Class: Metasploit::Credential::Exporter::Pwdump
- Inherits:
-
Object
- Object
- Metasploit::Credential::Exporter::Pwdump
- Includes:
- Base
- Defined in:
- lib/metasploit/credential/exporter/pwdump.rb
Overview
Exports Metasploit::Credential::Logins in the old pwdump format.
# Service
The service for a given login is in comment (‘#`) above the login in the format ’‘Mdm::Host#address`:`Mdm::Service#port`/`Mdm::Service#proto` (`Mdm::Service#name`)’
# Logins
There is one Login per line with the line format varying based on the ‘Class` of Login#core Core#private.
-
Public#username:Login#id:NTLMHash#data
## Blanks
If the username or password is blank, then BLANK_CRED_STRING is used instead of an empty string.
The full format is as follows:
#
# Metasploit PWDump: <version>
# Generated: <UTC Time>
# Project: <Mdm::Workspace#name>
#
#########################################################
# LM/NTLM Hashes (<Metasploit::Credential::NTLMHash count> hashes, <Metasploit::Credential::NTLMHash service count> services)
# <Mdm::Host#address>:<Mdm::Service#port>/<Mdm::Service#proto> (<Mdm::Service#name>)
<Metasploit::Credential::Public#username>:<Metasploit::Credential::Login#id>:<Metasploit::Credential::NTLMHash#data>
# Hashes (<Metasploit::Credential::Nonreplayable count> hashes, <Metasploit::Credential::Nonreplayable service count> services)
# <Mdm::Host#address>:<Mdm::Service#port>/<Mdm::Service#proto> (<Mdm::Service#name>)
<Metasploit::Credential::Public#username>:<Metasploit::Credential::NonreplayableHash#data>:::
# Plaintext Passwords (<Metasploit::Credential::Password count> passwords, <Metasploit::Credential::Password service count> services)
# <Mdm::Host#address>:<Mdm::Service#port>/<Mdm::Service#proto> (<Mdm::Service#name>)
<Metasploit::Credential::Public#username> <Metasploit::Credential::Password#data>
Constant Summary collapse
- BLANK_CRED_STRING =
The string inserted when either the public or private half of a credential is blank
'<BLANK>'
- FILE_ID_STRING =
Used to check for this file type when importing/parsing
"# Metasploit PWDump Export"
- TEMPLATE_PATH =
Where the MSF pwdump template lives
File.(File.join(File.dirname(__FILE__), "pwdump_template.erb"))
- VERSION =
The version of the export format
"2.0"
Instance Attribute Summary collapse
-
#logins ⇒ ActiveRecord::Relation
The collection of Login objects that will get parsed for output in the export.
Instance Method Summary collapse
-
#data ⇒ Object
Instance Methods.
-
#format_nonreplayable_hash(login) ⇒ String
Format a Public and a NonReplayableHash for output.
- #format_ntlm_hash(login) ⇒ String
- #format_password(login) ⇒ String
-
#format_service_for_login(login) ⇒ String
Returns a string for the host/service/port/proto/service name combination in the pwdump file.
-
#rendered_output ⇒ String
Renders the collection credential objects in #data into the ‘ERB` template at TEMPLATE_PATH.
-
#service_count_for_hashes(hash_array) ⇒ Fixnum
Returns the count of services in the group creds contained in
hash_array
.
Methods included from Base
Instance Attribute Details
#logins ⇒ ActiveRecord::Relation
The collection of Login objects that will get parsed for output in the export
76 77 78 |
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 76 def logins @logins end |
Instance Method Details
#data ⇒ Object
Instance Methods
83 84 85 86 87 88 89 90 91 |
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 83 def data unless instance_variable_defined? :@data @data = {} @data[:ntlm] = logins.select{ |l| l.core.private.present? && l.core.private.is_a?(Metasploit::Credential::NTLMHash) } @data[:non_replayable] = logins.select{ |l| l.core.private.present? && l.core.private.is_a?(Metasploit::Credential::NonreplayableHash) } @data[:password] = logins.select{ |l| l.core.private.present? && l.core.private.is_a?(Metasploit::Credential::Password) } end @data end |
#format_nonreplayable_hash(login) ⇒ String
Format a Public and a NonReplayableHash for output
102 103 104 105 106 107 |
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 102 def format_nonreplayable_hash(login) creds_data = data_for_login(login) username = Metasploit::Credential::Text.ascii_safe_hex(creds_data[:username]) hash = Metasploit::Credential::Text.ascii_safe_hex(creds_data[:private_data]) "#{username}:#{hash}:::" end |
#format_ntlm_hash(login) ⇒ String
112 113 114 115 |
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 112 def format_ntlm_hash(login) creds_data = data_for_login(login) "#{creds_data[:username]}:#{login.id}:#{creds_data[:private_data]}:::" end |
#format_password(login) ⇒ String
120 121 122 123 |
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 120 def format_password(login) creds_data = data_for_login(login) "#{creds_data[:username]} #{creds_data[:private_data]}" end |
#format_service_for_login(login) ⇒ String
Returns a string for the host/service/port/proto/service name combination in the pwdump file. This string is added to make it easier for a human to scan the file.
129 130 131 132 133 |
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 129 def format_service_for_login(login) service = login.service address = service.host.address "#{address}:#{service.port}/#{service.proto} (#{service.name})" end |
#rendered_output ⇒ String
Renders the collection credential objects in #data into the ‘ERB` template at TEMPLATE_PATH
137 138 139 140 141 142 |
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 137 def rendered_output @version_string = VERSION @workspace = workspace template = ERB.new(File.read TEMPLATE_PATH) template.result get_binding end |
#service_count_for_hashes(hash_array) ⇒ Fixnum
Returns the count of services in the group creds contained in hash_array
147 148 149 |
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 147 def service_count_for_hashes(hash_array) hash_array.collect(&:service).collect(&:id).uniq.size end |