Land #8327, Simplify storing credentials
James Lee
commit
4def7ce6cc
|
|
@ -772,6 +772,16 @@ module Exploit::Remote::HttpClient
|
|||
fprint[:signature]
|
||||
end
|
||||
|
||||
def service_details
|
||||
{
|
||||
origin_type: :service,
|
||||
protocol: 'tcp',
|
||||
service_name: (ssl ? 'https' : 'http'),
|
||||
address: rhost,
|
||||
port: rport
|
||||
}
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
attr_accessor :client
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ module Msf
|
|||
###
|
||||
class Module
|
||||
autoload :Arch, 'msf/core/module/arch'
|
||||
autoload :Auth, 'msf/core/module/auth'
|
||||
autoload :Author, 'msf/core/module/author'
|
||||
autoload :AuxiliaryAction, 'msf/core/module/auxiliary_action'
|
||||
autoload :Compatibility, 'msf/core/module/compatibility'
|
||||
|
|
@ -40,6 +41,7 @@ class Module
|
|||
autoload :UUID, 'msf/core/module/uuid'
|
||||
|
||||
include Msf::Module::Arch
|
||||
include Msf::Module::Auth
|
||||
include Msf::Module::Author
|
||||
include Msf::Module::Compatibility
|
||||
include Msf::Module::DataStore
|
||||
|
|
|
|||
|
|
@ -0,0 +1,33 @@
|
|||
module Msf::Module::Auth
|
||||
def store_valid_credential(user:, private:, private_type: :password, proof: nil)
|
||||
service_data = {}
|
||||
if self.respond_to? ("service_details")
|
||||
service_data = service_details
|
||||
end
|
||||
|
||||
creation_data = {
|
||||
module_fullname: self.fullname,
|
||||
username: user,
|
||||
private_data: private,
|
||||
private_type: private_type,
|
||||
workspace_id: myworkspace_id
|
||||
}.merge(service_data)
|
||||
|
||||
if service_data.empty?
|
||||
cred_data = {
|
||||
origin_type: :import,
|
||||
filename: 'msfconsole' # default as values provided on the console
|
||||
}.merge(creation_data)
|
||||
create_credential(cred_data)
|
||||
else
|
||||
login_data = {
|
||||
proof: proof,
|
||||
last_attempted_at: DateTime.now,
|
||||
status: Metasploit::Model::Login::Status::SUCCESSFUL
|
||||
}.merge(creation_data)
|
||||
create_credential_and_login(login_data)
|
||||
end
|
||||
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
|
@ -62,33 +62,6 @@ class MetasploitModule < Msf::Auxiliary
|
|||
table_prefix
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: opts[:service_name],
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
last_attempted_at: DateTime.now,
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::SUCCESSFUL,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
def run
|
||||
username = Rex::Text.rand_text_alpha(10)
|
||||
password = Rex::Text.rand_text_alpha(20)
|
||||
|
|
@ -122,17 +95,10 @@ class MetasploitModule < Msf::Auxiliary
|
|||
# test login
|
||||
cookie = wordpress_login(username, password)
|
||||
|
||||
# login successfull
|
||||
# login successful
|
||||
if cookie
|
||||
print_status("User #{username} with password #{password} successfully created")
|
||||
report_cred(
|
||||
ip: rhost,
|
||||
port: rport,
|
||||
user: username,
|
||||
password: password,
|
||||
service_name: 'WordPress',
|
||||
proof: cookie
|
||||
)
|
||||
store_valid_credential(user: username, private: password, proof: cookie)
|
||||
else
|
||||
print_error("User creation failed")
|
||||
return
|
||||
|
|
|
|||
|
|
@ -78,6 +78,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
print_error("Failed to authenticate with WordPress")
|
||||
return
|
||||
end
|
||||
store_valid_credential(user: username, private: password, proof: cookie)
|
||||
print_good("Authenticated with WordPress")
|
||||
|
||||
new_email = "#{Rex::Text.rand_text_alpha(5)}@#{Rex::Text.rand_text_alpha(5)}.com"
|
||||
|
|
|
|||
|
|
@ -98,6 +98,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
print_status("Authenticating with WordPress using #{username}:#{password}...")
|
||||
cookie = wordpress_login(username, password)
|
||||
fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil?
