RubyGems - metasploit-credential - Versions diffs - 1.0.0 → 1.0.1 - Mend

metasploit-credential 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/config/locales/en.yml +1 -1
data/lib/metasploit/credential/importer/core.rb +87 -45
data/lib/metasploit/credential/importer/multi.rb +3 -3
data/lib/metasploit/credential/version.rb +1 -1
data/spec/dummy/config/database.yml +12 -7
data/spec/dummy/db/structure.sql +12 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2d101098c3d7cc3ab27a13313cb0033a34349272
-  data.tar.gz: 357e125b89d9737aef2a6597a173a90e1bd149fc
+  metadata.gz: ebc112c987170f24341030c7376260c0404fbba9
+  data.tar.gz: b60d6f5382ce35a86eaf3a5b5be0c4cff748102b
 SHA512:
-  metadata.gz: 9dc70a5df26e28577fd90e7d01e4c739b27e4377e52b5f79ad73ea105b6768c2277ba46df76797b3eb234ef8a19c71b1aedf092e171d307d1564533c5dbda6b5
-  data.tar.gz: f454884167aee38773a88c79b73ad07190f60ac75e08d9fd43c3bf30c7d579f5f4fbc1a4d8468740ba0daa42eef43e1667dea4f662a9ecb265ba4a29e4b1ab67
+  metadata.gz: 7b0f38e6cbeab4bca929efe31bd84dcebfa70009638a8fbc6ffb553eb39065f6ec81c6761315c4e4c35252023163305d58e537929baf74d9b6f178608405e439
+  data.tar.gz: 159a68c09d71add5c60a69fa7d1f8f79cbafb9e4507a8830f9fe232253ad4e388a8ace3d880a3a96377f5de3add255a99670ac65e0f30a167edad85b9041df2b

data/config/locales/en.yml CHANGED

@@ -44,7 +44,7 @@ en:
               data:
                 help: "Filters the results by private credentials that contain the specified value."
               type:
-                help: "Filters the results by private credential type. The search value must be  'Password', 'NTLM hash', 'SSH key', or 'Hash'."
+                help: "Filters the results by private credential type. The search value must be  'Password', 'NTLM hash', 'SSH key', or 'Nonreplayable hash'."
       metasploit/credential/public:
         search:
           operator:

