Land #10507, GPP creds for db_import
commit
4803c889f9
|
@ -21,6 +21,7 @@ module Msf::DBManager::Import
|
|||
autoload :CI, 'msf/core/db_manager/import/ci'
|
||||
autoload :Foundstone, 'msf/core/db_manager/import/foundstone'
|
||||
autoload :FusionVM, 'msf/core/db_manager/import/fusion_vm'
|
||||
autoload :GPP, 'msf/core/db_manager/import/gpp'
|
||||
autoload :IP360, 'msf/core/db_manager/import/ip360'
|
||||
autoload :IPList, 'msf/core/db_manager/import/ip_list'
|
||||
autoload :Libpcap, 'msf/core/db_manager/import/libpcap'
|
||||
|
@ -47,6 +48,7 @@ module Msf::DBManager::Import
|
|||
include Msf::DBManager::Import::CI
|
||||
include Msf::DBManager::Import::Foundstone
|
||||
include Msf::DBManager::Import::FusionVM
|
||||
include Msf::DBManager::Import::GPP
|
||||
include Msf::DBManager::Import::IP360
|
||||
include Msf::DBManager::Import::IPList
|
||||
include Msf::DBManager::Import::Libpcap
|
||||
|
@ -164,6 +166,7 @@ module Msf::DBManager::Import
|
|||
# :ci_xml
|
||||
# :foundstone_xml
|
||||
# :fusionvm_xml
|
||||
# :gpp_xml
|
||||
# :ip360_aspl_xml
|
||||
# :ip360_xml_v3
|
||||
# :ip_list
|
||||
|
@ -358,6 +361,9 @@ module Msf::DBManager::Import
|
|||
when "main"
|
||||
@import_filedata[:type] = "Outpost24 XML"
|
||||
return :outpost24_xml
|
||||
when /Groups|DataSources|Drives|ScheduledTasks|NTServices/
|
||||
@import_filedata[:type] = "Group Policy Preferences Credentials"
|
||||
return :gpp_xml
|
||||
else
|
||||
# Give up if we haven't hit the root tag in the first few lines
|
||||
break if line_count > 10
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
require 'rex/parser/group_policy_preferences'
|
||||
|
||||
module Msf::DBManager::Import::GPP
|
||||
def import_gpp_xml(args = {}, &block)
|
||||
return unless args && args[:data] && !args[:data].empty?
|
||||
|
||||
gpp = Rex::Parser::GPP.parse(args[:data])
|
||||
|
||||
return unless gpp && gpp.any?
|
||||
|
||||
wspace = find_workspace(args[:workspace])
|
||||
|
||||
return unless wspace && wspace.respond_to?(:id)
|
||||
|
||||
gpp.each do |p|
|
||||
# Skip incomplete creds
|
||||
next unless p[:USER] && p[:PASS]
|
||||
|
||||
# Store decrypted creds
|
||||
create_credential(
|
||||
workspace_id: wspace.id,
|
||||
origin_type: :import,
|
||||
filename: args[:filename],
|
||||
username: p[:USER],
|
||||
private_data: p[:PASS],
|
||||
private_type: :password
|
||||
)
|
||||
end
|
||||
|
||||
# Store entire file as loot, including metadata
|
||||
report_loot(
|
||||
workspace: wspace,
|
||||
path: args[:filename],
|
||||
name: File.basename(args[:filename]),
|
||||
data: args[:data],
|
||||
type: 'microsoft.windows.gpp',
|
||||
ctype: 'text/xml',
|
||||
info: gpp
|
||||
)
|
||||
end
|
||||
end
|
|
@ -1493,6 +1493,7 @@ public
|
|||
# * :ci_xml
|
||||
# * :foundstone_xml
|
||||
# * :fusionvm_xml
|
||||
# * :gpp_xml
|
||||
# * :ip360_aspl_xml
|
||||
# * :ip360_xml_v3
|
||||
# * :ip_list
|
||||
|
|
|
@ -1428,6 +1428,7 @@ class Db
|
|||
print_line " CI"
|
||||
print_line " Foundstone"
|
||||
print_line " FusionVM XML"
|
||||
print_line " Group Policy Preferences Credentials"
|
||||
print_line " IP Address List"
|
||||
print_line " IP360 ASPL"
|
||||
print_line " IP360 XML v3"
|
||||
|
|
|
@ -84,6 +84,7 @@ RSpec.describe Msf::Ui::Console::CommandDispatcher::Db do
|
|||
" CI",
|
||||
" Foundstone",
|
||||
" FusionVM XML",
|
||||
" Group Policy Preferences Credentials",
|
||||
" IP Address List",
|
||||
" IP360 ASPL",
|
||||
" IP360 XML v3",
|
||||
|
|
|
@ -21,6 +21,7 @@ RSpec.shared_examples_for 'Msf::DBManager::Import' do
|
|||
it_should_behave_like 'Msf::DBManager::Import::CI'
|
||||
it_should_behave_like 'Msf::DBManager::Import::Foundstone'
|
||||
it_should_behave_like 'Msf::DBManager::Import::FusionVM'
|
||||
it_should_behave_like 'Msf::DBManager::Import::GPP'
|
||||
it_should_behave_like 'Msf::DBManager::Import::IP360'
|
||||
it_should_behave_like 'Msf::DBManager::Import::IPList'
|
||||
it_should_behave_like 'Msf::DBManager::Import::Libpcap'
|
||||
|
@ -38,4 +39,4 @@ RSpec.shared_examples_for 'Msf::DBManager::Import' do
|
|||
it_should_behave_like 'Msf::DBManager::Import::Retina'
|
||||
it_should_behave_like 'Msf::DBManager::Import::Spiceworks'
|
||||
it_should_behave_like 'Msf::DBManager::Import::Wapiti'
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
RSpec.shared_examples_for 'Msf::DBManager::Import::GPP' do
|
||||
it { is_expected.to respond_to :import_gpp_xml }
|
||||
end
|
Loading…
Reference in New Issue