Module: Metasploit::Credential::Creation

Included in:
Importer::Core, Importer::Pwdump, Migrator
Defined in:
lib/metasploit/credential/creation.rb

Overview

Implements a set of “convenience methods” for creating credentials and related portions of the object graph. Creates Core objects and their attendant relationships as well as Login objects and their attendant ‘Mdm::Host` and `Mdm::Service` objects.

Instance Method Summary collapse

Instance Method Details

#active_db?Boolean

Returns true if ActiveRecord has an active database connection, false otherwise.

Returns:

  • (Boolean) 


12
13
14
 
# File 'lib/metasploit/credential/creation.rb', line 12

def active_db?
  ApplicationRecord.connected?
end

#create_cracked_credential(opts = {}) ⇒ Object

This method takes a few simple parameters and creates a new username/password credential that was obtained by cracking a hash. It reuses the relevant components form the originating Metasploit::Credential::Core and builds new Login objects based on the ones attached to the originating Metasploit::Credential::Core

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :username (String)

    the username to find or create the Public from

  • :password (String)

    the password to find or create the Password from

  • :core_id (Fixnum)

    the id for the originating Metasploit::Credential::Core



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'lib/metasploit/credential/creation.rb', line 25

def create_cracked_credential(opts={})
  return nil unless active_db?

  if self.respond_to?(:[]) and self[:task]
    opts[:task_id] ||= self[:task].record.id
  end

  username = opts.fetch(:username)
  password = opts.fetch(:password)
  core_id  = opts.fetch(:core_id)

  private  = nil
  public   = nil
  old_core = nil
  old_realm_id = nil

  retry_transaction do
    old_core = Metasploit::Credential::Core.find(core_id)
    old_realm_id = old_core.realm.id if old_core.realm
    if username.blank? && old_core.public
      username = old_core.public.username
    end
    private  = Metasploit::Credential::Password.where(data: password).first_or_create!
    public   = Metasploit::Credential::Public.where(username: username).first_or_create!
  end

  core = nil

  retry_transaction do
    # Create the CrackedPassword origin for this specific originating
    # core first, then look up a Core that is already tied to it.
    # This prevents two different hashes that crack to the same
    # password from collapsing into a single Core where only the
    # first origin link is recorded.
    origin = Metasploit::Credential::Origin::CrackedPassword.where(metasploit_credential_core_id: core_id).first_or_create!

    core = Metasploit::Credential::Core.find_by(
      origin_type: 'Metasploit::Credential::Origin::CrackedPassword',
      origin_id: origin.id
    )

    unless core
      core = Metasploit::Credential::Core.where(
        public_id: public.id,
        private_id: private.id,
        realm_id: old_realm_id,
        workspace_id: old_core.workspace_id
      ).first_or_initialize

      if core.origin_id.nil?
        core.origin = origin
      end
    end

    if opts[:task_id]
      core.tasks << Mdm::Task.find(opts[:task_id])
    end
    core.save!
  end

  old_core.logins.each do ||
    service_id = .service_id
     = Metasploit::Credential::Login.where(core_id: core.id, service_id: service_id).first_or_initialize
    if .status.blank?
      .status =  Metasploit::Model::Login::Status::UNTRIED
    end
    .save!
  end
  core
end

#create_credential(opts = {}) ⇒ NilClass, Metasploit::Credential::Core

This method is responsible for creation Metasploit::Credential::Core objects and all sub-objects that it is dependent upon.

