Module: Metasploit::Credential::Creation

Included in:
Importer::Core, Importer::Pwdump, Migrator
Defined in:
lib/metasploit/credential/creation.rb

Overview

Implements a set of “convenience methods” for creating credentials and related portions of the object graph. Creates Core objects and their attendant relationships as well as Login objects and their attendant ‘Mdm::Host` and `Mdm::Service` objects.

Instance Method Summary collapse

Instance Method Details

#active_db?Boolean

Returns true if ActiveRecord has an active database connection, false otherwise.

Returns:

  • (Boolean) 


10
11
12
 
# File 'lib/metasploit/credential/creation.rb', line 10

def active_db?
  ApplicationRecord.connected?
end

#create_cracked_credential(opts = {}) ⇒ Object

This method takes a few simple parameters and creates a new username/password credential that was obtained by cracking a hash. It reuses the relevant components form the originating Metasploit::Credential::Core and builds new Login objects based on the ones attached to the originating Metasploit::Credential::Core

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :username (String)

    the username to find or create the Public from

  • :password (String)

    the password to find or create the Password from

  • :core_id (Fixnum)

    the id for the originating Metasploit::Credential::Core



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/metasploit/credential/creation.rb', line 23

def create_cracked_credential(opts={})
  return nil unless active_db?

  if self.respond_to?(:[]) and self[:task]
    opts[:task_id] ||= self[:task].record.id
  end

  username = opts.fetch(:username)
  password = opts.fetch(:password)
  core_id  = opts.fetch(:core_id)

  private  = nil
  public   = nil
  old_core = nil
  old_realm_id = nil

  retry_transaction do
    private  = Metasploit::Credential::Password.where(data: password).first_or_create!
    public   = Metasploit::Credential::Public.where(username: username).first_or_create!
    old_core = Metasploit::Credential::Core.find(core_id)
    old_realm_id = old_core.realm.id if old_core.realm
  end

  core = nil

  retry_transaction do
    core = Metasploit::Credential::Core.where(public_id: public.id, private_id: private.id, realm_id: old_realm_id, workspace_id: old_core.workspace_id).first_or_initialize
    if core.origin_id.nil?
      origin      = Metasploit::Credential::Origin::CrackedPassword.where(metasploit_credential_core_id: core_id).first_or_create!
      core.origin = origin
    end
    if opts[:task_id]
      core.tasks << Mdm::Task.find(opts[:task_id])
    end
    core.save!
  end

  old_core.logins.each do ||
    service_id = .service_id
     = Metasploit::Credential::Login.where(core_id: core.id, service_id: service_id).first_or_initialize
    if .status.blank?
      .status =  Metasploit::Model::Login::Status::UNTRIED
    end
    .save!
  end
  core
end

#create_credential(opts = {}) ⇒ NilClass, Metasploit::Credential::Core

This method is responsible for creation Metasploit::Credential::Core objects and all sub-objects that it is dependent upon.

Examples:

Reporting a Bruteforced Credential

create_credential(
  origin_type: :service,
  address: '192.168.1.100',
  port: 445,
  service_name: 'smb',
  protocol: 'tcp',
  module_fullname: 'auxiliary/scanner/smb/smb_login',
  workspace_id: myworkspace.id,
  private_data: 'password1',
  private_type: :password,
  username: 'Administrator'
)

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :jtr_format (String)

    The format for John the ripper to use to try and crack this

  • :origin_type (Symbol)

    The Origin type we are trying to create

  • :address (String)

    The address of the ‘Mdm::Host` to link this Origin to

  • :port (Fixnum)

    The port number of the ‘Mdm::Service` to link this Origin to

  • :service_name (String)

    The service name to use for the ‘Mdm::Service`

  • :protocol (String)

    The protocol type of the ‘Mdm::Service` to link this Origin to

  • :module_fullname (String)

    The fullname of the Metasploit Module to link this Origin to

  • :workspace_id (Fixnum)

    The ID of the ‘Mdm::Workspace` to use for the `Mdm::Host`

  • :task_id (Fixnum)

    The ID of the ‘Mdm::Task` to link this Origin and Core to

  • :filename (String)

    The filename of the file that was imported

  • :user_id (Fixnum)

    The ID of the ‘Mdm::User` to link this Origin to

  • :session_id (Fixnum)

