diff --git a/modules/auxiliary/admin/hp/hp_imc_som_create_account.rb b/modules/auxiliary/admin/hp/hp_imc_som_create_account.rb index b0679fd163..2652246ade 100644 --- a/modules/auxiliary/admin/hp/hp_imc_som_create_account.rb +++ b/modules/auxiliary/admin/hp/hp_imc_som_create_account.rb @@ -68,32 +68,6 @@ class MetasploitModule < Msf::Auxiliary return nil end - def report_cred(opts) - service_data = { - address: opts[:ip], - port: opts[:port], - service_name: opts[:service_name], - protocol: 'tcp', - workspace_id: myworkspace_id - } - - credential_data = { - origin_type: :service, - module_fullname: fullname, - username: opts[:user], - private_data: opts[:password], - private_type: :password - }.merge(service_data) - - login_data = { - core: create_credential(credential_data), - status: Metasploit::Model::Login::Status::UNTRIED, - proof: opts[:proof] - }.merge(service_data) - - create_credential_login(login_data) - end - def run print_status("Trying to find the service desk service strong name...") @@ -255,14 +229,16 @@ class MetasploitModule < Msf::Auxiliary login_url = ssl ? "https://" : "http://" login_url << "#{rhost}:#{rport}/servicedesk/ServiceDesk.jsp" - report_cred( - ip: rhost, - port: rport, - service_name: (ssl ? "https" : "http"), - user: datastore['USERNAME'], - password: datastore['PASSWORD'], - proof: "#{login_url}\n#{res.body}" - ) + connection_details = { + module_fullname: self.fullname, + username: datastore['USERNAME'], + private_data: datastore['PASSWORD'], + private_type: :password, + workspace_id: myworkspace_id, + proof: "#{login_url}\n#{res.body}", + status: Metasploit::Model::Login::Status::UNTRIED + }.merge(service_details) + create_credential_and_login(connection_details) print_good("Account #{datastore["USERNAME"]}/#{datastore["PASSWORD"]} created successfully.") print_status("Use it to log into #{login_url}") diff --git a/modules/auxiliary/admin/http/dlink_dir_645_password_extractor.rb b/modules/auxiliary/admin/http/dlink_dir_645_password_extractor.rb index d387f35353..b35d7529c3 100644 --- a/modules/auxiliary/admin/http/dlink_dir_645_password_extractor.rb +++ b/modules/auxiliary/admin/http/dlink_dir_645_password_extractor.rb @@ -30,34 +30,6 @@ class MetasploitModule < Msf::Auxiliary ) end - - def report_cred(opts) - service_data = { - address: opts[:ip], - port: opts[:port], - service_name: opts[:service_name], - protocol: 'tcp', - workspace_id: myworkspace_id - } - - credential_data = { - origin_type: :service, - module_fullname: fullname, - username: opts[:user], - private_data: opts[:password], - private_type: :password - }.merge(service_data) - - login_data = { - core: create_credential(credential_data), - status: Metasploit::Model::Login::Status::UNTRIED, - proof: opts[:proof] - }.merge(service_data) - - create_credential_login(login_data) - end - - def run vprint_status("#{rhost}:#{rport} - Trying to access the configuration of the device") @@ -97,6 +69,19 @@ class MetasploitModule < Msf::Auxiliary vprint_good("user: #{@user}") vprint_good("pass: #{pass}") + + connection_details = { + module_fullname: self.fullname, + username: @user, + private_data: pass, + private_type: :password, + workspace_id: myworkspace_id, + proof: line, + last_attempted_at: DateTime.now, # kept in refactor may not be valid, obtained but do not attempted here + status: Metasploit::Model::Login::Status::UNTRIED + }.merge(service_details) + create_credential_and_login(connection_details) + report_cred( ip: rhost, port: rport, diff --git a/modules/auxiliary/admin/http/dlink_dsl320b_password_extractor.rb b/modules/auxiliary/admin/http/dlink_dsl320b_password_extractor.rb index 9cbfa6c1bb..44333a52b1 100644 --- a/modules/auxiliary/admin/http/dlink_dsl320b_password_extractor.rb +++ b/modules/auxiliary/admin/http/dlink_dsl320b_password_extractor.rb @@ -28,32 +28,6 @@ class MetasploitModule < Msf::Auxiliary ) end - def report_cred(opts) - service_data = { - address: opts[:ip], - port: opts[:port], - service_name: opts[:service_name], - protocol: 'tcp', - workspace_id: myworkspace_id - } - - credential_data = { - origin_type: :service, - module_fullname: