Land #3746, reinstate DB_ALL_CREDS

2014-09-08 17:24:12 -05:00 · 2014-09-08 17:24:12 -05:00 · b8000517cf
parent b9c8eb70c4 ef748fdef7
commit b8000517cf
17 changed files with 87 additions and 2 deletions
--- a/lib/msf/core/auxiliary/auth_brute.rb
+++ b/lib/msf/core/auxiliary/auth_brute.rb
@ -49,6 +49,53 @@ module Auxiliary::AuthBrute
    @@max_per_service = nil
  end

+  # This method takes a {Metasploit::Framework::CredentialCollection} and prepends existing NTLMHashes
+  # from the database. This allows the users to use the DB_ALL_CREDS option.
+  #
+  # @param [Metasploit::Framework::CredentialCollection]  the credential collection to add to
+  # @return [Metasploit::Framework::CredentialCollection] the modified Credentialcollection
+  def prepend_db_hashes(cred_collection)
+    if datastore['DB_ALL_CREDS'] && framework.db.active
+      creds = Metasploit::Credential::Core.joins(:private).where(metasploit_credential_privates: { type: 'Metasploit::Credential::NTLMHash' }, workspace_id: myworkspace.id)
+      creds.each do |cred|
+        cred_collection.prepend_cred(cred.to_credential)
+      end
+    end
+    cred_collection
+  end
+
+  # This method takes a {Metasploit::Framework::CredentialCollection} and prepends existing SSHKeys
+  # from the database. This allows the users to use the DB_ALL_CREDS option.
+  #
+  # @param [Metasploit::Framework::CredentialCollection]  the credential collection to add to
+  # @return [Metasploit::Framework::CredentialCollection] the modified Credentialcollection
+  def prepend_db_keys(cred_collection)
+    if datastore['DB_ALL_CREDS'] && framework.db.active
+      creds = Metasploit::Credential::Core.joins(:private).where(metasploit_credential_privates: { type: 'Metasploit::Credential::SSHKey' }, workspace_id: myworkspace.id)
+      creds.each do |cred|
+        cred_collection.prepend_cred(cred.to_credential)
+      end
+    end
+    cred_collection
+  end
+
+  # This method takes a {Metasploit::Framework::CredentialCollection} and prepends existing Password Credentials
+  # from the database. This allows the users to use the DB_ALL_CREDS option.
+  #
+  # @param [Metasploit::Framework::CredentialCollection]  the credential collection to add to
+  # @return [Metasploit::Framework::CredentialCollection] the modified Credentialcollection
+  def prepend_db_passwords(cred_collection)
+    if datastore['DB_ALL_CREDS'] && framework.db.active
+      creds = Metasploit::Credential::Core.joins(:private).where(metasploit_credential_privates: { type: 'Metasploit::Credential::Password' }, workspace_id: myworkspace.id)
+      creds.each do |cred|
+        cred_collection.prepend_cred(cred.to_credential)
+      end
+    end
+    cred_collection
+  end
+
+
+
  # Checks all three files for usernames and passwords, and combines them into
  # one credential list to apply against the supplied block. The block (usually
  # something like do_login(user,pass) ) is responsible for actually recording
--- a/modules/auxiliary/scanner/afp/afp_login.rb
+++ b/modules/auxiliary/scanner/afp/afp_login.rb
@ -54,6 +54,8 @@ class Metasploit3 < Msf::Auxiliary
        user_as_pass: datastore['USER_AS_PASS'],
    )

+    cred_collection = prepend_db_passwords(cred_collection)
+
    scanner = Metasploit::Framework::LoginScanner::AFP.new(
        host: ip,
        port: rport,
--- a/modules/auxiliary/scanner/db2/db2_auth.rb
+++ b/modules/auxiliary/scanner/db2/db2_auth.rb
@ -52,6 +52,8 @@ class Metasploit3 < Msf::Auxiliary
        realm: datastore['DATABASE']
    )