    The ID of the ‘Mdm::Session` to link this Origin to

  • :post_reference_name (String)

    The reference name of the Metasploit Post module to link the origin to

  • :private_data (String)

    The actual data for the private (e.g. password, hash, key etc)

  • :private_type (Symbol)

    The type of Private to create

  • :username (String)

    The username to use for the Public

Returns:

Raises:

  • (KeyError)

    if a required option is missing

  • (ArgumentError)

    if an invalid :private_type is specified

  • (ArgumentError)

    if an invalid :origin_type is specified



109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
 
# File 'lib/metasploit/credential/creation.rb', line 109

def create_credential(opts={})
  return nil unless active_db?

  if self.respond_to?(:[]) and self[:task]
    opts[:task_id] ||= self[:task].record.id
  end

  if opts[:origin]
    origin = opts[:origin]
  else
    origin = create_credential_origin(opts)
  end
  return nil if origin.nil?

  core_opts = {
      origin: origin,
      workspace_id: opts.fetch(:workspace_id)
  }

  if opts.has_key?(:realm_key) && opts.has_key?(:realm_value)
    core_opts[:realm] = create_credential_realm(opts)
  end

  if opts.has_key?(:private_type) && opts.has_key?(:private_data)
    core_opts[:private] = create_credential_private(opts)
  end

  if opts.has_key?(:username)
    core_opts[:public] = create_credential_public(opts)
  end

  if opts.has_key?(:task_id)
    core_opts[:task_id] = opts[:task_id]
  end

  create_credential_core(core_opts)
end

#create_credential_and_login(opts = {}) ⇒ NilClass, Metasploit::Credential::Core

This method is responsible for creation Metasploit::Credential::Core and Login. This method is responsible for creating a Login object which ties a Metasploit::Credential::Core to the ‘Mdm::Service` it is a valid credential for.

NOTE: for origin_type: service it must be the same service your going to create a login for.

Metasploit::Credential::Core options Login

Examples:

Reporting a Bruteforced Credential and Login

create_credential_and_login(
  origin_type: :service,
  address: '192.168.1.100',
  port: 445,
  service_name: 'smb',
  protocol: 'tcp',
  module_fullname: 'auxiliary/scanner/smb/smb_login',
  workspace_id: myworkspace.id,
  private_data: 'password1',
  private_type: :password,
  username: 'Administrator',
  service_name: 'smb',
  status: status: Metasploit::Model::Login::Status::UNTRIED
)

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :jtr_format (String)

    The format for John the ripper to use to try and crack this

  • :origin_type (Symbol)

    The Origin type we are trying to create

  • :address (String)

    The address of the ‘Mdm::Host` to link this Origin to

  • :port (Fixnum)

    The port number of the ‘Mdm::Service` to link this Origin to

  • :service_name (String)

    The service name to use for the ‘Mdm::Service`

  • :protocol (String)

    The protocol type of the ‘Mdm::Service` to link this Origin to

  • :module_fullname (String)

    The fullname of the Metasploit Module to link this Origin to

  • :workspace_id (Fixnum)

    The ID of the ‘Mdm::Workspace` to use for the `Mdm::Host`

  • :task_id (Fixnum)

    The ID of the ‘Mdm::Task` to link this Origin and Core to

  • :filename (String)

    The filename of the file that was imported

  • :user_id (Fixnum)

    The ID of the ‘Mdm::User` to link this Origin to

  • :session_id (Fixnum)

    The ID of the ‘Mdm::Session` to link this Origin to

  • :post_reference_name (String)

    The reference name of the Metasploit Post module to link the origin to

  • :private_data (String)

    The actual data for the private (e.g. password, hash, key etc)

  • :private_type (Symbol)

    The type of Private to create

  • :access_level (String)

    The access level to assign to this login if we know it

  • :status (String)

    The status for the Login object

Returns:

Raises:

  • (KeyError)

    if a required option is missing

  • (ArgumentError)

    if an invalid :private_type is specified

  • (ArgumentError)

    if an invalid :origin_type is specified



194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
 
# File 'lib/metasploit/credential/creation.rb', line 194

def (opts={})
  return nil unless active_db?

