Merge pull request #1 from rapid7/master

Update from original

Author: Pedro Ribeiro

Gemfile

@@ -7,7 +7,7 @@ group :db do
   # Needed for Msf::DbManager
   gem 'activerecord', '>= 3.0.0', '< 4.0.0'
   # Metasploit::Credential database models
-  gem 'metasploit-credential', '>= 0.8.6', '< 0.9'
+  gem 'metasploit-credential', '>= 0.9.0'
   # Database models shared between framework and Pro.
   gem 'metasploit_data_models', '~> 0.19'
   # Needed for module caching in Mdm::ModuleDetails

Gemfile.lock

@@ -7,7 +7,7 @@ PATH
       bcrypt
       json
       metasploit-model (~> 0.26.1)
-      meterpreter_bins (= 0.0.6)
+      meterpreter_bins (= 0.0.7)
       msgpack
       nokogiri
       packetfu (= 1.1.9)
@@ -62,7 +62,7 @@ GEM
     json (1.8.1)
     metasploit-concern (0.1.1)
       activesupport (~> 3.0, >= 3.0.0)
-    metasploit-credential (0.8.6)
+    metasploit-credential (0.9.0)
       metasploit-concern (~> 0.1.0)
       metasploit-model (~> 0.26.1)
       metasploit_data_models (~> 0.19.4)
@@ -78,7 +78,7 @@ GEM
       metasploit-concern (~> 0.1.0)
       metasploit-model (~> 0.26.1)
       pg
-    meterpreter_bins (0.0.6)
+    meterpreter_bins (0.0.7)
     method_source (0.8.2)
     mini_portile (0.6.0)
     msgpack (0.5.8)
@@ -160,7 +160,7 @@ DEPENDENCIES
   factory_girl (>= 4.1.0)
   factory_girl_rails
   fivemat (= 1.2.1)
-  metasploit-credential (>= 0.8.6, < 0.9)
+  metasploit-credential (>= 0.9.0)
   metasploit-framework!
   metasploit_data_models (~> 0.19)
   network_interface (~> 0.0.1)

lib/metasploit/framework/credential.rb

@@ -91,6 +91,20 @@ def to_credential
         self        
       end
 
+      # This method takes all of the attributes of the {Credential} and spits
+      # them out in a hash compatible with the create_credential calls.
+      #
+      # @return [Hash] a hash compatible with #create_credential
+      def to_h
+        {
+            private_data: private,
+            private_type: private_type,
+            username: public,
+            realm_key: realm_key,
+            realm_value: realm
+        }
+      end
+
       private
 
       def at_realm

lib/metasploit/framework/credential_collection.rb

@@ -86,18 +86,18 @@ def each
 
     if username.present?
       if password.present?
-        yield Metasploit::Framework::Credential.new(public: username, private: password, realm: realm)
+        yield Metasploit::Framework::Credential.new(public: username, private: password, realm: realm, private_type: private_type(password))
       end
       if user_as_pass
-        yield Metasploit::Framework::Credential.new(public: username, private: username, realm: realm)
+        yield Metasploit::Framework::Credential.new(public: username, private: username, realm: realm, private_type: :password)
       end
       if blank_passwords
-        yield Metasploit::Framework::Credential.new(public: username, private: "", realm: realm)
+        yield Metasploit::Framework::Credential.new(public: username, private: "", realm: realm, private_type: :password)
       end
       if pass_fd
         pass_fd.each_line do |pass_from_file|
           pass_from_file.chomp!
-          yield Metasploit::Framework::Credential.new(public: username, private: pass_from_file, realm: realm)
+          yield Metasploit::Framework::Credential.new(public: username, private: pass_from_file, realm: realm, private_type: private_type(pass_from_file))
         end
         pass_fd.seek(0)
       end
@@ -108,18 +108,18 @@ def each
         user_fd.each_line do |user_from_file|
           user_from_file.chomp!
           if password
-            yield Metasploit::Framework::Credential.new(public: user_from_file, private: password, realm: realm)
+            yield Metasploit::Framework::Credential.new(public: user_from_file, private: password, realm: realm, private_type: private_type(password) )
           end
           if user_as_pass
-            yield Metasploit::Framework::Credential.new(public: user_from_file, private: user_from_file, realm: realm)
+            yield Metasploit::Framework::Credential.new(public: user_from_file, private: user_from_file, realm: realm, private_type: :password)
           end
           if blank_passwords
-            yield Metasploit::Framework::Credential.new(public: user_from_file, private: "", realm: realm)
+            yield Metasploit::Framework::Credential.new(public: user_from_file, private: "", realm: realm, private_type: :password)
           end
           if pass_fd
             pass_fd.each_line do |pass_from_file|
               pass_from_file.chomp!
-              yield Metasploit::Framework::Credential.new(public: user_from_file, private: pass_from_file, realm: realm)
+              yield Metasploit::Framework::Credential.new(public: user_from_file, private: pass_from_file, realm: realm, private_type: private_type(pass_from_file))
             end
             pass_fd.seek(0)
           end
@@ -145,4 +145,14 @@ def each
     pass_fd.close if pass_fd && !pass_fd.closed?
   end
 