+    cred_collection = prepend_db_passwords(cred_collection)
+
    scanner = Metasploit::Framework::LoginScanner::DB2.new(
        host: ip,
        port: rport,
--- a/modules/auxiliary/scanner/ftp/ftp_login.rb
+++ b/modules/auxiliary/scanner/ftp/ftp_login.rb
@ -66,6 +66,8 @@ class Metasploit3 < Msf::Auxiliary
        prepended_creds: anonymous_creds
    )

+    cred_collection = prepend_db_passwords(cred_collection)
+
    scanner = Metasploit::Framework::LoginScanner::FTP.new(
        host: ip,
        port: rport,
--- a/modules/auxiliary/scanner/http/axis_login.rb
+++ b/modules/auxiliary/scanner/http/axis_login.rb
@ -72,6 +72,8 @@ class Metasploit3 < Msf::Auxiliary
      user_as_pass: datastore['USER_AS_PASS'],
    )

+    cred_collection = prepend_db_passwords(cred_collection)
+
    scanner = Metasploit::Framework::LoginScanner::Axis2.new(
      host: ip,
      port: rport,
--- a/modules/auxiliary/scanner/http/http_login.rb
+++ b/modules/auxiliary/scanner/http/http_login.rb
@ -129,6 +129,8 @@ class Metasploit3 < Msf::Auxiliary
      user_as_pass: datastore['USER_AS_PASS'],
    )

+    cred_collection = prepend_db_passwords(cred_collection)
+
    scanner = Metasploit::Framework::LoginScanner::HTTP.new(
      host: ip,
      port: rport,
--- a/modules/auxiliary/scanner/http/tomcat_mgr_login.rb
+++ b/modules/auxiliary/scanner/http/tomcat_mgr_login.rb
@ -103,13 +103,17 @@ class Metasploit3 < Msf::Auxiliary
        user_as_pass: datastore['USER_AS_PASS'],
    )

+    cred_collection = prepend_db_passwords(cred_collection)
+
    scanner = Metasploit::Framework::LoginScanner::Tomcat.new(
        host: ip,
        port: rport,
        proxies: datastore['PROXIES'],
        cred_details: cred_collection,
        stop_on_success: datastore['STOP_ON_SUCCESS'],
-        connection_timeout: 10
+        connection_timeout: 10,
+        user_agent: datastore['UserAgent'],
+        vhost: datastore['VHOST']
    )

    scanner.scan! do |result|
--- a/modules/auxiliary/scanner/mssql/mssql_login.rb
+++ b/modules/auxiliary/scanner/mssql/mssql_login.rb
@ -43,6 +43,8 @@ class Metasploit3 < Msf::Auxiliary
        realm: datastore['DOMAIN']
    )

+    cred_collection = prepend_db_passwords(cred_collection)
+
    scanner = Metasploit::Framework::LoginScanner::MSSQL.new(
        host: ip,
        port: rport,
--- a/modules/auxiliary/scanner/mysql/mysql_login.rb
+++ b/modules/auxiliary/scanner/mysql/mysql_login.rb
@ -47,6 +47,8 @@ class Metasploit3 < Msf::Auxiliary
            user_as_pass: datastore['USER_AS_PASS'],
        )

+        cred_collection = prepend_db_passwords(cred_collection)
+
        scanner = Metasploit::Framework::LoginScanner::MySQL.new(
            host: ip,
            port: rport,
--- a/modules/auxiliary/scanner/pop3/pop3_login.rb
+++ b/modules/auxiliary/scanner/pop3/pop3_login.rb
@ -62,6 +62,8 @@ class Metasploit3 < Msf::Auxiliary
      user_as_pass: datastore['USER_AS_PASS'],
    )