Examples:

Reporting a Bruteforced Credential

create_credential(
  origin_type: :service,
  address: '192.168.1.100',
  port: 445,
  service_name: 'smb',
  protocol: 'tcp',
  module_fullname: 'auxiliary/scanner/smb/smb_login',
  workspace_id: myworkspace.id,
  private_data: 'password1',
  private_type: :password,
  username: 'Administrator'
)

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :jtr_format (String)

    The format for John the ripper to use to try and crack this

  • :origin_type (Symbol)

    The Origin type we are trying to create

  • :address (String)

    The address of the ‘Mdm::Host` to link this Origin to

  • :port (Fixnum)

    The port number of the ‘Mdm::Service` to link this Origin to

  • :service_name (String)

    The service name to use for the ‘Mdm::Service`

  • :protocol (String)

    The protocol type of the ‘Mdm::Service` to link this Origin to

  • :module_fullname (String)

    The fullname of the Metasploit Module to link this Origin to

  • :workspace_id (Fixnum)

    The ID of the ‘Mdm::Workspace` to use for the `Mdm::Host`

  • :task_id (Fixnum)

    The ID of the ‘Mdm::Task` to link this Origin and Core to

  • :filename (String)

    The filename of the file that was imported

  • :user_id (Fixnum)

    The ID of the ‘Mdm::User` to link this Origin to

  • :session_id (Fixnum)

    The ID of the ‘Mdm::Session` to link this Origin to

  • :post_reference_name (String)

    The reference name of the Metasploit Post module to link the origin to

  • :private_data (String)

    The actual data for the private (e.g. password, hash, key etc)

  • :private_type (Symbol)

    The type of Private to create

  • :username (String)

    The username to use for the Public

Returns:

Raises:

  • (KeyError)

    if a required option is missing

  • (ArgumentError)

    if an invalid :private_type is specified

  • (ArgumentError)

    if an invalid :origin_type is specified



134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
 
# File 'lib/metasploit/credential/creation.rb', line 134

def create_credential(opts={})
  return nil unless active_db?

  if self.respond_to?(:[]) and self[:task]
    opts[:task_id] ||= self[:task].record.id
  end

  if opts[:origin]
    origin = opts[:origin]
  else
    origin = create_credential_origin(opts)
  end
  return nil if origin.nil?

  core_opts = {
      origin: origin,
      workspace_id: opts.fetch(:workspace_id)
  }

  if opts.has_key?(:realm_key) && opts.has_key?(:realm_value)
    core_opts[:realm] = create_credential_realm(opts)
  end

  if opts.has_key?(:private_type) && opts.has_key?(:private_data)
    core_opts[:private] = create_credential_private(opts)
  end

  if opts.has_key?(:username)
    # When cracking a hash, the caller may not know the username
    # (e.g. krb5tgs / krb5asrep).  Fall back to the originating
    # core's public so each cracked hash gets a distinct Core
    # instead of all of them collapsing into a single BlankUsername
    # Core where only the first origin link is recorded.
    if opts[:username].blank? && opts[:origin_type] == :cracked_password && opts[:originating_core_id]
      originating_core = Metasploit::Credential::Core.find_by(id: opts[:originating_core_id])
      if originating_core&.public
        opts = opts.merge(username: originating_core.public.username)
      end
    end
    core_opts[:public] = create_credential_public(opts)
  end

  if opts.has_key?(:task_id)
    core_opts[:task_id] = opts[:task_id]
  end

  create_credential_core(core_opts)
end

#create_credential_and_login(opts = {}) ⇒ NilClass, Metasploit::Credential::Core

This method is responsible for creation Metasploit::Credential::Core and Login. This method is responsible for creating a Login object which ties a Metasploit::Credential::Core to the ‘Mdm::Service` it is a valid credential for.

NOTE: for origin_type: service it must be the same service your going to create a login for.

