Merge remote-tracking branch 'upstream/staging/electro-release' into staging/electro-release

2014-07-29 15:51:48 -05:00 · 2014-07-29 15:51:48 -05:00 · a77ca325ea
parent 533d0be2fb 0876302fba
commit a77ca325ea
2 changed files with 12 additions and 1 deletions
--- a/lib/metasploit/framework/credential.rb
+++ b/lib/metasploit/framework/credential.rb
@ -12,6 +12,9 @@ module Metasploit
      #   @return [Boolean] Whether BOTH a public and private are required
      #     (defaults to `true`)
      attr_accessor :paired
+      # @!attribute parent
+      #   @return [Object] the parent object that had .to_credential called on it to create this object
+      attr_accessor :parent
      # @!attribute private
      #   The private credential component (e.g. username)
      #
--- a/lib/metasploit/framework/login_scanner/base.rb
+++ b/lib/metasploit/framework/login_scanner/base.rb
@ -83,6 +83,7 @@ module Metasploit
              # This could be a Credential object, or a Credential Core, or an Attempt object
              # so make sure that whatever it is, we end up with a Credential.
              credential = raw_cred.to_credential
+              credential.parent = raw_cred

              if credential.realm.present? && self.class::REALM_KEY.present?
                credential.realm_key = self.class::REALM_KEY
@ -129,7 +130,14 @@ module Metasploit
            successful_users = Set.new

            each_credential do |credential|
-              next if successful_users.include?(credential.public)
+              # For Pro bruteforce Reuse and Guess we need to note that we skipped an attempt.
+              if successful_users.include?(credential.public)
+                if credential.parent.respond_to?(:skipped)
+                  credential.parent.skipped = true
+                  credential.parent.save!
+                end
+                next
+              end

              result = attempt_login(credential)
              result.freeze