Class: Metasploit::Credential::Exporter::Pwdump

Inherits:
Object
  • Object
show all
Includes:
Base
Defined in:
lib/metasploit/credential/exporter/pwdump.rb

Overview

Exports Metasploit::Credential::Logins in the old pwdump format.

# Service

The service for a given login is in comment (‘#`) above the login in the format ’‘Mdm::Host#address`:`Mdm::Service#port`/`Mdm::Service#proto` (`Mdm::Service#name`)’

# Logins

There is one Login per line with the line format varying based on the ‘Class` of Login#core Core#private.

## Blanks

If the username or password is blank, then BLANK_CRED_STRING is used instead of an empty string.

The full format is as follows:

#
# Metasploit PWDump: <version>
# Generated: <UTC Time>
# Project: <Mdm::Workspace#name>
#
#########################################################

#  LM/NTLM Hashes (<Metasploit::Credential::NTLMHash count> hashes, <Metasploit::Credential::NTLMHash service count> services)

# <Mdm::Host#address>:<Mdm::Service#port>/<Mdm::Service#proto> (<Mdm::Service#name>)
<Metasploit::Credential::Public#username>:<Metasploit::Credential::Login#id>:<Metasploit::Credential::NTLMHash#data>

#  Hashes (<Metasploit::Credential::Nonreplayable count> hashes, <Metasploit::Credential::Nonreplayable service count> services)

# <Mdm::Host#address>:<Mdm::Service#port>/<Mdm::Service#proto> (<Mdm::Service#name>)
<Metasploit::Credential::Public#username>:<Metasploit::Credential::NonreplayableHash#data>:::

#  Plaintext Passwords (<Metasploit::Credential::Password count> passwords, <Metasploit::Credential::Password service count> services)

# <Mdm::Host#address>:<Mdm::Service#port>/<Mdm::Service#proto> (<Mdm::Service#name>)
<Metasploit::Credential::Public#username> <Metasploit::Credential::Password#data>

Constant Summary collapse

BLANK_CRED_STRING =

The string inserted when either the public or private half of a credential is blank

'<BLANK>'
FILE_ID_STRING =

Used to check for this file type when importing/parsing

"# Metasploit PWDump Export"
TEMPLATE_PATH =

Where the MSF pwdump template lives

File.expand_path(File.join(File.dirname(__FILE__), "pwdump_template.erb"))
VERSION =

The version of the export format

"2.0"

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Base

#initialize

Instance Attribute Details

#loginsActiveRecord::Relation

The collection of Login objects that will get parsed for output in the export

Returns:

  • (ActiveRecord::Relation)


76
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 76

attr_writer :logins

Instance Method Details

#dataObject

Instance Methods



83
84
85
86
87
88
89
90
91
92
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 83

def data
  unless instance_variable_defined? :@data
    @data = {}
    @data[:ntlm]           = logins.select{ |l| l.core.private.present? && l.core.private.is_a?(Metasploit::Credential::NTLMHash) }
    @data[:non_replayable] = logins.select{ |l| l.core.private.present? && l.core.private.is_a?(Metasploit::Credential::NonreplayableHash) }
    @data[:password]       = logins.select{ |l| l.core.private.present? && l.core.private.is_a?(Metasploit::Credential::Password) }
    @data[:postgres_md5]   = logins.select{ |l| l.core.private.present? && l.core.private.is_a?(Metasploit::Credential::PostgresMD5) }
  end
  @data
end

#format_nonreplayable_hash(login) ⇒ String

Format a Public and a NonReplayableHash for output

Parameters:

Returns:

  • (String)


103
104
105
106
107
108
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 103

def format_nonreplayable_hash()
  creds_data = ()
  username = Metasploit::Credential::Text.ascii_safe_hex(creds_data[:username])
  hash     = Metasploit::Credential::Text.ascii_safe_hex(creds_data[:private_data])
  "#{username}:#{hash}:::"
end

#format_ntlm_hash(login) ⇒ String

Format a Public and a NTLMHash for output

Parameters:

Returns:

  • (String)


113
114
115
116
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 113

def format_ntlm_hash()
  creds_data = ()
  "#{creds_data[:username]}:#{.id}:#{creds_data[:private_data]}:::"
end

#format_password(login) ⇒ String

Format a Public and a Password for output

Parameters:

Returns:

  • (String)


121
122
123
124
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 121

def format_password()
  creds_data = ()
  "#{creds_data[:username]} #{creds_data[:private_data]}"
end

#format_postgres_md5(login) ⇒ String

Format a Public and a PostgresMD5 for output

Parameters:

Returns:

  • (String)


129
130
131
132
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 129

def format_postgres_md5()
  creds_data = ()
  "#{creds_data[:username]}:#{creds_data[:private_data]}"
end

#format_service_for_login(login) ⇒ String

Returns a string for the host/service/port/proto/service name combination in the pwdump file. This string is added to make it easier for a human to scan the file.

Parameters:

Returns:

  • (String)


138
139
140
141
142
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 138

def ()
  service = .service
  address = service.host.address.to_s
  "#{address}:#{service.port}/#{service.proto} (#{service.name})"
end

#rendered_outputString

Renders the collection credential objects in #data into the ‘ERB` template at TEMPLATE_PATH

Returns:

  • (String)


146
147
148
149
150
151
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 146

def rendered_output
  @version_string = VERSION
  @workspace      = workspace
  template        = ERB.new(File.read TEMPLATE_PATH)
  template.result get_binding
end

#service_count_for_hashes(hash_array) ⇒ Fixnum

Returns the count of services in the group creds contained in hash_array

Parameters:

Returns:

  • (Fixnum)


156
157
158
# File 'lib/metasploit/credential/exporter/pwdump.rb', line 156

def service_count_for_hashes(hash_array)
  hash_array.collect(&:service).collect(&:id).uniq.size
end