From 4f55452153fd782ff22f753b2d4f7eca373c45b1 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 10 Jun 2012 12:50:59 -0500 Subject: [PATCH] This adds import/export support for vuln_attempts --- lib/msf/core/db.rb | 29 +++++++++++++++++++++++++++++ lib/msf/core/db_export.rb | 11 +++++++++++ 2 files changed, 40 insertions(+) diff --git a/lib/msf/core/db.rb b/lib/msf/core/db.rb index 54b5747119..0c821b4b98 100644 --- a/lib/msf/core/db.rb +++ b/lib/msf/core/db.rb @@ -865,6 +865,24 @@ class DBManager } end + def report_vuln_attempt(vuln, opts) + ::ActiveRecord::Base.connection_pool.with_connection { + return if not vuln + info = {} + + # Opts can be keyed by strings or symbols + ::Mdm::VulnAttempt.column_names.each do |kn| + k = kn.to_sym + next if ['id', 'vuln_id'].include?(kn) + info[k] = opts[kn] if opts[kn] + info[k] = opts[k] if opts[k] + end + + info[:vuln_id] = vuln.id + Mdm::VulnAttempt.create(info) + } + end + def report_exploit_failure(opts) ::ActiveRecord::Base.connection_pool.with_connection { wspace = opts.delete(:workspace) || workspace @@ -3638,6 +3656,17 @@ class DBManager end report_vuln_details(vobj, vdet_data) end + + vuln.elements.each("vuln_attempts") do |vdet| + vdet_data = {} + vdet.elements.each do |det| + next if ["id", "vuln-id", "loot-id", "session-id"].include?(det.name) + if det.text + vdet_data[det.name.gsub('-','_')] = nils_for_nulls(det.text.to_s.strip) + end + end + report_vuln_attempt(vobj, vdet_data) + end end host.elements.each('creds/cred') do |cred| diff --git a/lib/msf/core/db_export.rb b/lib/msf/core/db_export.rb index 13dfbf67af..a4450d3d2e 100644 --- a/lib/msf/core/db_export.rb +++ b/lib/msf/core/db_export.rb @@ -424,6 +424,17 @@ class Export end report_file.write(" \n") + + # Vuln attempts sub-elements + report_file.write(" \n") + e.vuln_attempts.find(:all).each do |d| + d.attributes.each_pair do |k,v| + el = create_xml_element(k,v) + report_file.write(" #{el}\n") + end + end + report_file.write(" \n") + report_file.write(" \n") end report_file.write(" \n")