data/lib/metasploit/credential/importer/core.rb CHANGED

@@ -82,11 +82,12 @@ class Metasploit::Credential::Importer::Core
   # Otherwise, assume that this is a short form import and process accordingly.
   # @return [void]
   def import!
-    if private_credential_type.present?
-      import_short_form
+    if csv_object.first.headers.include? 'private_type'
+      result =  import_long_form
     else
-      import_long_form
+      result =  import_short_form
     end
+    return result
   end
   # Performs an import of a "long" CSV - one that that contains realms and heterogenous private types
@@ -97,9 +98,13 @@ class Metasploit::Credential::Importer::Core
   #
   # @return [void]
   def import_long_form
+    all_creds_valid = true
     realms = Hash.new
     Metasploit::Credential::Core.transaction do
+      core_opts = []
+      rows = []
       csv_object.each do |row|
         next if row.header_row?
         next unless row['username'].present? || row['private_data'].present?
@@ -111,17 +116,6 @@ class Metasploit::Credential::Importer::Core
         private_class = row['private_type'].present? ? row['private_type'].constantize : ''
         private_data  = row['private_data'].present? ? row['private_data'] : ''
-        # Host and Service information for Logins
-        host_address      = row['host_address']
-        service_port      = row['service_port']
-        service_protocol  = row['service_protocol']
-        service_name      = row['service_name']
-        # These were not initially included in the export, so handle
-        # legacy cases:
-        access_level      = row['access_level'].present? ? row['access_level'] : ''
-        last_attempted_at = row['last_attempted_at'].present? ? row['last_attempted_at'] : ''
-        status            = row['status'].present? ? row['status'] : ''
         if realms[realm_value].nil?
           realms[realm_value]  = Metasploit::Credential::Realm.where(key: realm_key, value: realm_value).first_or_create
@@ -140,57 +134,105 @@ class Metasploit::Credential::Importer::Core
             private_object_for_row = private_class.where(data: private_data).first_or_create
           end
         end
+        all_creds_valid = all_creds_valid && public_object && private_object_for_row && (public_object.valid? && private_object_for_row.valid?)
+        core_opts << {origin:origin, workspace_id: workspace.id,
+         public: public_object,
+         private: private_object_for_row,
+         realm: realm_object_for_row}
+        rows << row
+      end
+      if all_creds_valid
+        core_opts.each_index do |index|
+          row = rows[index]
+          # Host and Service information for Logins
+          host_address      = row['host_address']
+          service_port      = row['service_port']
+          service_protocol  = row['service_protocol']
+          service_name      = row['service_name']
+          # These were not initially included in the export, so handle
+          # legacy cases:
+          access_level      = row['access_level'].present? ? row['access_level'] : ''
+          last_attempted_at = row['last_attempted_at'].present? ? row['last_attempted_at'] : ''
+          status            = row['status'].present? ? row['status'] : ''
+          if Metasploit::Credential::Core.where(core_opts[index]).blank?
+            core = create_credential_core(core_opts[index])
+          else
+            core = Metasploit::Credential::Core.where(core_opts[index])
+          end
+          if host_address.present? && service_port.present? && service_protocol.present?
+            login_opts = {
+                core: core,
+                address: host_address,
+                port: service_port,
+                protocol: service_protocol,
+                workspace_id: workspace.id,
+                service_name: service_name.present? ? service_name : ""
+            }
+            login_opts[:last_attempted_at] = last_attempted_at unless status.blank?
+            login_opts[:status]            = status unless status.blank?
+            login_opts[:access_level]      = access_level unless access_level.blank?
-        core = create_credential_core(origin:origin, workspace_id: workspace.id,
-                                                     public: public_object,
-                                                     private: private_object_for_row,
-                                                     realm: realm_object_for_row )
-        # Make Logins with attendant Host/Service information if we are doing that
-        if host_address.present? && service_port.present? && service_protocol.present?
-          login_opts = {
-            core: core,
-            address: host_address,
-            port: service_port,
-            protocol: service_protocol,
-            workspace_id: workspace.id,
-            service_name: service_name.present? ? service_name : ""
-          }
-          login_opts[:last_attempted_at] = last_attempted_at unless status.blank?
-          login_opts[:status]            = status unless status.blank?
-          login_opts[:access_level]      = access_level unless access_level.blank?
-          create_credential_login(login_opts)
+            create_credential_login(login_opts)
+          end
         end
       end
-    end
+      end
+    return all_creds_valid
   end
   # Performs an import of a "short" form of CSV - one that contains only one type of {Metasploit::Credential::Private}
   # and no {Metasploit::Credential::Realm} data
-  # @return [void]
+  # @return [Boolean]
   def import_short_form
+    core_opts = []
+    all_creds_valid = true
     Metasploit::Credential::Core.transaction do
       csv_object.each do |row|
         next if row.header_row?
-        username     = row['username']
-        private_data = row['private_data']
+        username     = row['username'].present? ? row['username'] : ''
+        private_data  = row['private_data'].present? ? row['private_data'] : ''
         public_object = create_public_from_field(username)
         if private_data.strip == BLANK_TOKEN
           private_object_for_row = Metasploit::Credential::BlankPassword.first_or_create
         else
-          private_object_for_row = private_credential_type.constantize.where(data: row['private_data']).first_or_create
+          private_object_for_row = @private_credential_type.constantize.where(data: row['private_data']).first_or_create
         end
-        create_credential_core(origin:origin, workspace_id: workspace.id,
+        # need to check private_object_for_row.valid? to raise a user facing message if any cred had invalid private
+        all_creds_valid = all_creds_valid && (public_object.valid? && private_object_for_row.valid?)
+        core_opts << {origin:origin, workspace_id: workspace.id,
                                       public: public_object,
-                                      private: private_object_for_row)
+                                      private: private_object_for_row}
       end
+      if all_creds_valid
+        core_opts.each do |item|
+          if Metasploit::Credential::Core.where(private:item[:private]).blank?
+            create_credential_core(item)
+          end
+        end
+      end
     end
+    return  all_creds_valid
   end
@@ -211,10 +253,10 @@ class Metasploit::Credential::Importer::Core
   # @param csv_headers [Array] the headers in the CSV contained in {#input}
   # @return [Boolean]
   def csv_headers_are_correct?(csv_headers)
-    if private_credential_type.present?
-      return csv_headers.map(&:to_sym) == VALID_SHORT_CSV_HEADERS
-    else
+    if csv_headers.include? 'private_type'
       return csv_headers.map(&:to_sym) == VALID_LONG_CSV_HEADERS
+    else
+      return csv_headers.map(&:to_sym) == VALID_SHORT_CSV_HEADERS
     end
   end
@@ -247,7 +289,7 @@ class Metasploit::Credential::Importer::Core
   # Returns true if the {#private_credential_type} is in {Metasploit::Credential::Importer::Base::ALLOWED_PRIVATE_TYPE_NAMES}
   # @return [void]
   def private_type_is_allowed
-    if Metasploit::Credential::Importer::Base::SHORT_FORM_ALLOWED_PRIVATE_TYPE_NAMES.include? private_credential_type
+    if Metasploit::Credential::Importer::Base::SHORT_FORM_ALLOWED_PRIVATE_TYPE_NAMES.include? @private_credential_type
       true
     else
       errors.add(:private_credential_type, :invalid_type)