  if self.respond_to?(:[]) and self[:task]
    opts[:task_id] ||= self[:task].record.id
  end

  core               = opts.fetch(:core, create_credential(opts))
  access_level       = opts.fetch(:access_level, nil)
  last_attempted_at  = opts.fetch(:last_attempted_at, nil)
  status             = opts.fetch(:status, Metasploit::Model::Login::Status::UNTRIED)

   = nil
  retry_transaction do
    service_object = create_credential_service(opts)
    return nil if service_object.nil?
     = Metasploit::Credential::Login.where(core_id: core.id, service_id: service_object.id).first_or_initialize

    if opts[:task_id]
      .tasks << Mdm::Task.find(opts[:task_id])
    end

    .access_level      = access_level if access_level
    .last_attempted_at = last_attempted_at if last_attempted_at
    if status == Metasploit::Model::Login::Status::UNTRIED
      if .last_attempted_at.nil?
        .status = status
      end
    else
      .status = status
    end
    .save!
  end

  
end

#create_credential_core(opts = {}) ⇒ NilClass, Metasploit::Credential::Core

This method is responsible for creating Metasploit::Credential::Core objects.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

Returns:



241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
 
# File 'lib/metasploit/credential/creation.rb', line 241

def create_credential_core(opts={})
  return nil unless active_db?

  if self.respond_to?(:[]) and self[:task]
    opts[:task_id] ||= self[:task].record.id
  end

  origin       = opts.fetch(:origin)
  workspace_id = opts.fetch(:workspace_id)

  private_id   = opts[:private].try(:id)
  public_id    = opts[:public].try(:id)
  realm_id     = opts[:realm].try(:id)

  core = nil
  retry_transaction do
    core = Metasploit::Credential::Core.where(private_id: private_id, public_id: public_id, realm_id: realm_id, workspace_id: workspace_id).first_or_initialize
    if core.origin_id.nil?
      core.origin = origin
    end
    if opts[:task_id]
      core.tasks << Mdm::Task.find(opts[:task_id])
    end
    core.save!
  end

  core
end

#create_credential_login(opts = {}) ⇒ NilClass, Metasploit::Credential::Login

This method is responsible for creating a Login object which ties a Metasploit::Credential::Core to the ‘Mdm::Service` it is a valid credential for.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :access_level (String)

    The access level to assign to this login if we know it

  • :address (String)

    The address of the ‘Mdm::Host` to link this Login to

  • :last_attempted_at (DateTime)

    The last time this Login was attempted

  • :core (Metasploit::Credential::Core)

    The Metasploit::Credential::Core to link this login to

  • :port (Fixnum)

    The port number of the ‘Mdm::Service` to link this Login to

  • :service_id (String)

    The ID of an ‘Mdm::Service` to link this login to

  • :service_name (String)

    The service name to use for the ‘Mdm::Service`

  • :status (String)

    The status for the Login object

  • :protocol (String)

    The protocol type of the ‘Mdm::Service` to link this Login to

  • :workspace_id (Fixnum)

    The ID of the ‘Mdm::Workspace` to use for the `Mdm::Host`

  • :task_id (Fixnum)

    The ID of the ‘Mdm::Task` to link this Login to

Returns:

Raises:

  • (KeyError)

    if a required option is missing



288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
 
# File 'lib/metasploit/credential/creation.rb', line 288

def (opts={})
  return nil unless active_db?

  if self.respond_to?(:[]) and self[:task]
    opts[:task_id] ||= self[:task].record.id
  end

  core               = opts.fetch(:core)
  access_level       = opts.fetch(:access_level, nil)
  last_attempted_at  = opts.fetch(:last_attempted_at, nil)
  status             = opts.fetch(:status, Metasploit::Model::Login::Status::UNTRIED)

   = nil
  retry_transaction do
    service_object = Mdm::Service.where(id: opts[:service_id]).first if opts[:service_id]
    service_object = create_credential_service(opts) if service_object.nil?
    return nil if service_object.nil?
     = Metasploit::Credential::Login.where(core_id: core.id, service_id: service_object.id).first_or_initialize

    if opts[:task_id]
      .tasks << Mdm::Task.find(opts[:task_id])
    end

    .access_level      = access_level if access_level
    .last_attempted_at = last_attempted_at if last_attempted_at
    if status == Metasploit::Model::Login::Status::UNTRIED
      if .last_attempted_at.nil?
        .status = status
      end
    else
      .status = status
    end
    .save!
  end

  
end

#create_credential_origin(opts = {}) ⇒ NilClass, ...

