Merge pull request #40 from rapid7/feature/MSP-9748/postgres_hashdump

Feature/msp 9748/postgres hashdump
2014-06-06 10:51:19 -05:00 · 2014-06-06 10:51:19 -05:00 · 4bc543715d
parent b6f049d41e 4960503a59
commit 4bc543715d
1 changed files with 28 additions and 17 deletions
--- a/modules/auxiliary/scanner/postgres/postgres_hashdump.rb
+++ b/modules/auxiliary/scanner/postgres/postgres_hashdump.rb
@ -53,12 +53,6 @@ class Metasploit3 < Msf::Auxiliary
      print_status("Query appears to have run successfully")
    end

-    this_service = report_service(
-          :host  => datastore['RHOST'],
-          :port => datastore['RPORT'],
-          :name => 'postgres',
-          :proto => 'tcp'
-          )

    tbl = Rex::Ui::Text::Table.new(
      'Header'  => 'Postgres Server Hashes',
@ -66,6 +60,22 @@ class Metasploit3 < Msf::Auxiliary
      'Columns' => ['Username', 'Hash']
    )

+    service_data = {
+        address: ::Rex::Socket.getaddress(rhost,true),
+        port: rport,
+        service_name: 'postgres',
+        protocol: 'tcp',
+        workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+        origin_type: :service,
+        jtr_format: 'raw-md5',
+        module_fullname: self.fullname,
+        private_type: :nonreplayable_hash
+    }
+
+    credential_data.merge!(service_data)


    res[:complete].rows.each do |row|
@ -73,23 +83,24 @@ class Metasploit3 < Msf::Auxiliary
      next if row[0].empty? or row[1].empty?
      password = row[1]
      password.slice!(0,3)
+
+      credential_data[:username]     = row[0]
+      credential_data[:private_data] = password
+
+      credential_core = create_credential(credential_data)
+      login_data = {
+          core: credential_core,
+          status: Metasploit::Credential::Login::Status::UNTRIED
+      }
+      login_data.merge!(service_data)
+      create_credential_login(login_data)
+
      tbl << [row[0], password]
    end
    print_good("#{tbl.to_s}")
-    report_hash(tbl.to_csv,this_service)
-

  end

-  #Reports the Stolen Hashes back to the Database for later cracking
-  def report_hash(hashtable,service)
-    filename= "#{datastore['RHOST']}-#{datastore['RPORT']}_postgreshashes.txt"
-    path = store_loot("postgres.hashes", "text/plain", datastore['RHOST'], hashtable, filename, "Postgres Hashes",service)
-    print_status("Hash Table has been saved: #{path}")
-
-  end
-
-


 end