data/lib/metasploit/credential/importer/multi.rb CHANGED

@@ -41,11 +41,11 @@ class Metasploit::Credential::Importer::Multi
     end
   end
-  # Perform the import
+  # Perform the import. Return true if import succeeded. Return false if any cred failed due to formatting.
   #
-  # @return [void]
+  # @return [Boolean]
   def import!
-    selected_importer.import!
+    return selected_importer.import!
   end

data/lib/metasploit/credential/version.rb CHANGED

@@ -13,7 +13,7 @@ module Metasploit
       # The minor version number, scoped to the {MAJOR} version number.
       MINOR = 0
       # The patch version number, scoped to the {MAJOR} and {MINOR} version numbers.
-      PATCH = 0
+      PATCH = 1
       #
       # Module Methods

data/spec/dummy/config/database.yml CHANGED

@@ -1,17 +1,22 @@
+# Please only use postgresql bound to a TCP port.
 development: &pgsql
   adapter: postgresql
   database: metasploit_credential_development
-  username: lance
+  username: msf
   password: pass123
   host: localhost
   port: 5432
-  pool: 15
+  pool: 5
   timeout: 5
-  min_messages: WARNING
-production:
-  <<: *pgsql
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+#
+# Note also, sqlite3 is totally unsupported by Metasploit now.
 test:
   <<: *pgsql
-  database: metasploit_credential_test
+  database: metasploit_credential_test
+  password: pass123
+  username: msf

data/spec/dummy/db/structure.sql CHANGED

@@ -2006,7 +2006,9 @@ CREATE TABLE vulns (
     info character varying(65536),
     exploited_at timestamp without time zone,
     vuln_detail_count integer DEFAULT 0,
-    vuln_attempt_count integer DEFAULT 0
+    vuln_attempt_count integer DEFAULT 0,
+    origin_id integer,
+    origin_type character varying(255)
 );
@@ -3662,6 +3664,13 @@ CREATE INDEX index_sessions_on_module_run_id ON sessions USING btree (module_run
 CREATE INDEX index_vulns_on_name ON vulns USING btree (name);
+--
+-- Name: index_vulns_on_origin_id; Type: INDEX; Schema: public; Owner: -; Tablespace:
+--
+CREATE INDEX index_vulns_on_origin_id ON vulns USING btree (origin_id);
 --
 -- Name: index_web_forms_on_path; Type: INDEX; Schema: public; Owner: -; Tablespace:
 --
@@ -4065,6 +4074,8 @@ INSERT INTO schema_migrations (version) VALUES ('20150326183742');
 INSERT INTO schema_migrations (version) VALUES ('20150421211719');
+INSERT INTO schema_migrations (version) VALUES ('20150514182921');
 INSERT INTO schema_migrations (version) VALUES ('21');
 INSERT INTO schema_migrations (version) VALUES ('22');

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-credential
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Luke Imhoff
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-05-12 00:00:00.000000000 Z
+date: 2015-08-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: metasploit-version