+  private
+
+  def private_type(private)
+    if private =~ /[0-9a-f]{32}:[0-9a-f]{32}/
+      :ntlm_hash
+    else
+      :password
+    end
+  end
+
 end

lib/metasploit/framework/login_scanner/afp.rb

@@ -35,7 +35,12 @@ def attempt_login(credential)
             status = (success == true) ? Metasploit::Model::Login::Status::SUCCESSFUL : Metasploit::Model::Login::Status::INCORRECT
           end
 
-          Result.new(credential: credential, status: status)
+          result = Result.new(credential: credential, status: status)
+          result.host         = host
+          result.port         = port
+          result.protocol     = 'tcp'
+          result.service_name = 'afp'
+          result
         end
 
         def set_sane_defaults

lib/metasploit/framework/login_scanner/axis2.rb

@@ -21,8 +21,17 @@ def attempt_login(credential)
           )
 
           result_opts = {
-              credential: credential
+              credential: credential,
+              host: host,
+              port: port,
+              protocol: 'tcp'
           }
+          if ssl
+            result_opts[:service_name] = 'https'
+          else
+            result_opts[:service_name] = 'http'
+          end
+
           begin
             http_client.connect
             body = "userName=#{Rex::Text.uri_encode(credential.public)}&password=#{Rex::Text.uri_encode(credential.private)}&submit=+Login+"

lib/metasploit/framework/login_scanner/db2.rb

@@ -46,7 +46,12 @@ def attempt_login(credential)
             })
           end
 
-          ::Metasploit::Framework::LoginScanner::Result.new(result_options)
+          result = ::Metasploit::Framework::LoginScanner::Result.new(result_options)
+          result.host         = host
+          result.port         = port
+          result.protocol     = 'tcp'
+          result.service_name = 'db2'
+          result
         end
 
         private

lib/metasploit/framework/login_scanner/ftp.rb

@@ -53,8 +53,12 @@ def attempt_login(credential)
             result_options[:status] = Metasploit::Model::Login::Status::INCORRECT
           end
 
-          ::Metasploit::Framework::LoginScanner::Result.new(result_options)
-
+          result = ::Metasploit::Framework::LoginScanner::Result.new(result_options)
+          result.host         = host
+          result.port         = port
+          result.protocol     = 'tcp'
+          result.service_name = 'ftp'
+          result
         end
 
         private

lib/metasploit/framework/login_scanner/http.rb

@@ -46,9 +46,18 @@ def attempt_login(credential)
           result_opts = {
             credential: credential,
             status: Metasploit::Model::Login::Status::INCORRECT,
-            proof: nil
+            proof: nil,
+            host: host,
+            port: port,
+            protocol: 'tcp'
           }
 
+          if ssl
+            result_opts[:service_name] = 'https'
+          else
+            result_opts[:service_name] = 'http'
+          end
+
           http_client = Rex::Proto::Http::Client.new(
             host, port, {}, ssl, ssl_version,
             nil, credential.public, credential.private

lib/metasploit/framework/login_scanner/mssql.rb

@@ -34,7 +34,11 @@ class MSSQL
 
         def attempt_login(credential)
           result_options = {
-              credential: credential
+              credential: credential,
+              host: host,
+              port: port,
+              protocol: 'tcp',
+              service_name: 'mssql'
           }
 
           begin

lib/metasploit/framework/login_scanner/mysql.rb

@@ -23,7 +23,11 @@ class MySQL
 
         def attempt_login(credential)
           result_options = {
-              credential: credential
+              credential: credential,
+              host: host,
+              port: port,
+              protocol: 'tcp',
+              service_name: 'mysql'
           }
 
           # manage our behind the scenes socket. Close any existing one and open a new one

lib/metasploit/framework/login_scanner/pop3.rb

@@ -26,7 +26,11 @@ class POP3
         def attempt_login(credential)
           result_options = {
             credential: credential,
-            status: Metasploit::Model::Login::Status::INCORRECT
+            status: Metasploit::Model::Login::Status::INCORRECT,
+            host: host,
+            port: port,
+            protocol: 'tcp',
+            service_name: 'pop3'
           }
 
           disconnect if self.sock

lib/metasploit/framework/login_scanner/postgres.rb

@@ -23,7 +23,11 @@ class Postgres
         # @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object
         def attempt_login(credential)
           result_options = {
-              credential: credential
+              credential: credential,
+              host: host,
+              port: port,
+              protocol: 'tcp',
+              service_name: 'postgres'
           }
 
           db_name = credential.realm || 'template1'

lib/metasploit/framework/login_scanner/result.rb

@@ -8,43 +8,70 @@ module LoginScanner
       class Result
         include ActiveModel::Validations
 