This method is responsible for creating the various Credential::Origin objects. It takes a key for the Origin type and delegates to the correct sub-method.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :origin_type (Symbol)

    The Origin type we are trying to create

  • :address (String)

    The address of the ‘Mdm::Host` to link this Origin to

  • :port (Fixnum)

    The port number of the ‘Mdm::Service` to link this Origin to

  • :service_name (String)

    The service name to use for the ‘Mdm::Service`

  • :protocol (String)

    The protocol type of the ‘Mdm::Service` to link this Origin to

  • :module_fullname (String)

    The fullname of the Metasploit Module to link this Origin to

  • :workspace_id (Fixnum)

    The ID of the ‘Mdm::Workspace` to use for the `Mdm::Host`

  • :task_id (Fixnum)

    The ID of the ‘Mdm::Task` to link this Origin to

  • :filename (String)

    The filename of the file that was imported

  • :user_id (Fixnum)

    The ID of the ‘Mdm::User` to link this Origin to

  • :session_id (Fixnum)

    The ID of the ‘Mdm::Session` to link this Origin to

  • :post_reference_name (String)

    The reference name of the Metasploit Post module to link the origin to

Returns:

Raises:

  • (ArgumentError)

    if an invalid origin_type was provided

  • (KeyError)

    if a required option is missing



348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
 
# File 'lib/metasploit/credential/creation.rb', line 348

def create_credential_origin(opts={})
  return nil unless active_db?
  case opts[:origin_type]
  when :cracked_password
    create_credential_origin_cracked_password(opts)
  when :import
    create_credential_origin_import(opts)
  when :manual
    create_credential_origin_manual(opts)
  when :service
    create_credential_origin_service(opts)
  when :session
    create_credential_origin_session(opts)
  else
    raise ArgumentError, "Unknown Origin Type #{opts[:origin_type]}"
  end
end

#create_credential_origin_cracked_password(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::CrackedPassword

This method is responsible for creating Origin::CrackedPassword objects. These are the origins that show that a password Credential was obtained by cracking a hash Credential that previously existed in the database.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :originating_core_id (Fixnum)

    The ID of the originating Credential core.

Returns:



373
374
375
376
377
378
379
380
 
# File 'lib/metasploit/credential/creation.rb', line 373

def create_credential_origin_cracked_password(opts={})
  return nil unless active_db?
  originating_core_id = opts.fetch(:originating_core_id)

  retry_transaction do
    Metasploit::Credential::Origin::CrackedPassword.where(metasploit_credential_core_id: originating_core_id ).first_or_create!
  end
end

#create_credential_origin_import(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::Manual

This method is responsible for creating Origin::Import objects.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :filename (String)

    The filename of the file that was imported

Returns:

Raises:

  • (KeyError)

    if a required option is missing



388
389
390
391
392
393
394
395
 
# File 'lib/metasploit/credential/creation.rb', line 388

def create_credential_origin_import(opts={})
  return nil unless active_db?
  filename = opts.fetch(:filename)

  retry_transaction do
    Metasploit::Credential::Origin::Import.where(filename: filename).first_or_create!
  end
end

#create_credential_origin_manual(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::Manual

This method is responsible for creating Origin::Manual objects.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :user_id (Fixnum)

    The ID of the ‘Mdm::User` to link this Origin to

Returns:

Raises:

  • (KeyError)

    if a required option is missing



403
404
405
406
407
408
409
410
 
# File 'lib/metasploit/credential/creation.rb', line 403

def create_credential_origin_manual(opts={})
  return nil unless active_db?
  user_id = opts.fetch(:user_id)

  retry_transaction do
    Metasploit::Credential::Origin::Manual.where(user_id: user_id).first_or_create!
  end
end

#create_credential_origin_service(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::Service

This method is responsible for creating Origin::Service objects. If there is not a matching ‘Mdm::Host` it will create it. If there is not a matching `Mdm::Service` it will create that too.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :address (String)

    The address of the ‘Mdm::Host` to link this Origin to

  • :port (Fixnum)

    The port number of the ‘Mdm::Service` to link this Origin to

  • :service_name (String)

