Land #10507, GPP creds for db_import
commit
4803c889f9
|
@ -21,6 +21,7 @@ module Msf::DBManager::Import
|
||||||
autoload :CI, 'msf/core/db_manager/import/ci'
|
autoload :CI, 'msf/core/db_manager/import/ci'
|
||||||
autoload :Foundstone, 'msf/core/db_manager/import/foundstone'
|
autoload :Foundstone, 'msf/core/db_manager/import/foundstone'
|
||||||
autoload :FusionVM, 'msf/core/db_manager/import/fusion_vm'
|
autoload :FusionVM, 'msf/core/db_manager/import/fusion_vm'
|
||||||
|
autoload :GPP, 'msf/core/db_manager/import/gpp'
|
||||||
autoload :IP360, 'msf/core/db_manager/import/ip360'
|
autoload :IP360, 'msf/core/db_manager/import/ip360'
|
||||||
autoload :IPList, 'msf/core/db_manager/import/ip_list'
|
autoload :IPList, 'msf/core/db_manager/import/ip_list'
|
||||||
autoload :Libpcap, 'msf/core/db_manager/import/libpcap'
|
autoload :Libpcap, 'msf/core/db_manager/import/libpcap'
|
||||||
|
@ -47,6 +48,7 @@ module Msf::DBManager::Import
|
||||||
include Msf::DBManager::Import::CI
|
include Msf::DBManager::Import::CI
|
||||||
include Msf::DBManager::Import::Foundstone
|
include Msf::DBManager::Import::Foundstone
|
||||||
include Msf::DBManager::Import::FusionVM
|
include Msf::DBManager::Import::FusionVM
|
||||||
|
include Msf::DBManager::Import::GPP
|
||||||
include Msf::DBManager::Import::IP360
|
include Msf::DBManager::Import::IP360
|
||||||
include Msf::DBManager::Import::IPList
|
include Msf::DBManager::Import::IPList
|
||||||
include Msf::DBManager::Import::Libpcap
|
include Msf::DBManager::Import::Libpcap
|
||||||
|
@ -164,6 +166,7 @@ module Msf::DBManager::Import
|
||||||
# :ci_xml
|
# :ci_xml
|
||||||
# :foundstone_xml
|
# :foundstone_xml
|
||||||
# :fusionvm_xml
|
# :fusionvm_xml
|
||||||
|
# :gpp_xml
|
||||||
# :ip360_aspl_xml
|
# :ip360_aspl_xml
|
||||||
# :ip360_xml_v3
|
# :ip360_xml_v3
|
||||||
# :ip_list
|
# :ip_list
|
||||||
|
@ -358,6 +361,9 @@ module Msf::DBManager::Import
|
||||||
when "main"
|
when "main"
|
||||||
@import_filedata[:type] = "Outpost24 XML"
|
@import_filedata[:type] = "Outpost24 XML"
|
||||||
return :outpost24_xml
|
return :outpost24_xml
|
||||||
|
when /Groups|DataSources|Drives|ScheduledTasks|NTServices/
|
||||||
|
@import_filedata[:type] = "Group Policy Preferences Credentials"
|
||||||
|
return :gpp_xml
|
||||||
else
|
else
|
||||||
# Give up if we haven't hit the root tag in the first few lines
|
# Give up if we haven't hit the root tag in the first few lines
|
||||||
break if line_count > 10
|
break if line_count > 10
|
||||||
|
|
|
@ -0,0 +1,41 @@
|
||||||
|
require 'rex/parser/group_policy_preferences'
|
||||||
|
|
||||||
|
module Msf::DBManager::Import::GPP
|
||||||
|
def import_gpp_xml(args = {}, &block)
|
||||||
|
return unless args && args[:data] && !args[:data].empty?
|
||||||
|
|
||||||
|
gpp = Rex::Parser::GPP.parse(args[:data])
|
||||||
|
|
||||||
|
return unless gpp && gpp.any?