Metasploit::Credential::Core options Login

Examples:

Reporting a Bruteforced Credential and Login

create_credential_and_login(
  origin_type: :service,
  address: '192.168.1.100',
  port: 445,
  service_name: 'smb',
  protocol: 'tcp',
  module_fullname: 'auxiliary/scanner/smb/smb_login',
  workspace_id: myworkspace.id,
  private_data: 'password1',
  private_type: :password,
  username: 'Administrator',
  service_name: 'smb',
  status: status: Metasploit::Model::Login::Status::UNTRIED
)

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :jtr_format (String)

    The format for John the ripper to use to try and crack this

  • :origin_type (Symbol)

    The Origin type we are trying to create

  • :address (String)

    The address of the ‘Mdm::Host` to link this Origin to

  • :port (Fixnum)

    The port number of the ‘Mdm::Service` to link this Origin to

  • :service_name (String)

    The service name to use for the ‘Mdm::Service`

  • :protocol (String)

    The protocol type of the ‘Mdm::Service` to link this Origin to

  • :module_fullname (String)

    The fullname of the Metasploit Module to link this Origin to

  • :workspace_id (Fixnum)

    The ID of the ‘Mdm::Workspace` to use for the `Mdm::Host`

  • :task_id (Fixnum)

    The ID of the ‘Mdm::Task` to link this Origin and Core to

  • :filename (String)

    The filename of the file that was imported

  • :user_id (Fixnum)

    The ID of the ‘Mdm::User` to link this Origin to

  • :session_id (Fixnum)

    The ID of the ‘Mdm::Session` to link this Origin to

  • :post_reference_name (String)

    The reference name of the Metasploit Post module to link the origin to

  • :private_data (String)

    The actual data for the private (e.g. password, hash, key etc)

  • :private_type (Symbol)

    The type of Private to create

  • :access_level (String)

    The access level to assign to this login if we know it

  • :status (String)

    The status for the Login object

Returns:

Raises:

  • (KeyError)

    if a required option is missing

  • (ArgumentError)

    if an invalid :private_type is specified

  • (ArgumentError)

    if an invalid :origin_type is specified



230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
 
# File 'lib/metasploit/credential/creation.rb', line 230

def (opts={})
  return nil unless active_db?

  if self.respond_to?(:[]) and self[:task]
    opts[:task_id] ||= self[:task].record.id
  end

  core               = opts.fetch(:core, create_credential(opts))
  access_level       = opts.fetch(:access_level, nil)
  last_attempted_at  = opts.fetch(:last_attempted_at, nil)
  status             = opts.fetch(:status, Metasploit::Model::Login::Status::UNTRIED)

   = nil
  retry_transaction do
    service_object = create_credential_service(opts)
    return nil if service_object.nil?
     = Metasploit::Credential::Login.where(core_id: core.id, service_id: service_object.id).first_or_initialize

    if opts[:task_id]
      .tasks << Mdm::Task.find(opts[:task_id])
    end

    .access_level      = access_level if access_level
    .last_attempted_at = last_attempted_at if last_attempted_at
    if status == Metasploit::Model::Login::Status::UNTRIED
      if .last_attempted_at.nil?
        .status = status
      end
    else
      .status = status
    end
    .save!
  end

  
end

#create_credential_core(opts = {}) ⇒ NilClass, Metasploit::Credential::Core

This method is responsible for creating Metasploit::Credential::Core objects.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

Returns:



277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
 
# File 'lib/metasploit/credential/creation.rb', line 277

def create_credential_core(opts={})
  return nil unless active_db?

  if self.respond_to?(:[]) and self[:task]
    opts[:task_id] ||= self[:task].record.id
  end

  origin       = opts.fetch(:origin)
  workspace_id = opts.fetch(:workspace_id)

  private_id   = opts[:private].try(:id)
  public_id    = opts[:public].try(:id)
  realm_id     = opts[:realm].try(:id)

  core = nil
  retry_transaction do
    # When the origin is a CrackedPassword, look up by origin first
    # so that each originating hash gets its own cracked Core.
    # Without this, two different hashes that crack to the same
    # password (and share public/realm/workspace) resolve to a
    # single Core and only the first origin link is recorded.
    if origin.is_a?(Metasploit::Credential::Origin::CrackedPassword)
      core = Metasploit::Credential::Core.find_by(
        origin_type: origin.class.to_s,
        origin_id: origin.id
      )
    end

    core ||= Metasploit::Credential::Core.where(private_id: private_id, public_id: public_id, realm_id: realm_id, workspace_id: workspace_id).first_or_initialize

    if core.origin_id.nil?
      core.origin = origin
    end
    if opts[:task_id]
      core.tasks << Mdm::Task.find(opts[:task_id])
    end
    core.save!
  end

  core
end

#create_credential_login(opts = {}) ⇒ NilClass, Metasploit::Credential::Login

This method is responsible for creating a Login object which ties a Metasploit::Credential::Core to the ‘Mdm::Service` it is a valid credential for.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :access_level (String)

