metasploit-credential 5.0.4 → 5.0.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e8c662ab01206eb5505e4547ea2d0d092ef9a5dcd53b3e3d7a3f0e24080bc080
-  data.tar.gz: 412d0c389cd2157da7e1594b4ed4f71cd97cd212673b52027a07fbb5dabbe266
+  metadata.gz: d140b2eb720061d68c2e0fec85404497f81a6051a9f8d976f878f36c23aed270
+  data.tar.gz: 620eb8b84e8668482a0b33c2b65a5d1db8a9898f62afb8c839f8d8bf40e07428
 SHA512:
-  metadata.gz: cf857bc495a3084d6d092bcd47bcefc77774e40a681d299ab6e9f63249f1095dfb8c8c5938663bbf060720ad0fac7716bd30536581b821801e8278c3c618c7ba
-  data.tar.gz: b1296d879cfec2c95064f0fc38f46ab513cc7de077bfaeebd1c63a4b16383ec6b26a04a384eb95f180a4b419523e19a6864345c78cbd605f2901942fd68be97c
+  metadata.gz: 480728a45afedefb42fe8c564ccef3389c4e479bc7234179450e90f0d3c25ccf58a6b9cfced84d0896ee88c9d0b3f5b3c195473fb156de5998ace3eff665ffc8
+  data.tar.gz: 1519aa87cb68fe5711bc812cad71ef329f73f20b6b2dfc09d53167011a59744a518a637ea5aac5929a6d8a3c57ab57d74f42746dcad654e2d5cc29bc3aeb482b

data/app/models/metasploit/credential/nonreplayable_hash.rb

@@ -10,17 +10,118 @@ class Metasploit::Credential::NonreplayableHash < Metasploit::Credential::Passwo
   # The names of John the Ripper supported formats, from the "jumbo" edition.
   # Listed in the format section of the output of +john --help+ on the CLI
   # Current as of 2014-06-12
-  VALID_JTR_FORMATS = %w(afs bf bf-opencl bfegg bsdi crc32 des django dmd5 dominosec dragonfly3-32 dragonfly3-64
-                         dragonfly4-32 dragonfly4-64 drupal7 dummy dynamic_n epi episerver gost hdaa hmac-md5 hmac-sha1
-                         hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512 hmailserver ipb2 keepass keychain krb4 krb5 lm
-                         lotus5 md4-gen md5 md5crypt-opencl md5ns mediawiki mscash mscash2 mscash2-opencl mschapv2
-                         mskrb5 mssql mssql05 mysql mysql-sha1 mysql-sha1-opencl nethalflm netlm netlmv2 netntlm
-                         netntlmv2 nsldap nt nt-opencl nt2 odf office oracle oracle11 osc pdf phpass phpass-opencl phps
-                         pix-md5 pkzip po pwsafe pwsafe-opencl racf rar raw-md4 raw-md4-opencl raw-md5 raw-md5-opencl
-                         raw-md5u raw-sha raw-sha1 raw-sha1-linkedin raw-sha1-ng raw-sha1-opencl raw-sha224 raw-sha256
-                         raw-sha384 raw-sha512 raw-sha512-opencl salted-sha1 sapb sapg sha1-gen sha256crypt sha512crypt
-                         sha512crypt-opencl sip ssh ssha-opencl sybasease trip vnc wbb3 wpapsk wpapsk-opencl xsha
-                         xsha512 xsha512-opencl zip)
+  VALID_JTR_FORMATS = %w(
+    afs
+    bf
+    bf-opencl
+    bfegg
+    bsdi
+    crc32
+    des
+    django
+    dmd5
+    dominosec
+    dragonfly3-32
+    dragonfly3-64
+    dragonfly4-32
+    dragonfly4-64
+    drupal7
+    dummy
+    dynamic_n
+    epi
+    episerver
+    gost
+    hdaa
+    hmac-md5
+    hmac-sha1
+    hmac-sha224
+    hmac-sha256
+    hmac-sha384
+    hmac-sha512
+    hmailserver
+    ipb2
+    keepass
+    keychain
+    krb4
+    krb5
+    lm
+    lotus5
+    md4-gen
+    md5
+    md5crypt-opencl
+    md5ns
+    mediawiki
+    mscash
+    mscash2
+    mscash2-opencl
+    mschapv2
+    mskrb5
+    mssql
+    mssql05
+    mysql
+    mysql-sha1
+    mysql-sha1-opencl
+    nethalflm
+    netlm
+    netlmv2
+    netntlm
+    netntlmv2
+    nsldap
+    nt
+    nt-opencl
+    nt2
+    odf
+    office
+    oracle
+    oracle11
+    osc
+    pdf
+    phpass
+    phpass-opencl
+    phps
+    pix-md5
+    pkzip
+    po
+    pwsafe
+    pwsafe-opencl
+    racf
+    rar
+    raw-md4
+    raw-md4-opencl
+    raw-md5
+    raw-md5-opencl
+    raw-md5u
+    raw-sha
+    raw-sha1
+    raw-sha1-linkedin
+    raw-sha1-ng
+    raw-sha1-opencl
+    raw-sha224
+    raw-sha256
+    raw-sha384
+    raw-sha512
+    raw-sha512-opencl
+    salted-sha1
+    sapb
+    sapg
+    sha1-gen
+    sha256crypt
+    sha512crypt
+    sha512crypt-opencl
+    sip
+    ssh
+    ssha-opencl
+    sybasease
+    trip
+    vnc
+    wbb3
+    wpapsk
+    wpapsk-opencl
+    xsha
+    xsha512
+    xsha512-opencl
+    zip
+  )
 
