refactor mssql_hashdump

refactor mssql_hashdump to use Metasploit:Credential
2014-06-03 15:02:59 -05:00 · 2014-06-03 15:02:59 -05:00 · d3949b3d6c
parent 34004908bb
commit d3949b3d6c
3 changed files with 38 additions and 11 deletions
--- a/2
+++ b/2
@ -27,7 +27,7 @@ group :db do
  # Needed for Msf::DbManager
  gem 'activerecord', '>= 3.0.0', '< 4.0.0'
  # Metasploit::Creential database models
-  gem 'metasploit-credential', git: 'github-metasploit-credential:rapid7/metasploit-credential.git', tag: 'v0.1.8-metasploit-credential'
+  gem 'metasploit-credential', git: 'github-metasploit-credential:rapid7/metasploit-credential.git', tag: 'v0.1.10-metasploit-credential'
  # Database models shared between framework and Pro.
  gem 'metasploit_data_models', '~> 0.17.1'
  # Needed for module caching in Mdm::ModuleDetails
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -1,9 +1,9 @@
 GIT
  remote: github-metasploit-credential:rapid7/metasploit-credential.git
-  revision: 2be17e6327b4a5caa9a22ffc0b064923a25a222c
-  tag: v0.1.8-metasploit-credential
+  revision: 728ab82ab069edb21815fa944c1b8224b0511376
+  tag: v0.1.10-metasploit-credential
  specs:
-    metasploit-credential (0.1.8.pre.electro.pre.release)
+    metasploit-credential (0.1.10.pre.electro.pre.release)
      metasploit-concern (~> 0.0.4)
      metasploit_data_models (~> 0.17.0)
      rubyntlm
--- a/modules/auxiliary/scanner/mssql/mssql_hashdump.rb
+++ b/modules/auxiliary/scanner/mssql/mssql_hashdump.rb
@ -55,10 +55,10 @@ class Metasploit3 < Msf::Auxiliary

    case version_year
    when "2000"
-      hashtype = "mssql.hashes"
+      hashtype = "mssql"

-    when "2005", "2008"
-      hashtype = "mssql05.hashes"
+    when "2005", "2008", "2012", "2014"
+      hashtype = "mssql05"
    end

    this_service = report_service(
@ -74,15 +74,42 @@ class Metasploit3 < Msf::Auxiliary
      'Columns' => ['Username', 'Hash']
    )

-    hash_loot=""
+    service_data = {
+        address: ::Rex::Socket.getaddress(rhost,true),
+        port: rport,
+        service_name: 'mssql',
+        protocol: 'tcp',
+        workspace_id: myworkspace_id
+    }
+
    mssql_hashes.each do |row|
      next if row[0].nil? or row[1].nil?
      next if row[0].empty? or row[1].empty?
+
+      credential_data = {
+          module_fullname: self.fullname,
+          origin_type: :service,
+          private_type: :nonreplayable_hash,
+          private_data: row[1],
+          username: row[0],
+          jtr_format: hashtype
+      }
+
+      credential_data.merge!(service_data)
+
+      credential_core = create_credential(credential_data)
+
+      login_data = {
+        core: credential_core,
+        status: Metasploit::Credential::Login::Status::UNTRIED
+      }
+
+      login_data.merge!(service_data)
+      login = create_credential_login(login_data)
+
      tbl << [row[0], row[1]]
      print_good("#{rhost}:#{rport} - Saving #{hashtype} = #{row[0]}:#{row[1]}")
    end
-    filename= "#{datastore['RHOST']}-#{datastore['RPORT']}_sqlhashes.txt"
-    store_loot(hashtype, "text/plain", datastore['RHOST'], tbl.to_csv, filename, "MS SQL Hashes", this_service)
  end

  #Grabs the user tables depending on what Version of MSSQL
@ -99,7 +126,7 @@ class Metasploit3 < Msf::Auxiliary
    when "2000"
      results = mssql_query(mssql_2k_password_hashes())[:rows]

-    when "2005", "2008"
+    when "2005", "2008", "2012", "2014"
      results = mssql_query(mssql_2k5_password_hashes())[:rows]
    end