convert store_valid_credential to named params

2017-05-05 18:23:15 -05:00 · 2017-05-05 18:23:15 -05:00 · e2fe70d531
parent 3bc4ac68dc
commit e2fe70d531
16 changed files with 21 additions and 25 deletions
--- a/lib/msf/core/module/auth.rb
+++ b/lib/msf/core/module/auth.rb
@ -1,5 +1,5 @@
 module Msf::Module::Auth
-  def store_valid_credential(user, private, private_type, proof = nil)
+  def store_valid_credential(user:, private:, private_type: :password, proof: nil)
    service_data = {}
    if self.respond_to? ("service_details")
      service_data = service_details
--- a/modules/auxiliary/admin/http/wp_custom_contact_forms.rb
+++ b/modules/auxiliary/admin/http/wp_custom_contact_forms.rb
@ -113,7 +113,7 @@ class MetasploitModule < Msf::Auxiliary
    # login successful
    if cookie
      print_status("User #{username} with password #{password} successfully created")
-      store_valid_credential(username, password, :password, cookie)
+      store_valid_credential(user: username, private: password, proof: cookie)
    else
      print_error("User creation failed")
      return
--- a/modules/auxiliary/admin/http/wp_easycart_privilege_escalation.rb
+++ b/modules/auxiliary/admin/http/wp_easycart_privilege_escalation.rb
@ -78,7 +78,7 @@ class MetasploitModule < Msf::Auxiliary
      print_error("Failed to authenticate with WordPress")
      return
    end
-    store_valid_credential(username, password, :password, cookie)
+    store_valid_credential(user: username, private: password, proof: cookie)
    print_good("Authenticated with WordPress")

    new_email = "#{Rex::Text.rand_text_alpha(5)}@#{Rex::Text.rand_text_alpha(5)}.com"
--- a/modules/auxiliary/admin/http/wp_wplms_privilege_escalation.rb
+++ b/modules/auxiliary/admin/http/wp_wplms_privilege_escalation.rb
@ -98,7 +98,7 @@ class MetasploitModule < Msf::Auxiliary
    print_status("Authenticating with WordPress using #{username}:#{password}...")
    cookie = wordpress_login(username, password)
    fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil?
-    store_valid_credential(username, password, :password, cookie)
+    store_valid_credential(user: username, private: password, proof: cookie)
    print_good("Authenticated with WordPress")

    new_email = "#{Rex::Text.rand_text_alpha(5)}@#{Rex::Text.rand_text_alpha(5)}.com"
--- a/modules/auxiliary/dos/http/wordpress_long_password_dos.rb
+++ b/modules/auxiliary/dos/http/wordpress_long_password_dos.rb
@ -84,7 +84,7 @@ class MetasploitModule < Msf::Auxiliary
    exists = wordpress_user_exists?(user)
    if exists
      print_good("Username \"#{username}\" is valid")
-      store_valid_credential(user, nil, :password, "WEBAPP=\"Wordpress\", VHOST=#{vhost}")
+      store_valid_credential(user: user, private: nil, proof: "WEBAPP=\"Wordpress\", VHOST=#{vhost}")
      return true
    else
      print_error("\"#{user}\" is not a valid username")
--- a/modules/auxiliary/scanner/http/cisco_ironport_enum.rb
+++ b/modules/auxiliary/scanner/http/cisco_ironport_enum.rb
@ -150,7 +150,7 @@ class MetasploitModule < Msf::Auxiliary
      if res and res.get_cookies.include?('authenticated=')
        print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")

-        store_valid_credential(user, pass, :password, res.get_cookies.inspect)
+        store_valid_credential(user: user, private: pass, proof: res.get_cookies.inspect)
        return :next_user

      else
--- a/modules/auxiliary/scanner/http/wordpress_login_enum.rb
+++ b/modules/auxiliary/scanner/http/wordpress_login_enum.rb
@ -110,7 +110,8 @@ class MetasploitModule < Msf::Auxiliary
        module_fullname: fullname,
        origin_type: :service,
        last_attempted_at: DateTime.now,
-        status: Metasploit::Model::Login::Status::SUCCESSFUL
+        # infer status from state when called
+        status: (@validate_only ? Metasploit::Model::Login::Status::UNTRIED : Metasploit::Model::Login::Status::SUCCESSFUL)
    }
  end

@ -120,14 +121,9 @@ class MetasploitModule < Msf::Auxiliary
    exists = wordpress_user_exists?(user)
    if exists
      print_good("#{target_uri} - WordPress User-Validation - Username: '#{user}' - is VALID")
-
-      report_cred(
-        ip: rhost,
-        port: rport,
-        user: user,
-        status: Metasploit::Model::Login::Status::UNTRIED
-      )
-
+      @validate_only = true
+      store_valid_credential(user: user, private: nil)
+      @validate_only = false
      @users_found[user] = :reported
      return :next_user
    else
@ -145,7 +141,7 @@ class MetasploitModule < Msf::Auxiliary
    if cookie
      print_good("#{target_uri} - WordPress Brute Force - SUCCESSFUL login for '#{user}' : '#{pass}'")