    The service name to use for the ‘Mdm::Service`

  • :protocol (String)

    The protocol type of the ‘Mdm::Service` to link this Origin to

  • :module_fullname (String)

    The fullname of the Metasploit Module to link this Origin to

Returns:

Raises:

  • (KeyError)

    if a required option is missing



424
425
426
427
428
429
430
431
432
433
 
# File 'lib/metasploit/credential/creation.rb', line 424

def create_credential_origin_service(opts={})
  return nil unless active_db?
  module_fullname  = opts.fetch(:module_fullname)
  service_object = create_credential_service(opts)
  return nil if service_object.nil?

  retry_transaction do
    Metasploit::Credential::Origin::Service.where(service_id: service_object.id, module_full_name: module_fullname).first_or_create!
  end
end

#create_credential_origin_session(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::Session

This method is responsible for creating Origin::Session objects.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :session_id (Fixnum)

    The ID of the ‘Mdm::Session` to link this Origin to

  • :post_reference_name (String)

    The reference name of the Metasploit Post module to link the origin to

Returns:

Raises:

  • (KeyError)

    if a required option is missing



442
443
444
445
446
447
448
449
450
 
# File 'lib/metasploit/credential/creation.rb', line 442

def create_credential_origin_session(opts={})
  return nil unless active_db?
  session_id           = opts.fetch(:session_id)
  post_reference_name  = opts.fetch(:post_reference_name)

  retry_transaction do
    Metasploit::Credential::Origin::Session.where(session_id: session_id, post_reference_name: post_reference_name).first_or_create!
  end
end

#create_credential_private(opts = {}) ⇒ NilClass, ...

This method is responsible for the creation of Private objects. It will create the correct subclass based on the type.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :jtr_format (String)

    The format for John the ripper to use to try and crack this

  • :private_data (String)

    The actual data for the private (e.g. password, hash, key etc)

  • :private_type (Symbol)

    The type of Private to create

Returns:

Raises:

  • (ArgumentError)

    if a valid type is not supplied

  • (KeyError)

    if a required option is missing



466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
 
# File 'lib/metasploit/credential/creation.rb', line 466

def create_credential_private(opts={})
  return nil unless active_db?
  private_data = opts.fetch(:private_data)
  private_type = opts.fetch(:private_type)

  private_object = nil

  retry_transaction do
    if private_data.blank?
      private_object = Metasploit::Credential::BlankPassword.where(data:'').first_or_create
    else
      case private_type
      when :password
        private_object = Metasploit::Credential::Password.where(data: private_data).first_or_create
      when :ssh_key
        private_object = Metasploit::Credential::SSHKey.where(data: private_data).first_or_create
      when :pkcs12
        private_object = Metasploit::Credential::Pkcs12.where(data: private_data).first_or_create
      when :krb_enc_key
        private_object = Metasploit::Credential::KrbEncKey.where(data: private_data).first_or_create
      when :ntlm_hash
        private_object = Metasploit::Credential::NTLMHash.where(data: private_data).first_or_create
        private_object.jtr_format = 'nt,lm'
      when :postgres_md5
        private_object = Metasploit::Credential::PostgresMD5.where(data: private_data).first_or_create
        private_object.jtr_format = 'raw-md5,postgres'
      when :nonreplayable_hash
        private_object = Metasploit::Credential::NonreplayableHash.where(data: private_data).first_or_create
        if opts[:jtr_format].present?
          private_object.jtr_format = opts[:jtr_format]
        end
      else
        raise ArgumentError, "Invalid Private type: #{private_type}"
      end
    end
    private_object.save!
  end
  private_object
end

#create_credential_public(opts = {}) ⇒ NilClass, Metasploit::Credential::Public

This method is responsible for the creation of Public objects.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :username (String)

    The username to use for the Public

Returns:

Raises:

  • (KeyError)

    if a required option is missing



512
513
514
515
516
517
518
519
520
521
522
523
 
# File 'lib/metasploit/credential/creation.rb', line 512

def create_credential_public(opts={})
  return nil unless active_db?
  username = opts.fetch(:username)

  retry_transaction do
    if username.blank?
      Metasploit::Credential::BlankUsername.where(username:'').first_or_create!
    else
      Metasploit::Credential::Username.where(username: username).first_or_create!
    end
  end
end

