Add Group Policy Preferences support to db_import
And take the Jaden Smith approach, as @busterb quipped to me. :) This one's a little weird, since you normally import scans into Metasploit, but now that creds are first-class in the database, it makes more sense to be able to import them. Currently, your alternatives are post/windows/gather/credentials/gpp, which requires a session, and auxiliary/scanner/smb/smb_enum_gpp, which requires a network scan.GSoC/Meterpreter_Web_Console
parent
682b0863be
commit
b1c633faf6
|
@ -21,6 +21,7 @@ module Msf::DBManager::Import
|
|||
autoload :CI, 'msf/core/db_manager/import/ci'
|
||||
autoload :Foundstone, 'msf/core/db_manager/import/foundstone'
|
||||
autoload :FusionVM, 'msf/core/db_manager/import/fusion_vm'
|
||||
autoload :GPP, 'msf/core/db_manager/import/gpp'
|
||||
autoload :IP360, 'msf/core/db_manager/import/ip360'
|
||||
autoload :IPList, 'msf/core/db_manager/import/ip_list'
|
||||
autoload :Libpcap, 'msf/core/db_manager/import/libpcap'
|
||||
|
@ -47,6 +48,7 @@ module Msf::DBManager::Import
|
|||
include Msf::DBManager::Import::CI
|
||||
include Msf::DBManager::Import::Foundstone
|
||||
include Msf::DBManager::Import::FusionVM
|
||||
include Msf::DBManager::Import::GPP
|
||||
include Msf::DBManager::Import::IP360
|
||||
include Msf::DBManager::Import::IPList
|
||||
include Msf::DBManager::Import::Libpcap
|
||||
|
@ -164,6 +166,7 @@ module Msf::DBManager::Import
|
|||
# :ci_xml
|
||||
# :foundstone_xml
|
||||
# :fusionvm_xml
|
||||
# :gpp_xml
|
||||
# :ip360_aspl_xml
|
||||
# :ip360_xml_v3
|
||||
# :ip_list
|
||||
|
@ -358,6 +361,9 @@ module Msf::DBManager::Import
|
|||
when "main"
|
||||
@import_filedata[:type] = "Outpost24 XML"
|
||||
return :outpost24_xml
|
||||
when "Groups"
|
||||
@import_filedata[:type] = "Group Policy Preferences"
|
||||
return :gpp_xml
|
||||
else
|
||||
# Give up if we haven't hit the root tag in the first few lines
|
||||
break if line_count > 10
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
require 'rex/parser/group_policy_preferences'
|
||||
|
||||
module Msf::DBManager::Import::GPP
|
||||
def import_gpp_xml(args = {}, &block)
|
||||
return unless args && args[:data] && !args[:data].empty?
|
||||
|
||||
gpp = Rex::Parser::GPP.parse(args[:data])
|
||||
|
||||
return unless gpp && gpp.any?
|
||||
|
||||
wspace = find_workspace(args[:workspace])
|
||||
|
||||
return unless wspace && wspace.respond_to?(:id)
|
||||
|
||||
gpp.each do |p|
|
||||
create_credential(
|
||||
workspace_id: wspace.id,
|
||||
origin_type: :import,
|
||||
filename: args[:filename],
|
||||
username: p[:USER],
|
||||
private_data: p[:PASS],
|
||||
private_type: :password
|
||||
)
|
||||
end
|
||||
|
||||
report_loot(
|
||||
workspace: wspace,
|
||||
path: args[:filename],
|
||||
name: File.basename(args[:filename]),
|
||||
data: args[:data],
|
||||
type: 'microsoft.windows.gpp',
|
||||
ctype: 'text/xml',
|
||||
info: gpp
|
||||
)
|
||||
end
|
||||
end
|
|
@ -1493,6 +1493,7 @@ public
|
|||
# * :ci_xml
|
||||
# * :foundstone_xml
|
||||
# * :fusionvm_xml
|
||||
# * :gpp_xml
|
||||
# * :ip360_aspl_xml
|
||||
# * :ip360_xml_v3
|
||||
# * :ip_list
|
||||
|
|
|
@ -1428,6 +1428,7 @@ class Db
|
|||
print_line " CI"
|
||||
print_line " Foundstone"
|
||||
print_line " FusionVM XML"
|
||||
print_line " Group Policy Preferences"
|
||||
print_line " IP Address List"
|
||||
print_line " IP360 ASPL"
|
||||
print_line " IP360 XML v3"
|
||||
|
|
|
@ -84,6 +84,7 @@ RSpec.describe Msf::Ui::Console::CommandDispatcher::Db do
|
|||
" CI",
|
||||
" Foundstone",
|
||||
" FusionVM XML",
|
||||
" Group Policy Preferences",
|
||||
" IP Address List",
|
||||
" IP360 ASPL",
|
||||
" IP360 XML v3",
|
||||
|
|
|
@ -21,6 +21,7 @@ RSpec.shared_examples_for 'Msf::DBManager::Import' do
|
|||
it_should_behave_like 'Msf::DBManager::Import::CI'
|
||||
it_should_behave_like 'Msf::DBManager::Import::Foundstone'
|
||||
it_should_behave_like 'Msf::DBManager::Import::FusionVM'
|
||||
it_should_behave_like 'Msf::DBManager::Import::GPP'
|
||||
it_should_behave_like 'Msf::DBManager::Import::IP360'
|
||||
it_should_behave_like 'Msf::DBManager::Import::IPList'
|
||||
it_should_behave_like 'Msf::DBManager::Import::Libpcap'
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
RSpec.shared_examples_for 'Msf::DBManager::Import::GPP' do
|
||||
it { is_expected.to respond_to :import_gpp_xml }
|
||||
end
|
Loading…
Reference in New Issue