fullname, - username: opts[:user], - private_data: opts[:password], - private_type: :password - }.merge(service_data) - - login_data = { - core: create_credential(credential_data), - status: Metasploit::Model::Login::Status::UNTRIED, - proof: opts[:proof] - }.merge(service_data) - - create_credential_login(login_data) - end - def run vprint_status("#{rhost}:#{rport} - Trying to access the configuration of the device") @@ -91,14 +65,18 @@ class MetasploitModule < Msf::Auxiliary pass = $1 pass = Rex::Text.decode_base64(pass) print_good("#{rhost}:#{rport} - Credentials found: #{user} / #{pass}") - report_cred( - ip: rhost, - port: rport, - sname: 'http', - user: user, - password: pass, - proof: line - ) + + connection_details = { + module_fullname: self.fullname, + username: user, + private_data: pass, + private_type: :password, + workspace_id: myworkspace_id, + proof: line, + status: Metasploit::Model::Login::Status::UNTRIED + }.merge(service_details) + create_credential_and_login(connection_details) + end end end diff --git a/modules/auxiliary/admin/http/kaseya_master_admin.rb b/modules/auxiliary/admin/http/kaseya_master_admin.rb index 7365629d0e..fd257c6c45 100644 --- a/modules/auxiliary/admin/http/kaseya_master_admin.rb +++ b/modules/auxiliary/admin/http/kaseya_master_admin.rb @@ -75,30 +75,16 @@ class MetasploitModule < Msf::Auxiliary end print_good("Master Administrator account with credentials #{datastore['KASEYA_USER']}:#{datastore['KASEYA_PASS']} created") - service_data = { - address: rhost, - port: rport, - service_name: (ssl ? 'https' : 'http'), - protocol: 'tcp', - workspace_id: myworkspace_id - } - credential_data = { - origin_type: :service, - module_fullname: self.fullname, - private_type: :password, - private_data: datastore['KASEYA_PASS'], - username: datastore['KASEYA_USER'] - } - - credential_data.merge!(service_data) - credential_core = create_credential(credential_data) - login_data = { - core: credential_core, - access_level: 'Master Administrator', - status: Metasploit::Model::Login::Status::UNTRIED - } - login_data.merge!(service_data) - create_credential_login(login_data) + connection_details = { + module_fullname: self.fullname, + username: datastore['KASEYA_USER'], + private_data: datastore['KASEYA_PASS'], + private_type: :password, + workspace_id: myworkspace_id, + access_level: 'Master Administrator', + status: Metasploit::Model::Login::Status::UNTRIED + }.merge(service_details) + create_credential_and_login(connection_details) end end diff --git a/modules/auxiliary/admin/http/manage_engine_dc_create_admin.rb b/modules/auxiliary/admin/http/manage_engine_dc_create_admin.rb index ab6b76eada..a99f2320fc 100644 --- a/modules/auxiliary/admin/http/manage_engine_dc_create_admin.rb +++ b/modules/auxiliary/admin/http/manage_engine_dc_create_admin.rb @@ -66,29 +66,15 @@ class MetasploitModule < Msf::Auxiliary end print_good("Created Administrator account with credentials #{datastore['USERNAME']}:#{datastore['PASSWORD']}") - service_data = { - address: rhost, - port: rport, - service_name: (ssl ? 'https' : 'http'), - protocol: 'tcp', - workspace_id: myworkspace_id - } - credential_data = { - origin_type: :service, - module_fullname: self.fullname, - private_type: :password, - private_data: datastore['PASSWORD'], - username: datastore['USERNAME'] - } - - credential_data.merge!(service_data) - credential_core = create_credential(credential_data) - login_data = { - core: credential_core, - access_level: 'Administrator', - status: Metasploit::Model::Login::Status::UNTRIED - } - login_data.merge!