    The access level to assign to this login if we know it

  • :address (String)

    The address of the ‘Mdm::Host` to link this Login to

  • :last_attempted_at (DateTime)

    The last time this Login was attempted

  • :core (Metasploit::Credential::Core)

    The Metasploit::Credential::Core to link this login to

  • :port (Fixnum)

    The port number of the ‘Mdm::Service` to link this Login to

  • :service_id (String)

    The ID of an ‘Mdm::Service` to link this login to

  • :service_name (String)

    The service name to use for the ‘Mdm::Service`

  • :status (String)

    The status for the Login object

  • :protocol (String)

    The protocol type of the ‘Mdm::Service` to link this Login to

  • :workspace_id (Fixnum)

    The ID of the ‘Mdm::Workspace` to use for the `Mdm::Host`

  • :task_id (Fixnum)

    The ID of the ‘Mdm::Task` to link this Login to

Returns:

Raises:

  • (KeyError)

    if a required option is missing



337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
 
# File 'lib/metasploit/credential/creation.rb', line 337

def (opts={})
  return nil unless active_db?

  if self.respond_to?(:[]) and self[:task]
    opts[:task_id] ||= self[:task].record.id
  end

  core               = opts.fetch(:core)
  access_level       = opts.fetch(:access_level, nil)
  last_attempted_at  = opts.fetch(:last_attempted_at, nil)
  status             = opts.fetch(:status, Metasploit::Model::Login::Status::UNTRIED)

   = nil
  retry_transaction do
    service_object = Mdm::Service.where(id: opts[:service_id]).first if opts[:service_id]
    service_object = create_credential_service(opts) if service_object.nil?
    return nil if service_object.nil?
     = Metasploit::Credential::Login.where(core_id: core.id, service_id: service_object.id).first_or_initialize

    if opts[:task_id]
      .tasks << Mdm::Task.find(opts[:task_id])
    end

    .access_level      = access_level if access_level
    .last_attempted_at = last_attempted_at if last_attempted_at
    if status == Metasploit::Model::Login::Status::UNTRIED
      if .last_attempted_at.nil?
        .status = status
      end
    else
      .status = status
    end
    .save!
  end

  
end

#create_credential_origin(opts = {}) ⇒ NilClass, ...

This method is responsible for creating the various Credential::Origin objects. It takes a key for the Origin type and delegates to the correct sub-method.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :origin_type (Symbol)

    The Origin type we are trying to create

  • :address (String)

    The address of the ‘Mdm::Host` to link this Origin to

  • :port (Fixnum)

    The port number of the ‘Mdm::Service` to link this Origin to

  • :service_name (String)

    The service name to use for the ‘Mdm::Service`

  • :protocol (String)

    The protocol type of the ‘Mdm::Service` to link this Origin to

  • :module_fullname (String)

    The fullname of the Metasploit Module to link this Origin to

  • :workspace_id (Fixnum)

    The ID of the ‘Mdm::Workspace` to use for the `Mdm::Host`

  • :task_id (Fixnum)

    The ID of the ‘Mdm::Task` to link this Origin to

  • :filename (String)

    The filename of the file that was imported

  • :user_id (Fixnum)

    The ID of the ‘Mdm::User` to link this Origin to

  • :session_id (Fixnum)

    The ID of the ‘Mdm::Session` to link this Origin to

  • :post_reference_name (String)

    The reference name of the Metasploit Post module to link the origin to

Returns:

