Report CA, ADCS Template and Password along with Pkcs12 in the database

.github/workflows/command_shell_acceptance.yml

@@ -127,6 +127,7 @@ jobs:
           path: metasploit-framework
 
       - name: Setup Ruby
+        run: git config --system core.longpaths true
         env:
           BUNDLE_FORCE_RUBY_PLATFORM: true
         uses: ruby/setup-ruby@v1

.github/workflows/shared_meterpreter_acceptance.yml

@@ -190,6 +190,7 @@ jobs:
           ref: ${{ inputs.metasploit_framework_commit }}
 
       - name: Setup Ruby
+        run: git config --system core.longpaths true
         env:
           BUNDLE_FORCE_RUBY_PLATFORM: true
           # Required for macos13 pg gem compilation

Gemfile

@@ -3,6 +3,10 @@ source 'https://rubygems.org'
 #   spec.add_runtime_dependency '<name>', [<version requirements>]
 gemspec name: 'metasploit-framework'
 
+gem 'metasploit-credential', git: 'https://github.com/cdelafuente-r7/metasploit-credential', branch: 'enh/MS-9710/add_pkcs12_metadata'
+gem 'metasploit-model', git: 'https://github.com/cdelafuente-r7/metasploit-model', branch: 'feat/model/search/operation/jsonb'
+gem 'metasploit_data_models',  git: 'https://github.com/cdelafuente-r7/metasploit_data_models', branch: 'enh/visitor/jsonb'
+
 # separate from test as simplecov is not run on travis-ci
 group :coverage do
   # code coverage for tests

Gemfile.lock

@@ -1,3 +1,45 @@
+GIT
+  remote: https://github.com/cdelafuente-r7/metasploit-credential
+  revision: 6c8554df2feab43489ca86eada790970e9749fb3
+  branch: enh/MS-9710/add_pkcs12_metadata
+  specs:
+    metasploit-credential (6.0.12)
+      metasploit-concern
+      metasploit-model
+      metasploit_data_models (>= 5.0.0)
+      net-ssh
+      pg
+      railties
+      rex-socket
+      rubyntlm
+      rubyzip
+
+GIT
+  remote: https://github.com/cdelafuente-r7/metasploit-model
+  revision: 925a11f61f02123f29e32bb196b374390d36beb6
+  branch: feat/model/search/operation/jsonb
+  specs:
+    metasploit-model (5.0.3)
+      activemodel (~> 7.0)
+      activesupport (~> 7.0)
+      railties (~> 7.0)
+
+GIT
+  remote: https://github.com/cdelafuente-r7/metasploit_data_models
+  revision: 34fc27d3059c919eac98cf2a8061c31146189a26
+  branch: enh/visitor/jsonb
+  specs:
+    metasploit_data_models (6.0.6)
+      activerecord (~> 7.0)
+      activesupport (~> 7.0)
+      arel-helpers
+      metasploit-concern
+      metasploit-model (>= 3.1)
+      pg
+      railties (~> 7.0)
+      recog
+      webrick
+
 PATH
   remote: .
   specs:
@@ -292,31 +334,7 @@ GEM
       activesupport (~> 7.0)
       railties (~> 7.0)
       zeitwerk
-    metasploit-credential (6.0.11)
-      metasploit-concern
-      metasploit-model
-      metasploit_data_models (>= 5.0.0)
-      net-ssh
-      pg
-      railties
-      rex-socket
-      rubyntlm
-      rubyzip
-    metasploit-model (5.0.2)
-      activemodel (~> 7.0)
-      activesupport (~> 7.0)
-      railties (~> 7.0)
     metasploit-payloads (2.0.189)
-    metasploit_data_models (6.0.5)
-      activerecord (~> 7.0)
-      activesupport (~> 7.0)
-      arel-helpers
-      metasploit-concern
-      metasploit-model (>= 3.1)
-      pg
-      railties (~> 7.0)
-      recog
-      webrick
     metasploit_payloads-mettle (1.0.35)
     method_source (1.1.0)
     mime-types (3.6.0)
@@ -589,7 +607,10 @@ DEPENDENCIES
   factory_bot_rails
   fivemat
   memory_profiler
+  metasploit-credential!
   metasploit-framework!
+  metasploit-model!
+  metasploit_data_models!
   octokit
   pry-byebug
   rake