(service_data) - create_credential_login(login_data) + connection_details = { + module_fullname: self.fullname, + username: datastore['USERNAME'], + private_data: datastore['PASSWORD'], + private_type: :password, + workspace_id: myworkspace_id, + access_level: 'Administrator', + status: Metasploit::Model::Login::Status::UNTRIED + }.merge(service_details) + create_credential_and_login(connection_details) end end diff --git a/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb b/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb index 9be0557ef9..1fc668f87a 100644 --- a/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb +++ b/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb @@ -239,41 +239,14 @@ class MetasploitModule < Msf::Auxiliary end print_status("Reporting Super Administrator credentials...") - report_super_admin_creds(username, password) + store_valid_credentail(user: username, private: password) print_status("Leaking Password database...") loot_passwords(cookie_su) end - def report_super_admin_creds(username, password) - status = Metasploit::Model::Login::Status::SUCCESSFUL - - service_data = { - address: rhost, - port: rport, - service_name: 'https', - protocol: 'tcp', - workspace_id: myworkspace_id - } - - credential_data = { - origin_type: :service, - module_fullname: self.fullname, - private_type: :password, - private_data: username, - username: password - } - - credential_data.merge!(service_data) - credential_core = create_credential(credential_data) - login_data = { - core: credential_core, - access_level: 'Super Administrator', - status: status, - last_attempted_at: DateTime.now - } - login_data.merge!(service_data) - create_credential_login(login_data) + def service_details + super.merge({access_level: 'Super Administrator'}) end def loot_passwords(cookie_admin) diff --git a/modules/auxiliary/admin/http/netgear_auth_download.rb b/modules/auxiliary/admin/http/netgear_auth_download.rb index 304904203f..e2149ea4f5 100644 --- a/modules/auxiliary/admin/http/netgear_auth_download.rb +++ b/modules/auxiliary/admin/http/netgear_auth_download.rb @@ -148,45 +148,13 @@ class MetasploitModule < Msf::Auxiliary print_good("File saved in: #{path}") end - def report_cred(opts) - service_data = { - address: rhost, - port: rport, - service_name: 'netgear', - protocol: 'tcp', - workspace_id: myworkspace_id - } - - credential_data = { - origin_type: :service, - module_fullname: fullname, - username: opts[:user], - private_data: opts[:password], - private_type: :password - }.merge(service_data) - - login_data = { - last_attempted_at: DateTime.now, - core: create_credential(credential_data), - status: Metasploit::Model::Login::Status::SUCCESSFUL, - proof: opts[:proof] - }.merge(service_data) - - create_credential_login(login_data) - end - - def run cookie = authenticate if cookie == nil fail_with(Failure::Unknown, "#{peer} - Failed to log in with the provided credentials.") else print_good("#{peer} - Logged in with #{datastore['USERNAME']}:#{datastore['PASSWORD']} successfully.") - report_cred( - user: datastore['USERNAME'], - password: datastore['PASSWORD'], - proof: cookie - ) + store_valid_credential(user: datastore['USERNAME'], private: datastore['PASSWORD'], proof: cookie) # more consistent service_name and protocol end if datastore['FILEPATH'].blank? diff --git a/modules/auxiliary/admin/http/netgear_soap_password_extractor.rb b/modules/auxiliary/admin/http/netgear_soap_password_extractor.rb index 2700cbb305..59d07d6ce6 100644 --- a/modules/auxiliary/admin/http/netgear_soap_password_extractor.rb +++ b/modules/auxiliary/admin/http/netgear_soap_password_extractor.rb @@ -130,33 +130,14 @@ class MetasploitModule < Msf::Auxiliary pass = $1 print_good("admin / #{pass} credentials found") - service_data = { - address: rhost, - port: rport, - service_name: 'http', - protocol: 'tcp', - workspace_id: myworkspace_id - } - - credential_data = { + connection_details = { module_fullname: self.fullname, - origin_type: :service, private_data: pass, private_type: :password, - username: 'admin' - } - - credential_data.merge!(service_data) - - credential_core = create_credential(credential_data) - - login_data = { - core: credential_core, + username: 'admin', status: Metasploit::Model::Login::Status::UNTRIED - } - login_data.merge!