|
||||||
|
|
||||||
|
wspace = find_workspace(args[:workspace])
|
||||||
|
|
||||||
|
return unless wspace && wspace.respond_to?(:id)
|
||||||
|
|
||||||
|
gpp.each do |p|
|
||||||
|
# Skip incomplete creds
|
||||||
|
next unless p[:USER] && p[:PASS]
|
||||||
|
|
||||||
|
# Store decrypted creds
|
||||||
|
create_credential(
|
||||||
|
workspace_id: wspace.id,
|
||||||
|
origin_type: :import,
|
||||||
|
filename: args[:filename],
|
||||||
|
username: p[:USER],
|
||||||
|
private_data: p[:PASS],
|
||||||
|
private_type: :password
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
# Store entire file as loot, including metadata
|
||||||
|
report_loot(
|
||||||
|
workspace: wspace,
|
||||||
|
path: args[:filename],
|
||||||
|
name: File.basename(args[:filename]),
|
||||||
|
data: args[:data],
|
||||||
|
type: 'microsoft.windows.gpp',
|
||||||
|
ctype: 'text/xml',
|
||||||
|
info: gpp
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
|
@ -1493,6 +1493,7 @@ public
|
||||||
# * :ci_xml
|
# * :ci_xml
|
||||||
# * :foundstone_xml
|
# * :foundstone_xml
|
||||||
# * :fusionvm_xml
|
# * :fusionvm_xml
|
||||||
|
# * :gpp_xml
|
||||||
# * :ip360_aspl_xml
|
# * :ip360_aspl_xml
|
||||||
# * :ip360_xml_v3
|
# * :ip360_xml_v3
|
||||||
# * :ip_list
|
# * :ip_list
|
||||||
|
|
|
@ -1428,6 +1428,7 @@ class Db
|
||||||
print_line " CI"
|
print_line " CI"
|
||||||
print_line " Foundstone"
|
print_line " Foundstone"
|
||||||
print_line " FusionVM XML"
|
print_line " FusionVM XML"
|
||||||
|
print_line " Group Policy Preferences Credentials"
|
||||||
print_line " IP Address List"
|
print_line " IP Address List"
|
||||||
print_line " IP360 ASPL"
|
print_line " IP360 ASPL"
|
||||||
print_line " IP360 XML v3"
|
print_line " IP360 XML v3"
|
||||||
|
|
|
@ -84,6 +84,7 @@ RSpec.describe Msf::Ui::Console::CommandDispatcher::Db do
|
||||||
" CI",
|
" CI",
|
||||||
" Foundstone",
|
" Foundstone",
|
||||||
" FusionVM XML",
|
" FusionVM XML",
|
||||||
|
" Group Policy Preferences Credentials",
|
||||||
" IP Address List",
|
" IP Address List",
|
||||||
" IP360 ASPL",
|
" IP360 ASPL",
|
||||||
" IP360 XML v3",
|
" IP360 XML v3",
|
||||||
|
|
|
@ -21,6 +21,7 @@ RSpec.shared_examples_for 'Msf::DBManager::Import' do
|
||||||
it_should_behave_like 'Msf::DBManager::Import::CI'
|
it_should_behave_like 'Msf::DBManager::Import::CI'
|
||||||
it_should_behave_like 'Msf::DBManager::Import::Foundstone'
|
it_should_behave_like 'Msf::DBManager::Import::Foundstone'
|
||||||
it_should_behave_like 'Msf::DBManager::Import::FusionVM'
|
it_should_behave_like 'Msf::DBManager::Import::FusionVM'
|
||||||
|
it_should_behave_like 'Msf::DBManager::Import::GPP'
|
||||||
it_should_behave_like 'Msf::DBManager::Import::IP360'
|
it_should_behave_like 'Msf::DBManager::Import::IP360'
|
||||||
it_should_behave_like 'Msf::DBManager::Import::IPList'
|
it_should_behave_like 'Msf::DBManager::Import::IPList'
|
||||||
it_should_behave_like 'Msf::DBManager::Import::Libpcap'
|
it_should_behave_like 'Msf::DBManager::Import::Libpcap'
|
||||||
|
@ -38,4 +39,4 @@ RSpec.shared_examples_for 'Msf::DBManager::Import' do
|
||||||
it_should_behave_like 'Msf::DBManager::Import::Retina'
|
it_should_behave_like 'Msf::DBManager::Import::Retina'
|
||||||
it_should_behave_like 'Msf::DBManager::Import::Spiceworks'
|
it_should_behave_like 'Msf::DBManager::Import::Spiceworks'
|
||||||
it_should_behave_like 'Msf::DBManager::Import::Wapiti'
|
it_should_behave_like 'Msf::DBManager::Import::Wapiti'
|
||||||
end
|
end
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
RSpec.shared_examples_for 'Msf::DBManager::Import::GPP' do
|
||||||
|
it { is_expected.to respond_to :import_gpp_xml }
|
||||||
|
end
|
Loading…
Reference in New Issue