Land #3746, reinstate DB_ALL_CREDS

lib/msf/core/auxiliary/auth_brute.rb

@@ -49,6 +49,53 @@ module Auxiliary::AuthBrute
     @@max_per_service = nil
   end
 
+  # This method takes a {Metasploit::Framework::CredentialCollection} and prepends existing NTLMHashes
+  # from the database. This allows the users to use the DB_ALL_CREDS option.
+  #
+  # @param [Metasploit::Framework::CredentialCollection]  the credential collection to add to
+  # @return [Metasploit::Framework::CredentialCollection] the modified Credentialcollection
+  def prepend_db_hashes(cred_collection)
+    if datastore['DB_ALL_CREDS'] && framework.db.active
+      creds = Metasploit::Credential::Core.joins(:private).where(metasploit_credential_privates: { type: 'Metasploit::Credential::NTLMHash' }, workspace_id: myworkspace.id)
+      creds.each do |cred|
+        cred_collection.prepend_cred(cred.to_credential)
+      end
+    end
+    cred_collection
+  end
+
+  # This method takes a {Metasploit::Framework::CredentialCollection} and prepends existing SSHKeys
+  # from the database. This allows the users to use the DB_ALL_CREDS option.
+  #
+  # @param [Metasploit::Framework::CredentialCollection]  the credential collection to add to
+  # @return [Metasploit::Framework::CredentialCollection] the modified Credentialcollection
+  def prepend_db_keys(cred_collection)
+    if datastore['DB_ALL_CREDS'] && framework.db.active
+      creds = Metasploit::Credential::Core.joins(:private).where(metasploit_credential_privates: { type: 'Metasploit::Credential::SSHKey' }, workspace_id: myworkspace.id)
+      creds.each do |cred|
+        cred_collection.prepend_cred(cred.to_credential)
+      end
+    end
+    cred_collection
+  end
+
+  # This method takes a {Metasploit::Framework::CredentialCollection} and prepends existing Password Credentials
+  # from the database. This allows the users to use the DB_ALL_CREDS option.
+  #
+  # @param [Metasploit::Framework::CredentialCollection]  the credential collection to add to
+  # @return [Metasploit::Framework::CredentialCollection] the modified Credentialcollection
+  def prepend_db_passwords(cred_collection)
+    if datastore['DB_ALL_CREDS'] && framework.db.active
+      creds = Metasploit::Credential::Core.joins(:private).where(metasploit_credential_privates: { type: 'Metasploit::Credential::Password' }, workspace_id: myworkspace.id)
+      creds.each do |cred|
+        cred_collection.prepend_cred(cred.to_credential)
+      end
+    end
+    cred_collection
+  end
+
+
+
   # Checks all three files for usernames and passwords, and combines them into
   # one credential list to apply against the supplied block. The block (usually
   # something like do_login(user,pass) ) is responsible for actually recording

modules/auxiliary/scanner/afp/afp_login.rb

@@ -54,6 +54,8 @@ class Metasploit3 < Msf::Auxiliary
         user_as_pass: datastore['USER_AS_PASS'],
     )
 
+    cred_collection = prepend_db_passwords(cred_collection)
+
     scanner = Metasploit::Framework::LoginScanner::AFP.new(
         host: ip,
         port: rport,

modules/auxiliary/scanner/db2/db2_auth.rb

@@ -52,6 +52,8 @@ class Metasploit3 < Msf::Auxiliary
         realm: datastore['DATABASE']
     )
 
+    cred_collection = prepend_db_passwords(cred_collection)
+
     scanner = Metasploit::Framework::LoginScanner::DB2.new(
         host: ip,
         port: rport,

modules/auxiliary/scanner/ftp/ftp_login.rb

@@ -66,6 +66,8 @@ class Metasploit3 < Msf::Auxiliary
         prepended_creds: anonymous_creds
     )
 
+    cred_collection = prepend_db_passwords(cred_collection)
+
     scanner = Metasploit::Framework::LoginScanner::FTP.new(
         host: ip,
         port: rport,

modules/auxiliary/scanner/http/axis_login.rb

@@ -72,6 +72,8 @@ class Metasploit3 < Msf::Auxiliary
       user_as_pass: datastore['USER_AS_PASS'],
     )
 
+    cred_collection = prepend_db_passwords(cred_collection)
+
     scanner = Metasploit::Framework::LoginScanner::Axis2.new(
       host: ip,
       port: rport,

modules/auxiliary/scanner/http/http_login.rb

@@ -129,6 +129,8 @@ class Metasploit3 < Msf::Auxiliary
       user_as_pass: datastore['USER_AS_PASS'],
     )
 
+    cred_collection = prepend_db_passwords(cred_collection)
+
     scanner = Metasploit::Framework::LoginScanner::HTTP.new(
       host: ip,
       port: rport,

modules/auxiliary/scanner/http/tomcat_mgr_login.rb

@@ -103,13 +103,17 @@ class Metasploit3 < Msf::Auxiliary
         user_as_pass: datastore['USER_AS_PASS'],
     )
 