(service_data) - - create_credential_login(login_data) + }.merge(service_details) + create_credential_and_login(connection_details) end end diff --git a/modules/auxiliary/admin/http/netgear_wnr2000_pass_recovery.rb b/modules/auxiliary/admin/http/netgear_wnr2000_pass_recovery.rb index 5fe91006db..34a2ff312b 100644 --- a/modules/auxiliary/admin/http/netgear_wnr2000_pass_recovery.rb +++ b/modules/auxiliary/admin/http/netgear_wnr2000_pass_recovery.rb @@ -148,33 +148,6 @@ class MetasploitModule < Msf::Auxiliary return [username, password] end - def report_cred(opts) - service_data = { - address: opts[:ip], - port: opts[:port], - service_name: 'netgear', - protocol: 'tcp', - workspace_id: myworkspace_id - } - - credential_data = { - origin_type: :service, - module_fullname: fullname, - username: opts[:user], - private_data: opts[:password], - private_type: :password - }.merge(service_data) - - login_data = { - last_attempted_at: DateTime.now, - core: create_credential(credential_data), - status: Metasploit::Model::Login::Status::SUCCESSFUL, - proof: opts[:proof] - }.merge(service_data) - - create_credential_login(login_data) - end - def send_req(timestamp) begin query_str = (timestamp == nil ? \ @@ -241,7 +214,7 @@ class MetasploitModule < Msf::Auxiliary if res && res.code == 200 credentials = get_creds print_good("#{peer} - Success! Got admin username \"#{credentials[0]}\" and password \"#{credentials[1]}\"") - report_cred({ 'user' => credentials[0], 'password' => credentials[1] }) + store_valid_credential(user: credentials[0], private: credentials[1]) # more consistent service_name and protocol, now supplies ip and port return end end diff --git a/modules/auxiliary/admin/http/nexpose_xxe_file_read.rb b/modules/auxiliary/admin/http/nexpose_xxe_file_read.rb index f8f388ef84..2cd70c5f6d 100644 --- a/modules/auxiliary/admin/http/nexpose_xxe_file_read.rb +++ b/modules/auxiliary/admin/http/nexpose_xxe_file_read.rb @@ -43,36 +43,10 @@ class MetasploitModule < Msf::Auxiliary ]) end - def report_cred(opts) - service_data = { - address: opts[:ip], - port: opts[:port], - service_name: opts[:service_name], - protocol: 'tcp', - workspace_id: myworkspace_id - } - - credential_data = { - origin_type: :service, - module_fullname: fullname, - username: opts[:user], - private_data: opts[:password], - private_type: :password - }.merge(service_data) - - login_data = { - core: create_credential(credential_data), - status: Metasploit::Model::Login::Status::UNTRIED - }.merge(service_data) - - create_credential_login(login_data) - end - def run user = datastore['USERNAME'] pass = datastore['PASSWORD'] trust_store = datastore['TRUST_STORE'] - prot = ssl ? 'https' : 'http' nsc = Nexpose::Connection.new(rhost, user, pass, rport, nil, nil, trust_store) @@ -80,13 +54,14 @@ class MetasploitModule < Msf::Auxiliary begin nsc.login - report_cred( - ip: rhost, - port: rport, - service_name: prot, - user: user, - password: pass - ) + connection_details = { + module_fullname: self.fullname, + username: user, + private_data: pass, + private_type: :password, + status: Metasploit::Model::Login::Status::UNTRIED + }.merge(service_details) + create_credential_and_login(connection_details) rescue print_error("Error authenticating, check your credentials") diff --git a/modules/auxiliary/admin/http/sysaid_admin_acct.rb b/modules/auxiliary/admin/http/sysaid_admin_acct.rb index 3a92ec2a19..1b7d4bb6dd 100644 --- a/modules/auxiliary/admin/http/sysaid_admin_acct.rb +++ b/modules/auxiliary/admin/http/sysaid_admin_acct.rb @@ -54,30 +54,17 @@ class MetasploitModule < Msf::Auxiliary if res && res.code == 200 && res.body.to_s =~ /Error while creating account/ # No way to know whether this worked or not, it always says error print_status("The new administrator #{datastore['USERNAME']}:#{datastore['PASSWORD']} should be checked manually") - service_data = { - address: rhost, - port: rport, - service_name: (ssl ? 'https' : 'http'), - protocol: 'tcp', - workspace_id: myworkspace_id - } - credential_data = { - origin_type: :service, - module_fullname: self.fullname, - private_type: :password, - private_data: datastore['PASSWORD'], - username: datastore['USERNAME'] - } - credential_data.merge!(service_data) - credential_core = create_credential(credential_data) - login_data = { - core: credential_core, - access_level: 'Administrator', - status: Metasploit::Model::Login::Status::UNTRIED - } - login_data.merge!