|
||||
store_valid_credential(user: username, private: password, proof: cookie)
|
||||
print_good("Authenticated with WordPress")
|
||||
|
||||
new_email = "#{Rex::Text.rand_text_alpha(5)}@#{Rex::Text.rand_text_alpha(5)}.com"
|
||||
|
|
|
|||
|
|
@ -66,43 +66,11 @@ class MetasploitModule < Msf::Auxiliary
|
|||
datastore['TIMEOUT']
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: opts[:service_name],
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user]
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
last_attempted_at: DateTime.now,
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::SUCCESSFUL,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
def user_exists(user)
|
||||
exists = wordpress_user_exists?(user)
|
||||
if exists
|
||||
print_good("Username \"#{username}\" is valid")
|
||||
report_cred(
|
||||
ip: rhost,
|
||||
port: rport,
|
||||
user: user,
|
||||
service_name: (ssl ? 'https' : 'http'),
|
||||
proof: "WEBAPP=\"Wordpress\", VHOST=#{vhost}"
|
||||
)
|
||||
|
||||
store_valid_credential(user: user, private: nil, proof: "WEBAPP=\"Wordpress\", VHOST=#{vhost}")
|
||||
return true
|
||||
else
|
||||
print_error("\"#{user}\" is not a valid username")
|
||||
|
|
|
|||
|
|
@ -115,31 +115,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
end
|
||||
end
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: 'Cisco IronPort Appliance',
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user],
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
}.merge(service_data)
|
||||
|
||||
login_data = {
|
||||
last_attempted_at: DateTime.now,
|
||||
core: create_credential(credential_data),
|
||||
status: Metasploit::Model::Login::Status::SUCCESSFUL,
|
||||
proof: opts[:proof]
|
||||
}.merge(service_data)
|
||||
|
||||
create_credential_login(login_data)
|
||||
def service_details
|
||||
super.merge({service_name: 'Cisco IronPort Appliance'})
|
||||
end
|
||||
|
||||
#
|
||||
|
|
@ -166,7 +143,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
if res and res.get_cookies.include?('authenticated=')
|
||||
print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")
|
||||
|
||||
report_cred(ip: rhost, port: rport, user: user, password: pass, proof: res.get_cookies.inspect)
|
||||
store_valid_credential(user: user, private: pass, proof: res.get_cookies.inspect)
|
||||
return :next_user
|
||||
|
||||
else
|
||||
|
|
|
|||
|
|
@ -100,56 +100,19 @@ class MetasploitModule < Msf::Auxiliary
|
|||
end
|
||||
end
|
||||
|
||||
|
||||
def report_cred(opts)
|
||||
service_data = {
|
||||
address: opts[:ip],
|
||||
port: opts[:port],
|
||||
service_name: ssl ? 'https' : 'http',
|
||||
protocol: 'tcp',
|
||||
workspace_id: myworkspace_id
|
||||
}
|
||||
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: fullname,
|
||||
username: opts[:user]
|
||||
}.merge(service_data)
|
||||
|
||||
if opts[:password]
|
||||
credential_data.merge!(
|
||||
private_data: opts[:password],
|
||||
private_type: :password
|
||||
)
|
||||
end
|
||||
|
||||
login_data = {
|
||||
core: create_credential(credential_data),
|
||||
status: opts[:status]
|
||||
}.merge(service_data)
|
||||
|
||||
if opts[:attempt_time]
|
||||
login_data.merge!(last_attempted_at: opts[:attempt_time])
|
||||
end
|
||||
|
||||
create_credential_login(login_data)
|
||||
end
|
||||
|
||||
|
||||
def validate_user(user=nil)
|
||||
print_status("#{target_uri} - WordPress User-Validation - Checking Username:'#{user}'")
|
||||
|
||||
exists = wordpress_user_exists?(user)
|
||||
if exists
|
||||
print_good("#{target_uri} - WordPress User-Validation - Username: '#{user}' - is VALID")
|
||||
|
||||
report_cred(
|
||||
ip: rhost,
|
||||
port: rport,
|
||||
user: user,
|
||||
connection_details = {
|
||||
module_fullname: self.fullname,
|
||||
username: user,
|
||||
workspace_id: myworkspace_id,
|
||||
status: Metasploit::Model::Login::Status::UNTRIED
|
||||
)
|
||||
|
||||
}.merge(service_details)
|
||||
create_credential_and_login(connection_details)
|
||||
@users_found[user] = :reported
|
||||
return :next_user
|
||||
else
|
||||
|
|
@ -167,14 +130,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
if cookie
|
||||
print_good("#{target_uri} - WordPress Brute Force - SUCCESSFUL login for '#{user}' : '#{pass}'")
|
||||
|
||||
report_cred(
|
||||
ip: rhost,
|
||||
port: rport,
|
||||
user: user,
|
||||
password: pass,
|
||||
status: Metasploit::Model::Login::Status::SUCCESSFUL,
|
||||
attempt_time: DateTime.now
|
||||
)
|
||||
store_valid_credential(user: user, private: pass, proof: cookie)
|
||||
|
||||
return :next_user
|
||||
else
|
||||
|
|
|
|||
|
|
@ -98,6 +98,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
print_error("Unable to login as: #{user}")
|
||||
return
|
||||
end
|
||||
store_valid_credential(user: user, private: password, proof: cookie)
|
||||
|
||||
vprint_status("Trying to get nonce...")
