
-      :exploited    => true,
-      :username     => username  || "unknown",
-      :module       => mname
-    }
-
-    attempt_info[:vuln_id]    = vuln.id           if vuln
-    attempt_info[:session_id] = opts[:session_id] if opts[:session_id]
-    attempt_info[:loot_id]    = opts[:loot_id]    if opts[:loot_id]

    if svc
      attempt_info[:port]  = svc.port
--- a/lib/msf/core/db_manager/session.rb
+++ b/lib/msf/core/db_manager/session.rb
@ -185,7 +185,7 @@ module Msf::DBManager::Session
    end

    vuln_info = {
-      :host => host.address,
+      :host => host,
      :name => mod_name,
      :refs => mod.references,
      :workspace => wspace,
--- a/spec/support/shared/examples/msf/db_manager/session.rb
+++ b/spec/support/shared/examples/msf/db_manager/session.rb
@ -138,6 +138,14 @@ shared_examples_for 'Msf::DBManager::Session' do
            it 'should make a MatchResult' do
              expect { report_session }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult, :count).by(1)
            end
+
+            it 'should not increase the host count' do
+              expect { report_session }.not_to change(Mdm::Host, :count)
+            end
+
+            it 'should not increase the vuln count' do
+              expect { report_session }.not_to change(Mdm::Vuln, :count)
+            end
          end

          context 'without user_data' do