#create_credential_realm(opts = {}) ⇒ NilClass, Metasploit::Credential::Realm

This method is responsible for creating the Realm objects that may be required.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :realm_key (String)

    The type of Realm this is (e.g. ‘Active Directory Domain’)

  • :realm_value (String)

    The actual Realm name (e.g. contosso)

Returns:

Raises:

  • (KeyError)

    if a required option is missing



533
534
535
536
537
538
539
540
541
 
# File 'lib/metasploit/credential/creation.rb', line 533

def create_credential_realm(opts={})
  return nil unless active_db?
  realm_key   = opts.fetch(:realm_key)
  realm_value = opts.fetch(:realm_value)

  retry_transaction do
    Metasploit::Credential::Realm.where(key: realm_key, value: realm_value).first_or_create!
  end
end

#create_credential_service(opts = {}) ⇒ NilClass, Mdm::Service

This method is responsible for creating a barebones ‘Mdm::Service` object for use by Credential object creation.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :address (String)

    The address of the ‘Mdm::Host`

  • :port (Fixnum)

    The port number of the ‘Mdm::Service`

  • :service_name (String)

    The service name to use for the ‘Mdm::Service`

  • :protocol (String)

    The protocol type of the ‘Mdm::Service“

  • :workspace_id (Fixnum)

    The ID of the ‘Mdm::Workspace` to use for the `Mdm::Host`

Returns:

  • (NilClass)

    if there is no connected database

  • (Mdm::Service)

Raises:

  • (KeyError)

    if a required option is missing



556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
 
# File 'lib/metasploit/credential/creation.rb', line 556

def create_credential_service(opts={})
  return nil unless active_db?
  address          = opts.fetch(:address)
  return nil unless Rex::Socket.is_ipv4?(address) || Rex::Socket.is_ipv6?(address)
  port             = opts.fetch(:port)
  service_name     = opts.fetch(:service_name)
  protocol         = opts.fetch(:protocol)
  workspace_id     = opts.fetch(:workspace_id)

  host_object    = Mdm::Host.where(address: address, workspace_id: workspace_id).first_or_create
  service_object = Mdm::Service.where(host_id: host_object.id, port: port, proto: protocol).first_or_initialize

  service_object.name  = service_name
  service_object.state = "open"
  service_object.save!

  service_object
end

#invalidate_login(opts = {}) ⇒ void

This method returns an undefined value.

This method checks to see if a Login exists for a given set of details. If it does exists, we then appropriately set the status to one of our failure statuses.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :address (String)

    The address of the host we attempted

  • :port (Fixnum)

    the port of the service we attempted

  • :protocol (String)

    the transport protocol of the service we attempted

  • :public (String)

    A string representation of the public we tried

  • :private (String)

    A string representation of the private we tried

  • :status (Symbol)

    The status symbol from the Framework::LoginScanner::Result

Raises:

  • (KeyError)

    if any of the above options are missing



587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
 
# File 'lib/metasploit/credential/creation.rb', line 587

def (opts = {})
  return nil unless active_db?
  address     = opts.fetch(:address)
  return nil unless Rex::Socket.is_ipv4?(address) || Rex::Socket.is_ipv6?(address)
  port        = opts.fetch(:port)
  protocol    = opts.fetch(:protocol)
  public      = opts.fetch(:username, nil)
  private     = opts.fetch(:private_data, nil)
  realm_key   = opts.fetch(:realm_key, nil)
  realm_value = opts.fetch(:realm_value, nil)
  status      = opts.fetch(:status)


  pub_obj = Metasploit::Credential::Public.where(username: public).first.try(:id)
  priv_obj = Metasploit::Credential::Private.where(data: private).first.try(:id)
  realm_obj = Metasploit::Credential::Realm.where(key: realm_key, value: realm_value).first.try(:id)

  core = Metasploit::Credential::Core.where(public_id: pub_obj, private_id: priv_obj, realm_id: realm_obj).first

  # Do nothing else if we have no matching core. Otherwise look for a Login.
  if core.present?
     = core.logins.joins(service: :host).where(services: { port: port, proto: protocol } ).where( hosts: {address: address}).readonly(false).first

    if .present?
      .status = status
      .last_attempted_at = DateTime.now
      .save!
    end

  end

end