-      store_valid_credential(user, pass, :password, cookie)
+      store_valid_credential(user: user, private: pass, proof: cookie)

      return :next_user
    else
--- a/modules/auxiliary/scanner/http/wp_nextgen_galley_file_read.rb
+++ b/modules/auxiliary/scanner/http/wp_nextgen_galley_file_read.rb
@ -98,7 +98,7 @@ class MetasploitModule < Msf::Auxiliary
      print_error("Unable to login as: #{user}")
      return
    end
-    store_valid_credential(user, password, :password, cookie)
+    store_valid_credential(user: user, private: password, proof: cookie)

    vprint_status("Trying to get nonce...")
    nonce = get_nonce(cookie)
--- a/modules/auxiliary/scanner/http/wp_subscribe_comments_file_read.rb
+++ b/modules/auxiliary/scanner/http/wp_subscribe_comments_file_read.rb
@ -120,7 +120,7 @@ class MetasploitModule < Msf::Auxiliary
      print_error("Unable to login as: #{user}")
      return
    end
-    store_valid_credential(user, password, :password, cookie)
+    store_valid_credential(user: user, private: password, proof: cookie)

    vprint_status("Trying to get nonce...")
    nonce = get_nonce(cookie)
--- a/modules/exploits/unix/webapp/wp_admin_shell_upload.rb
+++ b/modules/exploits/unix/webapp/wp_admin_shell_upload.rb
@ -71,7 +71,7 @@ class MetasploitModule < Msf::Exploit::Remote
    cookie = wordpress_login(username, password)
    fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil?
    print_good("Authenticated with WordPress")
-    store_valid_credential(username, password, :password, cookie)
+    store_valid_credential(user: username, private: password, proof: cookie)

    print_status("Preparing payload...")
    plugin_name = Rex::Text.rand_text_alpha(10)
--- a/modules/exploits/unix/webapp/wp_ajax_load_more_file_upload.rb
+++ b/modules/exploits/unix/webapp/wp_ajax_load_more_file_upload.rb
@ -77,7 +77,7 @@ class MetasploitModule < Msf::Exploit::Remote
    vprint_status("Trying to login as #{username}")
    cookie = wordpress_login(username, password)
    fail_with(Failure::NoAccess, "#{peer} - Unable to login as: #{username}") if cookie.nil?
-    store_valid_credential(username, password, :password, cookie)
+    store_valid_credential(user: username, private: password, proof: cookie)

    vprint_status("Trying to get nonce")
    nonce = get_nonce(cookie)
--- a/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb
+++ b/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb
@ -128,7 +128,7 @@ class MetasploitModule < Msf::Exploit::Remote
        end
      else
        print_good("Authenticated with WordPress")
-        store_valid_credential(username, password, :password, cookie)
+        store_valid_credential(user: username, private: password, proof: cookie)
      end
    end

--- a/modules/exploits/unix/webapp/wp_photo_gallery_unrestricted_file_upload.rb
+++ b/modules/exploits/unix/webapp/wp_photo_gallery_unrestricted_file_upload.rb
@ -75,7 +75,7 @@ class MetasploitModule < Msf::Exploit::Remote
    cookie = wordpress_login(username, password)
    fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil?
    print_good("Authenticated with WordPress")
-    store_valid_credential(username, password, :password, cookie)
+    store_valid_credential(user: username, private: password, proof: cookie)

    print_status("Preparing payload...")
    payload_name = Rex::Text.rand_text_alpha(10)
--- a/modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb
+++ b/modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb
@ -64,7 +64,7 @@ class MetasploitModule < Msf::Exploit::Remote
      print_error("Unable to login as #{user}")
      return
    end
-    store_valid_credential(username, password, :password, cookie)
+    store_valid_credential(user: username, private: password, proof: cookie)

    print_status("Trying to upload payload")
    filename = "#{rand_text_alpha_lower(8)}.php"
--- a/modules/exploits/unix/webapp/wp_total_cache_exec.rb
+++ b/modules/exploits/unix/webapp/wp_total_cache_exec.rb
@ -112,7 +112,7 @@ class MetasploitModule < Msf::Exploit::Remote
        fail_with(Failure::NoAccess, "#{peer} - Login wasn't successful")
      end
      print_status("login successful")
-      store_valid_credential(@user, @password, :password, @cookie)
+      store_valid_credential(user: @user, private: @password, proof: @cookie)
    else
      print_status("Trying unauthenticated exploitation...")
    end
--- a/modules/exploits/unix/webapp/wp_wptouch_file_upload.rb
+++ b/modules/exploits/unix/webapp/wp_wptouch_file_upload.rb
@ -121,7 +121,7 @@ class MetasploitModule < Msf::Exploit::Remote
      print_error("Unable to login as #{user}")
      return
    end
-    store_valid_credential(user, password, :password, cookie)
+    store_valid_credential(user: user, private: password, proof: cookie)

    print_status("Trying to get nonce")
    nonce = get_nonce(cookie)