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2022_12_09_005658) do
+ActiveRecord::Schema[7.0].define(version: 2025_02_04_172657) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
@@ -314,6 +314,7 @@
     t.datetime "created_at", precision: nil, null: false
     t.datetime "updated_at", precision: nil, null: false
     t.string "jtr_format"
+    t.jsonb "metadata", default: {}, null: false
     t.index "type, decode(md5(data), 'hex'::text)", name: "index_metasploit_credential_privates_on_type_and_data_pkcs12", unique: true, where: "((type)::text = 'Metasploit::Credential::Pkcs12'::text)"
     t.index "type, decode(md5(data), 'hex'::text)", name: "index_metasploit_credential_privates_on_type_and_data_sshkey", unique: true, where: "((type)::text = 'Metasploit::Credential::SSHKey'::text)"
     t.index ["type", "data"], name: "index_metasploit_credential_privates_on_type_and_data", unique: true, where: "(NOT (((type)::text = 'Metasploit::Credential::SSHKey'::text) OR ((type)::text = 'Metasploit::Credential::Pkcs12'::text)))"

lib/msf/core/exploit/remote/ms_icpr.rb

@@ -239,8 +239,8 @@ def do_request_cert(icpr, opts)
       workspace_id: myworkspace_id,
       username: upn || datastore['SMBUser'],
       private_type: :pkcs12,
-      # pkcs12 is a binary format, but for persisting we Base64 encode it
       private_data: Base64.strict_encode64(pkcs12.to_der),
+      private_metadata: { adcs_ca: datastore['CA'], adcs_template: cert_template },
       origin_type: :service,
       module_fullname: fullname
     }

lib/msf/ui/console/command_dispatcher/creds.rb

@@ -100,16 +100,19 @@ def cmd_creds_help
     print_line "Usage - Adding credentials:"
     print_line "  creds add uses the following named parameters."
     {
-      user:         'Public, usually a username',
-      password:     'Private, private_type Password.',
-      ntlm:         'Private, private_type NTLM Hash.',
-      postgres:     'Private, private_type postgres MD5',
-      pkcs12:       'Private, private_type pkcs12 archive file, must be a file path.',
-      'ssh-key' =>  'Private, private_type SSH key, must be a file path.',
-      hash:         'Private, private_type Nonreplayable hash',
-      jtr:          'Private, private_type John the Ripper hash type.',
-      realm:        'Realm, ',
-      'realm-type'=>"Realm, realm_type (#{Metasploit::Model::Realm::Key::SHORT_NAMES.keys.join(' ')}), defaults to domain."
+      user:                'Public, usually a username',
+      password:            'Private, private_type Password.',
+      ntlm:                'Private, private_type NTLM Hash.',
+      postgres:            'Private, private_type postgres MD5',
+      pkcs12:              'Private, private_type pkcs12 archive file, must be a file path.',
+      'ssh-key'         => 'Private, private_type SSH key, must be a file path.',
+      hash:                'Private, private_type Nonreplayable hash',
+      jtr:                 'Private, private_type John the Ripper hash type.',
+      realm:               'Realm, ',
+      'realm-type'      => "Realm, realm_type (#{Metasploit::Model::Realm::Key::SHORT_NAMES.keys.join(' ')}), defaults to domain.",
+      'adcs-ca'         => 'CA, Certificate Authority that issued the pkcs12 certificate',
+      'adcs-template'   => 'ADCS Template, template used to issue the pkcs12 certificate',
+      'pkcs12-password' => 'The password to decrypt the Pkcs12, defaults to an empty password'
     }.each_pair do |keyword, description|
       print_line "    #{keyword.to_s.ljust 10}:  #{description}"
     end
@@ -206,7 +209,7 @@ def creds_add(*args)
     end
 
     begin
-      params.assert_valid_keys('user','password','realm','realm-type','ntlm','ssh-key','hash','address','port','protocol', 'service-name', 'jtr', 'pkcs12', 'postgres')
+      params.assert_valid_keys('user','password','realm','realm-type','ntlm','ssh-key','hash','address','port','protocol', 'service-name', 'jtr', 'pkcs12', 'postgres', 'adcs-ca', 'adcs-template', 'pkcs12-password')
     rescue ArgumentError => e
       print_error(e.message)
     end
@@ -276,6 +279,10 @@ def creds_add(*args)
       end
       data[:private_type] = :pkcs12
       data[:private_data] = pkcs12_data
+      data[:private_metadata] = {}
+      data[:private_metadata][:adcs_ca] =  params['adcs-ca'] if params['adcs-ca']
+      data[:private_metadata][:adcs_template] =  params['adcs-template'] if params['adcs-template']
+      data[:private_metadata][:pkcs12_password] =  params['pkcs12-password'] if params['pkcs12-password']
     end
 
     if params.key? 'hash'
@@ -305,7 +312,7 @@ def creds_add(*args)
         framework.db.create_credential(data)
       end
     rescue ActiveRecord::RecordInvalid => e
-      print_error("Failed to add #{data['private_type']}: #{e}")
+      print_error("Failed to add #{data[:private_type]}: #{e}")
     end
   end
 
@@ -414,11 +421,13 @@ def creds_search(*args)
              when 'password'
                Metasploit::Credential::Password
              when 'hash'
-               Metasploit::Credential::PasswordHash
+               Metasploit::Credential::NonreplayableHash
              when 'ntlm'
                Metasploit::Credential::NTLMHash
              when 'KrbEncKey'.downcase
                Metasploit::Credential::KrbEncKey
+             when 'pkcs12'
+               Metasploit::Credential::Pkcs12
              when *Metasploit::Credential::NonreplayableHash::VALID_JTR_FORMATS
                opts[:jtr_format] = ptype
                Metasploit::Credential::NonreplayableHash