-        # @!attribute [r] access_level
+        # @!attribute access_level
         #   @return [String] the access level gained
-        attr_reader :access_level
-        # @!attribute [r] credential
+        attr_accessor :access_level
+        # @!attribute credential
         #   @return [Credential] the Credential object the result is for
-        attr_reader :credential
-        # @!attribute [r] proof
-        #   @return [String,nil] the proof that the lgoin was successful
-        attr_reader :proof
-        # @!attribute [r] status
+        attr_accessor :credential
+        # @!attribute host
+        #   @return [String] the addess of the target host for this result
+        attr_accessor :host
+        # @!attribute port
+        #   @return [Fixnum] the port number of the service for this result
+        attr_accessor :port
+        # @!attribute proof
+        #   @return [String,nil] the proof that the login was successful
+        attr_accessor :proof
+        # @!attribute protocol
+        #   @return [String] the transport protocol used for this result (tcp/udp)
+        attr_accessor :protocol
+        # @!attribute service_name
+        #   @return [String] the name to give the service for this result
+        attr_accessor :service_name
+        # @!attribute status
         #   @return [String] the status of the attempt. Should be a member of `Metasploit::Model::Login::Status::ALL`
-        attr_reader :status
+        attr_accessor :status
 
         validates :status,
           inclusion: {
               in: Metasploit::Model::Login::Status::ALL
           }
 
-        # @param [Hash] opts The options hash for the initializer
-        # @option opts [String] :private The private credential component
-        # @option opts [String] :proof The proof that the login was successful
-        # @option opts [String] :public The public credential component
-        # @option opts [String] :realm The realm credential component
-        # @option opts [String] :status The status code returned
-        def initialize(opts= {})
-          @access_level = opts.fetch(:access_level, nil)
-          @credential   = opts.fetch(:credential)
-          @proof        = opts.fetch(:proof, nil)
-          @status       = opts.fetch(:status)
+        # @param attributes [Hash{Symbol => String,nil}]
+        def initialize(attributes={})
+          attributes.each do |attribute, value|
+            public_send("#{attribute}=", value)
+          end
+        end
+
+        def inspect
+          "#<#{self.class} #{credential.public}:#{credential.private}@#{credential.realm} #{status} >"
         end
 
         def success?
           status == Metasploit::Model::Login::Status::SUCCESSFUL
         end
 
-        def inspect
-          "#<#{self.class} #{credential.public}:#{credential.private}@#{credential.realm} #{status} >"
+        # This method takes all the data inside the Result object
+        # and spits out a hash compatible with #create_credential
+        # and #create_credential_login.
+        #
+        # @return [Hash] the hash to use with #create_credential and #create_credential_login
+        def to_h
+          result_hash = credential.to_h
+          result_hash.merge!(
+              access_level: access_level,
+              address: host,
+              last_attempted_at: DateTime.now,
+              origin_type: :service,
+              port: port,
+              proof: proof,
+              protocol: protocol,
+              service_name: service_name,
+              status: status
+          )
+          result_hash.delete_if { |k,v| v.nil? }
         end
 
       end

lib/metasploit/framework/login_scanner/smb.rb

@@ -212,7 +212,12 @@ def attempt_login(credential)
             access_level ||= AccessLevels::GUEST
           end
 
-          Result.new(credential: credential, status: status, proof: proof, access_level: access_level)
+          result = Result.new(credential: credential, status: status, proof: proof, access_level: access_level)
+          result.host         = host
+          result.port         = port
+          result.protocol     = 'tcp'
+          result.service_name = 'smb'
+          result
         end
 
         def connect

lib/metasploit/framework/login_scanner/snmp.rb

@@ -22,7 +22,11 @@ class SNMP
         # @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object
         def attempt_login(credential)
           result_options = {
-              credential: credential
+              credential: credential,
+              host: host,
+              port: port,
+              protocol: 'udp',
+              service_name: 'snmp'
           }
 
           [:SNMPv1, :SNMPv2c].each do |version|

lib/metasploit/framework/login_scanner/ssh.rb

@@ -93,7 +93,12 @@ def attempt_login(credential)
             end
           end
 
-          ::Metasploit::Framework::LoginScanner::Result.new(result_options)
+          result = ::Metasploit::Framework::LoginScanner::Result.new(result_options)
+          result.host         = host
+          result.port         = port
+          result.protocol     = 'tcp'
+          result.service_name = 'ssh'
+          result
         end
 
         private