+    cred_collection = prepend_db_passwords(cred_collection)
+
    scanner = Metasploit::Framework::LoginScanner::POP3.new(
      host: ip,
      port: rport,
--- a/modules/auxiliary/scanner/postgres/postgres_login.rb
+++ b/modules/auxiliary/scanner/postgres/postgres_login.rb
@ -60,6 +60,8 @@ class Metasploit3 < Msf::Auxiliary
        realm: datastore['DATABASE']
    )

+    cred_collection = prepend_db_passwords(cred_collection)
+
    scanner = Metasploit::Framework::LoginScanner::Postgres.new(
      host: ip,
      port: rport,
--- a/modules/auxiliary/scanner/smb/smb_login.rb
+++ b/modules/auxiliary/scanner/smb/smb_login.rb
@ -96,6 +96,9 @@ class Metasploit3 < Msf::Auxiliary
      realm: domain,
    )

+    cred_collection = prepend_db_passwords(cred_collection)
+    cred_collection = prepend_db_hashes(cred_collection)
+
    @scanner.cred_details = cred_collection

    @scanner.scan! do |result|
--- a/modules/auxiliary/scanner/ssh/ssh_login.rb
+++ b/modules/auxiliary/scanner/ssh/ssh_login.rb
@ -107,6 +107,8 @@ class Metasploit3 < Msf::Auxiliary
      user_as_pass: datastore['USER_AS_PASS'],
    )

+    cred_collection = prepend_db_passwords(cred_collection)
+
    scanner = Metasploit::Framework::LoginScanner::SSH.new(
      host: ip,
      port: rport,
--- a/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
+++ b/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
@ -196,6 +196,8 @@ class Metasploit3 < Msf::Auxiliary
      username: datastore['USERNAME'],
    )

+    keys = prepend_db_keys(keys)
+
    print_brute :level => :vstatus, :ip => ip, :msg => "Testing #{keys.key_data.count} keys"
    scanner = Metasploit::Framework::LoginScanner::SSH.new(
      host: ip,
@ -236,7 +238,7 @@ class Metasploit3 < Msf::Auxiliary

  end

-  class KeyCollection
+  class KeyCollection < Metasploit::Framework::CredentialCollection
    attr_accessor :key_data

    def initialize(opts={})
@ -272,6 +274,8 @@ class Metasploit3 < Msf::Auxiliary
    end

    def each
+      prepended_creds.each { |c| yield c }
+
      if @user_file.present?
        File.open(@user_file, 'rb') do |user_fd|
          user_fd.each_line do |user_from_file|
--- a/modules/auxiliary/scanner/telnet/telnet_login.rb
+++ b/modules/auxiliary/scanner/telnet/telnet_login.rb
@ -57,6 +57,8 @@ class Metasploit3 < Msf::Auxiliary
        user_as_pass: datastore['USER_AS_PASS'],
    )

+    cred_collection = prepend_db_passwords(cred_collection)
+
    scanner = Metasploit::Framework::LoginScanner::Telnet.new(
        host: ip,
        port: rport,
--- a/modules/auxiliary/scanner/vnc/vnc_login.rb
+++ b/modules/auxiliary/scanner/vnc/vnc_login.rb
@ -68,6 +68,8 @@ class Metasploit3 < Msf::Auxiliary
        user_as_pass: datastore['USER_AS_PASS']
    )

+    cred_collection = prepend_db_passwords(cred_collection)
+
    scanner = Metasploit::Framework::LoginScanner::VNC.new(
        host: ip,
        port: rport,
--- a/modules/auxiliary/scanner/winrm/winrm_login.rb
+++ b/modules/auxiliary/scanner/winrm/winrm_login.rb
@ -50,6 +50,9 @@ class Metasploit3 < Msf::Auxiliary
      user_as_pass: datastore['USER_AS_PASS'],
      realm: datastore['DOMAIN'],
    )
+
+    cred_collection = prepend_db_passwords(cred_collection)
+
    scanner = Metasploit::Framework::LoginScanner::WinRM.new(
      host: ip,
      port: rport,