Module: Msf::DBManager::Import::GPP

Included in:
Msf::DBManager::Import
Defined in:
lib/msf/core/db_manager/import/gpp.rb

Instance Method Summary collapse

Instance Method Details

#import_gpp_xml(args = {}, &block) ⇒ Object


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# File 'lib/msf/core/db_manager/import/gpp.rb', line 4

def import_gpp_xml(args = {}, &block)
  return unless args && args[:data] && !args[:data].empty?

  gpp = Rex::Parser::GPP.parse(args[:data])

  return unless gpp && gpp.any?

  wspace = find_workspace(args[:workspace])

  return unless wspace && wspace.respond_to?(:id)

  gpp.each do |p|
    # Skip incomplete creds
    next unless p[:USER] && p[:PASS]

    # Store decrypted creds
    create_credential(
      workspace_id: wspace.id,
      origin_type:  :import,
      filename:     args[:filename],
      username:     p[:USER],
      private_data: p[:PASS],
      private_type: :password
    )
  end

  # Store entire file as loot, including metadata
  report_loot(
    workspace: wspace,
    path:      args[:filename],
    name:      File.basename(args[:filename]),
    data:      args[:data],
    type:      'microsoft.windows.gpp',
    ctype:     'text/xml',
    info:      gpp
  )
end