Raises:

  • (ArgumentError)

    if an invalid origin_type was provided

  • (KeyError)

    if a required option is missing



397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
 
# File 'lib/metasploit/credential/creation.rb', line 397

def create_credential_origin(opts={})
  return nil unless active_db?
  case opts[:origin_type]
  when :cracked_password
    create_credential_origin_cracked_password(opts)
  when :import
    create_credential_origin_import(opts)
  when :manual
    create_credential_origin_manual(opts)
  when :service
    create_credential_origin_service(opts)
  when :session
    create_credential_origin_session(opts)
  else
    raise ArgumentError, "Unknown Origin Type #{opts[:origin_type]}"
  end
end

#create_credential_origin_cracked_password(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::CrackedPassword

This method is responsible for creating Origin::CrackedPassword objects. These are the origins that show that a password Credential was obtained by cracking a hash Credential that previously existed in the database.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :originating_core_id (Fixnum)

    The ID of the originating Credential core.

Returns:



422
423
424
425
426
427
428
429
 
# File 'lib/metasploit/credential/creation.rb', line 422

def create_credential_origin_cracked_password(opts={})
  return nil unless active_db?
  originating_core_id = opts.fetch(:originating_core_id)

  retry_transaction do
    Metasploit::Credential::Origin::CrackedPassword.where(metasploit_credential_core_id: originating_core_id ).first_or_create!
  end
end

#create_credential_origin_import(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::Manual

This method is responsible for creating Origin::Import objects.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :filename (String)

    The filename of the file that was imported

Returns:

Raises:

  • (KeyError)

    if a required option is missing



437
438
439
440
441
442
443
444
 
# File 'lib/metasploit/credential/creation.rb', line 437

def create_credential_origin_import(opts={})
  return nil unless active_db?
  filename = opts.fetch(:filename)

  retry_transaction do
    Metasploit::Credential::Origin::Import.where(filename: filename).first_or_create!
  end
end

#create_credential_origin_manual(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::Manual

This method is responsible for creating Origin::Manual objects.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :user_id (Fixnum)

    The ID of the ‘Mdm::User` to link this Origin to

Returns:

Raises:

  • (KeyError)

    if a required option is missing



452
453
454
455
456
457
458
459
 
# File 'lib/metasploit/credential/creation.rb', line 452

def create_credential_origin_manual(opts={})
  return nil unless active_db?
  user_id = opts.fetch(:user_id)

  retry_transaction do
    Metasploit::Credential::Origin::Manual.where(user_id: user_id).first_or_create!
  end
end

#create_credential_origin_service(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::Service

This method is responsible for creating Origin::Service objects. If there is not a matching ‘Mdm::Host` it will create it. If there is not a matching `Mdm::Service` it will create that too.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :service (Mdm::Service)

    The service to use instead of creating one

  • :service_id (Fixnum)

    The ID of the ‘Mdm::Service` to link this Origin to

  • :address (String)

    The address of the ‘Mdm::Host` to link this Origin to

  • :port (Fixnum)

    The port number of the ‘Mdm::Service` to link this Origin to

  • :service_name (String)

    The service name to use for the ‘Mdm::Service`

  • :protocol (String)

    The protocol type of the ‘Mdm::Service` to link this Origin to

  • :module_fullname (String)

    The fullname of the Metasploit Module to link this Origin to

Returns:

Raises:

  • (KeyError)

    if a required option is missing



475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
 
# File 'lib/metasploit/credential/creation.rb', line 475

def create_credential_origin_service(opts={})
  return nil unless active_db?

  module_fullname  = opts.fetch(:module_fullname)
  if (service_id = opts[:service_id] || opts[:service].try(:id))
    service_object = Mdm::Service.where(id: service_id).first
  else
    service_object = create_credential_service(opts)
  end
  return nil if service_object.nil?

  retry_transaction do
    Metasploit::Credential::Origin::Service.where(service_id: service_object.id, module_full_name: module_fullname).first_or_create!
  end
end