(service_data) - create_credential_login(login_data) + connection_details = { + module_fullname: self.fullname, + username: datastore['USERNAME'], + private_data: datastore['PASSWORD'], + private_type: :password, + access_level: 'Administrator', + status: Metasploit::Model::Login::Status::UNTRIED + }.merge(service_details) + create_credential_and_login(connection_details) + else print_error("Administrator account creation failed") end diff --git a/modules/auxiliary/admin/http/sysaid_sql_creds.rb b/modules/auxiliary/admin/http/sysaid_sql_creds.rb index ee9ecc92be..3ebc2db67f 100644 --- a/modules/auxiliary/admin/http/sysaid_sql_creds.rb +++ b/modules/auxiliary/admin/http/sysaid_sql_creds.rb @@ -121,20 +121,12 @@ class MetasploitModule < Msf::Auxiliary return end else - fail_with(Failure::NotVulnerable, "#{peer} - Failed to obtain database credentials, response was: #{res.code}") + fail_with(Failure::NotVulnerable, "#{peer} - Failed to obtain database credentials, response was: #{res ? res.code : 'unknown'}") end end - def report_credential_core(cred_opts={}) - origin_service_data = { - address: rhost, - port: rport, - service_name: (ssl ? 'https' : 'http'), - protocol: 'tcp', - workspace_id: myworkspace_id - } - + # use a basic core only since this credential is not known valid for service it was obtained from. credential_data = { origin_type: :service, module_fullname: self.fullname, @@ -142,8 +134,6 @@ class MetasploitModule < Msf::Auxiliary private_data: cred_opts[:password], username: cred_opts[:username] } - - credential_data.merge!(origin_service_data) create_credential(credential_data) end end diff --git a/modules/auxiliary/admin/http/vbulletin_upgrade_admin.rb b/modules/auxiliary/admin/http/vbulletin_upgrade_admin.rb index 0a124efb4d..9f68f3ee42 100644 --- a/modules/auxiliary/admin/http/vbulletin_upgrade_admin.rb +++ b/modules/auxiliary/admin/http/vbulletin_upgrade_admin.rb @@ -47,33 +47,6 @@ class MetasploitModule < Msf::Auxiliary datastore["PASSWORD"] end - def report_cred(opts) - service_data = { - address: opts[:ip], - port: opts[:port], - service_name: opts[:service_name], - protocol: 'tcp', - workspace_id: myworkspace_id - } - - credential_data = { - origin_type: :service, - module_fullname: fullname, - username: opts[:user], - private_data: opts[:password], - private_type: :password - }.merge(service_data) - - login_data = { - core: create_credential(credential_data), - status: Metasploit::Model::Login::Status::UNTRIED, - proof: opts[:proof] - }.merge(service_data) - - create_credential_login(login_data) - end - - def run if user == pass @@ -109,14 +82,15 @@ class MetasploitModule < Msf::Auxiliary if res and res.code == 200 and res.body =~ /Administrator account created/ print_good("Admin account with credentials #{user}:#{pass} successfully created") - report_cred( - ip: rhost, - port: rport, - service_name: 'http', - user: user, - password: pass, - proof: res.body - ) + connection_details = { + module_fullname: self.fullname, + username: user, + private_data: pass, + private_type: :password, + status: Metasploit::Model::Login::Status::UNTRIED, + proof: res.body + }.merge(service_details) + create_credential_and_login(connection_details) else print_error("Admin account creation failed") end diff --git a/modules/auxiliary/admin/http/webnms_cred_disclosure.rb b/modules/auxiliary/admin/http/webnms_cred_disclosure.rb index aac40a960f..b5f7e6eaba 100644 --- a/modules/auxiliary/admin/http/webnms_cred_disclosure.rb +++ b/modules/auxiliary/admin/http/webnms_cred_disclosure.rb @@ -102,7 +102,14 @@ Windows and Linux. if password && username plaintext_password = super_redacted_deobfuscation(password) cred_table << [ username, plaintext_password ] - register_creds(username, plaintext_password) + connection_details = { + module_fullname: self.fullname, + username: username, + private_data: plaintext_password, + private_type: :password, + status: Metasploit::Model::Login::Status::UNTRIED + }.merge(service_details) + create_credential_and_login(connection_details) end } @@ -242,34 +249,7 @@ Windows and Linux. final end - def register_creds(username, password) - credential_data = { - origin_type: :service, - module_fullname: self.fullname, - workspace_id: myworkspace_id, - private_data: password, - private_type: :password, - username: username - } - - service_data = { - address: rhost, - port: rport, - service_name: 'WebNMS-' + (ssl ? 