Class: Metasploit::Credential::Migrator

Inherits:

Object

• Object
• Metasploit::Credential::Migrator

Includes:

Creation

Defined in:

lib/metasploit/credential/migrator.rb

Overview

This class provides migration behavior for converting ‘Mdm::Cred` objects to their appropriate counterparts in the Metasploit::Credential namespace.

Instance Attribute Summary

• #origin ⇒ Metasploit::Credential::Origin::Import

  An origin for tracking how these credentials made it into the system.

• #workspaces ⇒ Array<Mdm::Workspace>

  Where the migrated creds will originate.

Instance Method Summary

• #convert_creds_in_workspace(workspace) ⇒ void

  Converts the ‘Mdm::Cred` objects in a single `Mdm::Workspace`.

• #cred_type_to_credential_class(cred_type) ⇒ Object

  Converts types in the legacy credentials model to a type in the new one.

• #creds_exist? ⇒ Boolean

  Returns true if #workspaces contains ‘Mdm::Cred` objects.

• #initialize(workspace = nil) ⇒ void constructor

  Sets up a migrator object with either a single workspace or all workspaces.

• #key_data_from_file(path) ⇒ String

  Returns the text of the SSH key as read from the file.

• #migrate! ⇒ void

  Perform the migration.

• #private_data_from_cred(cred) ⇒ Object

  Returns private data given an ‘Mdm::Cred` @return.

Methods included from Creation

#active_db?, #create_cracked_credential, #create_credential, #create_credential_core, #create_credential_login, #create_credential_origin, #create_credential_origin_cracked_password, #create_credential_origin_import, #create_credential_origin_manual, #create_credential_origin_service, #create_credential_origin_session, #create_credential_private, #create_credential_public, #create_credential_realm, #create_credential_service, #invalidate_login

Constructor Details

#initialize(workspace = nil) ⇒ void

Sets up a migrator object with either a single workspace or all workspaces

Parameters:

• the (Mdm::Workspace) —

  workspace to act on

# File 'lib/metasploit/credential/migrator.rb', line 26

def initialize(workspace=nil)
  @origin = Metasploit::Credential::Origin::Import.new(filename: 'MIGRATION')

  if workspace.present?
    @workspaces = [workspace]
  else
    @workspaces = Mdm::Workspace.all
  end
end

Instance Attribute Details

#origin ⇒ Metasploit::Credential::Origin::Import

An origin for tracking how these credentials made it into the system. Treating this as an Import since there is no migration origin.

Returns:

• (Metasploit::Credential::Origin::Import)

# File 'lib/metasploit/credential/migrator.rb', line 13

def origin
  @origin
end

#workspaces ⇒ Array<Mdm::Workspace>

Where the migrated creds will originate

Returns:

• (Array<Mdm::Workspace>)

# File 'lib/metasploit/credential/migrator.rb', line 20

def workspaces
  @workspaces
end

Instance Method Details

#convert_creds_in_workspace(workspace) ⇒ void

This method returns an undefined value.

Converts the ‘Mdm::Cred` objects in a single `Mdm::Workspace`

Parameters:

• the (Mdm::Workspace) —

  workspace to act on

# File 'lib/metasploit/credential/migrator.rb', line 58

def convert_creds_in_workspace(workspace)
  workspace.creds.each do |cred|
    service = cred.service
    core = create_credential(
      origin: origin,
      private_data: private_data_from_cred(cred),
      private_type: cred_type_to_credential_class(cred.ptype),
      username: cred.user,
      workspace_id: workspace.id
    )

    create_credential_login(
      address: service.host.address,
      core: core,
      port: service.port,
      protocol: service.proto,
      service_name: service.name,
      status: Metasploit::Model::Login::Status::UNTRIED,
      workspace_id: workspace.id
    )
  end
end

#cred_type_to_credential_class(cred_type) ⇒ Object

Converts types in the legacy credentials model to a type in the new one. Assumes that anything that isn’t ‘smb_hash’ but contains ‘hash’ will be a NonreplaybleHash. @return

Parameters:

• cred_type (String) —

  the value from the ptype field of ‘Mdm::Cred`

# File 'lib/metasploit/credential/migrator.rb', line 87

def cred_type_to_credential_class(cred_type)
  return :ntlm_hash if cred_type == "smb_hash"
  return :ssh_key if cred_type == "ssh_key"
  return :nonreplayable_hash if cred_type.include? "hash"
  return :password
end

#creds_exist? ⇒ Boolean

Returns true if #workspaces contains ‘Mdm::Cred` objects

Returns:

• (Boolean)

# File 'lib/metasploit/credential/migrator.rb', line 38

def creds_exist?
  workspaces.map(&:creds).flatten.present?
end

#key_data_from_file(path) ⇒ String

Returns the text of the SSH key as read from the file

Parameters:

• path (String) —

  Path to an SSH key file on disk

Returns:

• (String)

# File 'lib/metasploit/credential/migrator.rb', line 97

def key_data_from_file(path)
  # Sometimes we will set the :pass attribute to a file path containing the key
  if File.exists?(path)
    File.read(path)
  # In other cases we store the entire SSH key directly in the :pass attribute
  elsif Metasploit::Credential::SSHKey.new(data: path).private?
    path
  end
end

#migrate! ⇒ void

This method returns an undefined value.

Perform the migration

# File 'lib/metasploit/credential/migrator.rb', line 44

def migrate!
  if creds_exist?
    Metasploit::Credential::Core.transaction do
      origin.save # we are going to use the one we instantiated earlier, since there is work to be done
      workspaces.each do |workspace|
        convert_creds_in_workspace(workspace)
      end
    end
  end
end

#private_data_from_cred(cred) ⇒ Object

Returns private data given an ‘Mdm::Cred` @return

Parameters:

• cred (Mdm::Cred)

# File 'lib/metasploit/credential/migrator.rb', line 110

def private_data_from_cred(cred)
  case cred.ptype
  when 'ssh_key'
    key_data_from_file(cred.pass)
  else
    cred.pass
  end
end