#create_credential_origin_session(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::Session

This method is responsible for creating Origin::Session objects.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :session_id (Fixnum)

    The ID of the ‘Mdm::Session` to link this Origin to

  • :post_reference_name (String)

    The reference name of the Metasploit Post module to link the origin to

Returns:

Raises:

  • (KeyError)

    if a required option is missing



498
499
500
501
502
503
504
505
506
 
# File 'lib/metasploit/credential/creation.rb', line 498

def create_credential_origin_session(opts={})
  return nil unless active_db?
  session_id           = opts.fetch(:session_id)
  post_reference_name  = opts.fetch(:post_reference_name)

  retry_transaction do
    Metasploit::Credential::Origin::Session.where(session_id: session_id, post_reference_name: post_reference_name).first_or_create!
  end
end

#create_credential_private(opts = {}) ⇒ NilClass, ...

This method is responsible for the creation of Private objects. It will create the correct subclass based on the type.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :jtr_format (String)

    The format for John the ripper to use to try and crack this

  • :private_data (String)

    The actual data for the private (e.g. password, hash, key etc)

  • :private_type (Symbol)

    The type of Private to create

Returns:

Raises:

  • (ArgumentError)

    if a valid type is not supplied

  • (KeyError)

    if a required option is missing



522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
 
# File 'lib/metasploit/credential/creation.rb', line 522

def create_credential_private(opts={})
  return nil unless active_db?
  private_data = opts.fetch(:private_data)
  private_type = opts.fetch(:private_type)

  private_object = nil

  retry_transaction do
    if private_data.blank?
      private_object = Metasploit::Credential::BlankPassword.where(data:'').first_or_create
    else
      case private_type
      when :password
        private_object = Metasploit::Credential::Password.where(data: private_data).first_or_create
      when :ssh_key
        private_object = Metasploit::Credential::SSHKey.where(data: private_data).first_or_create
      when :pkcs12
        private_object = Metasploit::Credential::Pkcs12.where(data: private_data, metadata: opts.fetch(:private_metadata, {})).first_or_create
      when :krb_enc_key
        private_object = Metasploit::Credential::KrbEncKey.where(data: private_data).first_or_create
      when :ntlm_hash
        private_object = Metasploit::Credential::NTLMHash.where(data: private_data).first_or_create
        private_object.jtr_format = 'nt,lm'
      when :postgres_md5
        private_object = Metasploit::Credential::PostgresMD5.where(data: private_data).first_or_create
        private_object.jtr_format = 'raw-md5,postgres'
      when :nonreplayable_hash
        private_object = Metasploit::Credential::NonreplayableHash.where(data: private_data).first_or_create
        if opts[:jtr_format].present?
          private_object.jtr_format = opts[:jtr_format]
        end
      else
        raise ArgumentError, "Invalid Private type: #{private_type}"
      end
    end
    private_object.save!
  end
  private_object
end

#create_credential_public(opts = {}) ⇒ NilClass, Metasploit::Credential::Public

This method is responsible for the creation of Public objects.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :username (String)

    The username to use for the Public

Returns:

Raises:

  • (KeyError)

    if a required option is missing



568
569
570
571
572
573
574
575
576
577
578
579
 
# File 'lib/metasploit/credential/creation.rb', line 568

def create_credential_public(opts={})
  return nil unless active_db?
  username = opts.fetch(:username)

  retry_transaction do
    if username.blank?
      Metasploit::Credential::BlankUsername.where(username:'').first_or_create!
    else
      Metasploit::Credential::Username.where(username: username).first_or_create!
    end
  end
end

#create_credential_realm(opts = {}) ⇒ NilClass, Metasploit::Credential::Realm

This method is responsible for creating the Realm objects that may be required.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :realm_key (String)

    The type of Realm this is (e.g. ‘Active Directory Domain’)

  • :realm_value (String)

    The actual Realm name (e.g. contosso)

