From 534c20d5e6ad0555d640c5d09d282006f3c03af2 Mon Sep 17 00:00:00 2001
From: David Maloney <DMaloney@rapid7.com>
Date: Fri, 6 Jun 2014 15:21:47 -0500
Subject: [PATCH] refactor linux hashdump post module

linux hashdump now saves hashes as nonreplayable hash
credential objects
---
 modules/post/linux/gather/hashdump.rb | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/modules/post/linux/gather/hashdump.rb b/modules/post/linux/gather/hashdump.rb
index 7c8497bf63..fcfd77e9e0 100644
--- a/modules/post/linux/gather/hashdump.rb
+++ b/modules/post/linux/gather/hashdump.rb
@@ -38,6 +38,19 @@ class Metasploit3 < Msf::Post
       # Unshadow the files
       john_file = unshadow(passwd_file, shadow_file)
       john_file.each_line do |l|
+        hash_parts = l.split(':')
+
+        credential_data = {
+            jtr_format: 'md5,des,bsdi,crypt',
+            origin_type: :session,
+            post_reference_name: self.refname,
+            private_type: :nonreplayable_hash,
+            private_data: hash_parts[1],
+            session_id: session_db_id,
+            username: hash_parts[0],
+            workspace_id: myworkspace_id
+        }
+        create_credential(credential_data)
         print_good(l.chomp)
       end
       # Save pwd file