|
||||
nonce = get_nonce(cookie)
|
||||
|
|
|
|||
|
|
@ -120,6 +120,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
print_error("Unable to login as: #{user}")
|
||||
return
|
||||
end
|
||||
store_valid_credential(user: user, private: password, proof: cookie)
|
||||
|
||||
vprint_status("Trying to get nonce...")
|
||||
nonce = get_nonce(cookie)
|
||||
|
|
|
|||
|
|
@ -71,6 +71,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
cookie = wordpress_login(username, password)
|
||||
fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil?
|
||||
print_good("Authenticated with WordPress")
|
||||
store_valid_credential(user: username, private: password, proof: cookie)
|
||||
|
||||
print_status("Preparing payload...")
|
||||
plugin_name = Rex::Text.rand_text_alpha(10)
|
||||
|
|
|
|||
|
|
@ -77,6 +77,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
vprint_status("Trying to login as #{username}")
|
||||
cookie = wordpress_login(username, password)
|
||||
fail_with(Failure::NoAccess, "#{peer} - Unable to login as: #{username}") if cookie.nil?
|
||||
store_valid_credential(user: username, private: password, proof: cookie)
|
||||
|
||||
vprint_status("Trying to get nonce")
|
||||
nonce = get_nonce(cookie)
|
||||
|
|
|
|||
|
|
@ -128,6 +128,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
end
|
||||
else
|
||||
print_good("Authenticated with WordPress")
|
||||
store_valid_credential(user: username, private: password, proof: cookie)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -75,6 +75,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
cookie = wordpress_login(username, password)
|
||||
fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil?
|
||||
print_good("Authenticated with WordPress")
|
||||
store_valid_credential(user: username, private: password, proof: cookie)
|
||||
|
||||
print_status("Preparing payload...")
|
||||
payload_name = Rex::Text.rand_text_alpha(10)
|
||||
|
|
|
|||
|
|
@ -64,6 +64,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
print_error("Unable to login as #{user}")
|
||||
return
|
||||
end
|
||||
store_valid_credential(user: username, private: password, proof: cookie)
|
||||
|
||||
print_status("Trying to upload payload")
|
||||
filename = "#{rand_text_alpha_lower(8)}.php"
|
||||
|
|
|
|||
|
|
@ -112,6 +112,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
fail_with(Failure::NoAccess, "#{peer} - Login wasn't successful")
|
||||
end
|
||||
print_status("login successful")
|
||||
store_valid_credential(user: @user, private: @password, proof: @cookie)
|
||||
else
|
||||
print_status("Trying unauthenticated exploitation...")
|
||||
end
|
||||
|
|
|
|||
|
|
@ -121,6 +121,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
print_error("Unable to login as #{user}")
|
||||
return
|
||||
end
|
||||
store_valid_credential(user: user, private: password, proof: cookie)
|
||||
|
||||
print_status("Trying to get nonce")
|
||||
nonce = get_nonce(cookie)
|
||||
|
|
|
|||
Loading…
Reference in New Issue