Returns:

Raises:

  • (KeyError)

    if a required option is missing



589
590
591
592
593
594
595
596
597
 
# File 'lib/metasploit/credential/creation.rb', line 589

def create_credential_realm(opts={})
  return nil unless active_db?
  realm_key   = opts.fetch(:realm_key)
  realm_value = opts.fetch(:realm_value)

  retry_transaction do
    Metasploit::Credential::Realm.where(key: realm_key, value: realm_value).first_or_create!
  end
end

#create_credential_service(opts = {}) ⇒ NilClass, Mdm::Service

This method is responsible for creating a barebones ‘Mdm::Service` object for use by Credential object creation.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :address (String)

    The address of the ‘Mdm::Host`

  • :port (Fixnum)

    The port number of the ‘Mdm::Service`

  • :service_name (String)

    The service name to use for the ‘Mdm::Service`

  • :protocol (String)

    The protocol type of the ‘Mdm::Service“

  • :workspace_id (Fixnum)

    The ID of the ‘Mdm::Workspace` to use for the `Mdm::Host`

Returns:

  • (NilClass)

    if there is no connected database

  • (Mdm::Service)

Raises:

  • (KeyError)

    if a required option is missing



612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
 
# File 'lib/metasploit/credential/creation.rb', line 612

def create_credential_service(opts={})
  return nil unless active_db?
  address          = opts.fetch(:address)
  return nil unless Rex::Socket.is_ipv4?(address) || Rex::Socket.is_ipv6?(address)
  port             = opts.fetch(:port)
  service_name     = opts.fetch(:service_name)
  protocol         = opts.fetch(:protocol)
  workspace_id     = opts.fetch(:workspace_id)

  host_object    = Mdm::Host.where(address: address, workspace_id: workspace_id).first_or_create
  service_object = Mdm::Service.where(host_id: host_object.id, port: port, proto: protocol, name: service_name).first_or_initialize

  service_object.state = "open"
  service_object.save!

  service_object
end

#invalidate_login(opts = {}) ⇒ void

This method returns an undefined value.

This method checks to see if a Login exists for a given set of details. If it does exists, we then appropriately set the status to one of our failure statuses.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :address (String)

    The address of the host we attempted

  • :port (Fixnum)

    the port of the service we attempted

  • :protocol (String)

    the transport protocol of the service we attempted

  • :public (String)

    A string representation of the public we tried

  • :private (String)

    A string representation of the private we tried

  • :status (Symbol)

    The status symbol from the Framework::LoginScanner::Result

Raises:

  • (KeyError)

    if any of the above options are missing



642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
 
# File 'lib/metasploit/credential/creation.rb', line 642

def (opts = {})
  return nil unless active_db?
  address     = opts.fetch(:address)
  return nil unless Rex::Socket.is_ipv4?(address) || Rex::Socket.is_ipv6?(address)
  port        = opts.fetch(:port)
  protocol    = opts.fetch(:protocol)
  public      = opts.fetch(:username, nil)
  private     = opts.fetch(:private_data, nil)
  realm_key   = opts.fetch(:realm_key, nil)
  realm_value = opts.fetch(:realm_value, nil)
  status      = opts.fetch(:status)


  pub_obj = Metasploit::Credential::Public.where(username: public).first.try(:id)
  priv_obj = Metasploit::Credential::Private.where(data: private).first.try(:id)
  realm_obj = Metasploit::Credential::Realm.where(key: realm_key, value: realm_value).first.try(:id)

  core = Metasploit::Credential::Core.where(public_id: pub_obj, private_id: priv_obj, realm_id: realm_obj).first

  # Do nothing else if we have no matching core. Otherwise look for a Login.
  if core.present?
     = core.logins.joins(service: :host).where(services: { port: port, proto: protocol } ).where( hosts: {address: address}).readonly(false).first

    if .present?
      .status = status
      .last_attempted_at = DateTime.now
      .save!
    end

  end

end