   #
   # Attributes

data/lib/metasploit/credential/importer/core.rb

@@ -224,7 +224,7 @@ class Metasploit::Credential::Importer::Core
       end
       if all_creds_valid
         core_opts.each do |item|
-          if Metasploit::Credential::Core.where(public: item[:public], private: item[:private]).blank?
+          if Metasploit::Credential::Core.where(origin: item[:origin], workspace_id: item[:workspace_id], public: item[:public], private: item[:private]).blank?
             create_credential_core(item)
           end
         end

data/lib/metasploit/credential/version.rb

@@ -3,7 +3,7 @@
 module Metasploit
   module Credential
     # VERSION is managed by GemRelease
-    VERSION = '5.0.4'
+    VERSION = '5.0.7'
 
     # @return [String]
     #

data/spec/dummy/config/database.yml

@@ -1,6 +1,6 @@
 development: &pgsql
   adapter: postgresql
-  database: metasploit-credential_development0
+  database: metasploit-credential_development4
   username: msf
   password: pass123
   host: localhost
@@ -10,4 +10,4 @@ development: &pgsql
   min_messages: warning
 test:
   <<: *pgsql
-  database: metasploit-credential_test0
+  database: metasploit-credential_test4

data/spec/lib/metasploit/credential/importer/core_spec.rb

@@ -215,6 +215,31 @@ RSpec.describe Metasploit::Credential::Importer::Core do
           expect{core_csv_importer.import!}.to change(Metasploit::Credential::Core, :count).from(1).to(2)
         end
       end
+
+      describe "when the data in the CSV contains a duplicate from another workspace" do
+        let(:preexisting_cred_data) do
+          core_csv_importer.csv_object.gets
+          row = core_csv_importer.csv_object.first
+          core_csv_importer.csv_object.rewind
+          {
+            username: row['username'],
+            private_data: row['private_data'],
+          }
+        end
+
+        before(:example) do
+          core         = Metasploit::Credential::Core.new
+          core.public  = FactoryBot.create(:metasploit_credential_username, username: preexisting_cred_data[:username])
+          core.private = FactoryBot.create(:metasploit_credential_password, data: preexisting_cred_data[:private_data])
+          core.origin  = FactoryBot.create(:metasploit_credential_origin_import)
+          core.workspace = FactoryBot.create(:mdm_workspace)
+          core.save!
+        end
+
+        it 'should create a new Metasploit::Credential::Core for each row in the import' do
+          expect{core_csv_importer.import!}.to change(Metasploit::Credential::Core, :count).from(1).to(3)
+        end
+      end
     end
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-credential
 version: !ruby/object:Gem::Version
-  version: 5.0.4
+  version: 5.0.7
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -93,7 +93,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2021-09-03 00:00:00.000000000 Z
+date: 2022-04-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: metasploit-concern