'HTTPS' : 'HTTP'), - protocol: 'tcp', - workspace_id: myworkspace_id - } - - credential_data.merge!(service_data) - credential_core = create_credential(credential_data) - - login_data = { - core: credential_core, - status: Metasploit::Model::Login::Status::UNTRIED, - workspace_id: myworkspace_id - } - - login_data.merge!(service_data) - create_credential_login(login_data) + def service_details + super.merge({service_name: 'WebNMS-' + (ssl ? 'HTTPS' : 'HTTP')}) # this should possibly be removed end end diff --git a/modules/auxiliary/admin/http/wp_symposium_sql_injection.rb b/modules/auxiliary/admin/http/wp_symposium_sql_injection.rb index 21c058770d..1665dba3ea 100644 --- a/modules/auxiliary/admin/http/wp_symposium_sql_injection.rb +++ b/modules/auxiliary/admin/http/wp_symposium_sql_injection.rb @@ -63,32 +63,6 @@ class MetasploitModule < Msf::Auxiliary end end - def report_cred(opts) - service_data = { - address: opts[:ip], - port: opts[:port], - service_name: opts[:service_name], - protocol: 'tcp', - workspace_id: myworkspace_id - } - - credential_data = { - origin_type: :service, - module_fullname: fullname, - username: opts[:user], - private_data: opts[:password], - private_type: :nonreplayable_hash, - }.merge(service_data) - - login_data = { - core: create_credential(credential_data), - status: Metasploit::Model::Login::Status::UNTRIED, - proof: opts[:proof] - }.merge(service_data) - - create_credential_login(login_data) - end - def run vprint_status("#{peer} - Attempting to connect...") vprint_status("#{peer} - Trying to retrieve the first user id...") @@ -127,14 +101,15 @@ class MetasploitModule < Msf::Auxiliary user_email = values[2] print_good("#{peer} - #{sprintf("%-15s %-34s %s", user_login, user_pass, user_email)}") - report_cred( - ip: rhost, - port: datastore['RPORT'], - service_name: datastore['SSL'] ? 'https' : 'http', - user: user_login, - password: user_pass, - proof: user_email - ) + connection_details = { + module_fullname: self.fullname, + username: user_login, + private_data: user_pass, + private_type: :nonreplayable_hash, + status: Metasploit::Model::Login::Status::UNTRIED, + proof: user_email + }.merge(service_details) + create_credential(connection_details) credentials << "#{user_login},#{user_pass},#{user_email}\n" end diff --git a/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb b/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb index b210c950da..8c2889790a 100644 --- a/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb +++ b/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb @@ -30,32 +30,6 @@ class MetasploitModule < Msf::Auxiliary ) end - def report_cred(opts) - service_data = { - address: opts[:ip], - port: opts[:port], - service_name: opts[:service_name], - protocol: 'tcp', - workspace_id: myworkspace_id - } - - credential_data = { - origin_type: :service, - module_fullname: fullname, - username: opts[:user], - private_data: opts[:password], - private_type: :password - }.merge(service_data) - - login_data = { - core: create_credential(credential_data), - status: Metasploit::Model::Login::Status::UNTRIED, - proof: opts[:proof] - }.merge(service_data) - - create_credential_login(login_data) - end - def run begin print_status("Trying to get 'admin' user password ...") @@ -86,14 +60,15 @@ class MetasploitModule < Msf::Auxiliary admin_password = admin_password_matches[1]; print_good("Password for user 'admin' is: #{admin_password}") - report_cred( - ip: rhost, - port: rport, - service_name: 'ZyXEL GS1510-16', - user: 'admin', - password: admin_password, - proof: res.body - ) + connection_details = { + module_fullname: self.fullname, + username: 'admin', + private_data: admin_password, + private_type: :password, + status: Metasploit::Model::Login::Status::UNTRIED, + proof: res.body + }.merge(service_details) + create_credential_and_login(connection_details) # makes service_name more consistent end rescue ::Rex::ConnectionError print_error("#{rhost}:#{rport} - Failed to connect")