+    cred_collection = prepend_db_passwords(cred_collection)
+
     scanner = Metasploit::Framework::LoginScanner::Tomcat.new(
         host: ip,
         port: rport,
         proxies: datastore['PROXIES'],
         cred_details: cred_collection,
         stop_on_success: datastore['STOP_ON_SUCCESS'],
-        connection_timeout: 10
+        connection_timeout: 10,
+        user_agent: datastore['UserAgent'],
+        vhost: datastore['VHOST']
     )
 
     scanner.scan! do |result|

modules/auxiliary/scanner/mssql/mssql_login.rb

@@ -43,6 +43,8 @@ class Metasploit3 < Msf::Auxiliary
         realm: datastore['DOMAIN']
     )
 
+    cred_collection = prepend_db_passwords(cred_collection)
+
     scanner = Metasploit::Framework::LoginScanner::MSSQL.new(
         host: ip,
         port: rport,

modules/auxiliary/scanner/mysql/mysql_login.rb

@@ -47,6 +47,8 @@ class Metasploit3 < Msf::Auxiliary
             user_as_pass: datastore['USER_AS_PASS'],
         )
 
+        cred_collection = prepend_db_passwords(cred_collection)
+
         scanner = Metasploit::Framework::LoginScanner::MySQL.new(
             host: ip,
             port: rport,

modules/auxiliary/scanner/pop3/pop3_login.rb

@@ -62,6 +62,8 @@ class Metasploit3 < Msf::Auxiliary
       user_as_pass: datastore['USER_AS_PASS'],
     )
 
+    cred_collection = prepend_db_passwords(cred_collection)
+
     scanner = Metasploit::Framework::LoginScanner::POP3.new(
       host: ip,
       port: rport,

modules/auxiliary/scanner/postgres/postgres_login.rb

@@ -60,6 +60,8 @@ class Metasploit3 < Msf::Auxiliary
         realm: datastore['DATABASE']
     )
 
+    cred_collection = prepend_db_passwords(cred_collection)
+
     scanner = Metasploit::Framework::LoginScanner::Postgres.new(
       host: ip,
       port: rport,

modules/auxiliary/scanner/smb/smb_login.rb

@@ -96,6 +96,9 @@ class Metasploit3 < Msf::Auxiliary
       realm: domain,
     )
 
+    cred_collection = prepend_db_passwords(cred_collection)
+    cred_collection = prepend_db_hashes(cred_collection)
+
     @scanner.cred_details = cred_collection
 
     @scanner.scan! do |result|

modules/auxiliary/scanner/ssh/ssh_login.rb

@@ -107,6 +107,8 @@ class Metasploit3 < Msf::Auxiliary
       user_as_pass: datastore['USER_AS_PASS'],
     )
 
+    cred_collection = prepend_db_passwords(cred_collection)
+
     scanner = Metasploit::Framework::LoginScanner::SSH.new(
       host: ip,
       port: rport,

modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb

@@ -196,6 +196,8 @@ class Metasploit3 < Msf::Auxiliary
       username: datastore['USERNAME'],
     )
 
+    keys = prepend_db_keys(keys)
+
     print_brute :level => :vstatus, :ip => ip, :msg => "Testing #{keys.key_data.count} keys"
     scanner = Metasploit::Framework::LoginScanner::SSH.new(
       host: ip,
@@ -236,7 +238,7 @@ class Metasploit3 < Msf::Auxiliary
 
   end
 
-  class KeyCollection
+  class KeyCollection < Metasploit::Framework::CredentialCollection
     attr_accessor :key_data
 
     def initialize(opts={})
@@ -272,6 +274,8 @@ class Metasploit3 < Msf::Auxiliary
     end
 
     def each
+      prepended_creds.each { |c| yield c }
+
       if @user_file.present?
         File.open(@user_file, 'rb') do |user_fd|
           user_fd.each_line do |user_from_file|

modules/auxiliary/scanner/telnet/telnet_login.rb

@@ -57,6 +57,8 @@ class Metasploit3 < Msf::Auxiliary
         user_as_pass: datastore['USER_AS_PASS'],
     )
 
+    cred_collection = prepend_db_passwords(cred_collection)
+
     scanner = Metasploit::Framework::LoginScanner::Telnet.new(
         host: ip,
         port: rport,

modules/auxiliary/scanner/vnc/vnc_login.rb

@@ -68,6 +68,8 @@ class Metasploit3 < Msf::Auxiliary
         user_as_pass: datastore['USER_AS_PASS']
     )
 
+    cred_collection = prepend_db_passwords(cred_collection)
+
     scanner = Metasploit::Framework::LoginScanner::VNC.new(
         host: ip,
         port: rport,

modules/auxiliary/scanner/winrm/winrm_login.rb

@@ -50,6 +50,9 @@ class Metasploit3 < Msf::Auxiliary
       user_as_pass: datastore['USER_AS_PASS'],
       realm: datastore['DOMAIN'],
     )
+
+    cred_collection = prepend_db_passwords(cred_collection)
+
     scanner = Metasploit::Framework::LoginScanner::WinRM.new(
       host: ip,
       port: rport,