RubyGems - metasploit-credential - Versions diffs - 6.0.20 → 6.0.22 - Mend

metasploit-credential 6.0.20 → 6.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/app/models/metasploit/credential/krb_enc_key.rb +1 -1
data/app/models/metasploit/credential/ntlm_hash.rb +1 -1
data/app/models/metasploit/credential/postgres_md5.rb +1 -1
data/lib/metasploit/credential/creation.rb +8 -1
data/lib/metasploit/credential/version.rb +1 -1
data/spec/dummy/config/application.rb +0 -2
data/spec/dummy/db/structure.sql +7 -1
data/spec/dummy/tmp/local_secret.txt +1 -0
data/spec/lib/metasploit/credential/creation_spec.rb +43 -0
metadata +4 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 29eb2adae3e354efa557b14938b7e85b7eeb44ea3bd98fdb69bbc7b8bc6efdf3
-  data.tar.gz: 425f101cb90ce6620e61bbed4e786f7e750e1d823ede8e2c0ab55362f836f162
+  metadata.gz: b54980fe704b7045ccd25fcef674e10d8c7774ad9a8662e15d229821a4d5ce0a
+  data.tar.gz: d7fc83e6ff13464f8a3bab067136e4196b2ee3da8b0a49cd27989aa2a4924202
 SHA512:
-  metadata.gz: 11b80697bd98c100da4d8208db64d4a111afa01bfd33f9c68e821caf5232317aa44828073648ac1a03f806afc07759f36be594306a13a6552687bbbb13696754
-  data.tar.gz: ce6337b1cdcdef9cab14d9f37b15fee1d7515cc503b57ad2d39febd02ad1177c54d997ee8bbd967a3a33a7382ff0df87030e357aaa499a98bbbbd3c02770027d
+  metadata.gz: f2dcea6416ced734289968238e4da7d3184f2b8b672a3ee7106bfca3b0c9440fbb2ef605c34b28389d36e6a1adfea91ddff5e032a88b646c1e4ff659632109f8
+  data.tar.gz: 67a8e8061eab4ba68e1f47e4bd393c94d78fb53289e307dd75b0e9f2845d14099a5b1ba3f7a29f3714c3054cfb490551b2cc1f192b7a61c8698dc6e841299d4b

data/app/models/metasploit/credential/krb_enc_key.rb CHANGED Viewed

@@ -73,7 +73,7 @@ class Metasploit::Credential::KrbEncKey < Metasploit::Credential::PasswordHash
   # Callbacks
   #
-  if ActiveRecord::VERSION::MAJOR >= 7 && ActiveRecord::VERSION::MINOR >= 1
+  if ActiveRecord::VERSION::MAJOR > 7 || (ActiveRecord::VERSION::MAJOR == 7 && ActiveRecord::VERSION::MINOR >= 1)
     serialize :data, coder: Metasploit::Credential::CaseInsensitiveSerializer
   else
     serialize :data, Metasploit::Credential::CaseInsensitiveSerializer

data/app/models/metasploit/credential/ntlm_hash.rb CHANGED Viewed

@@ -43,7 +43,7 @@ class Metasploit::Credential::NTLMHash < Metasploit::Credential::ReplayableHash
   # Hash results are always downcased when stored in the database
   # This serializer allows for ORM to search in a case-insensitive
-  if ActiveRecord::VERSION::MAJOR >= 7 && ActiveRecord::VERSION::MINOR >= 1
+  if ActiveRecord::VERSION::MAJOR > 7 || (ActiveRecord::VERSION::MAJOR == 7 && ActiveRecord::VERSION::MINOR >= 1)
     serialize :data, coder: Metasploit::Credential::CaseInsensitiveSerializer
   else
     serialize :data, Metasploit::Credential::CaseInsensitiveSerializer

data/app/models/metasploit/credential/postgres_md5.rb CHANGED Viewed

@@ -13,7 +13,7 @@ class Metasploit::Credential::PostgresMD5 < Metasploit::Credential::ReplayableHa
   # Callbacks
   #
-  if ActiveRecord::VERSION::MAJOR >= 7 && ActiveRecord::VERSION::MINOR >= 1
+  if ActiveRecord::VERSION::MAJOR > 7 || (ActiveRecord::VERSION::MAJOR == 7 && ActiveRecord::VERSION::MINOR >= 1)
     serialize :data, coder: Metasploit::Credential::CaseInsensitiveSerializer
   else
     serialize :data, Metasploit::Credential::CaseInsensitiveSerializer

data/lib/metasploit/credential/creation.rb CHANGED Viewed

@@ -413,6 +413,8 @@ module Metasploit::Credential::Creation
   # If there is not a matching `Mdm::Host` it will create it. If there is not a matching
   # `Mdm::Service` it will create that too.
   #
+  # @option opts [Mdm::Service] :service The service to use instead of creating one
+  # @option opts [Fixnum] :service_id The ID of the `Mdm::Service` to link this Origin to
   # @option opts [String] :address The address of the `Mdm::Host` to link this Origin to
   # @option opts [Fixnum] :port The port number of the `Mdm::Service` to link this Origin to
   # @option opts [String] :service_name The service name to use for the `Mdm::Service`
@@ -423,8 +425,13 @@ module Metasploit::Credential::Creation
   # @return [Metasploit::Credential::Origin::Service] The created {Metasploit::Credential::Origin::Service} object
   def create_credential_origin_service(opts={})
     return nil unless active_db?
     module_fullname  = opts.fetch(:module_fullname)
-    service_object = create_credential_service(opts)
+    if (service_id = opts[:service_id] || opts[:service].try(:id))
+      service_object = Mdm::Service.where(id: service_id).first
+    else
+      service_object = create_credential_service(opts)
+    end
     return nil if service_object.nil?
     retry_transaction do

data/lib/metasploit/credential/version.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module Metasploit
   module Credential
     # VERSION is managed by GemRelease
-    VERSION = '6.0.20'
+    VERSION = '6.0.22'
     # @return [String]
     #

data/spec/dummy/config/application.rb CHANGED Viewed

@@ -55,8 +55,6 @@ module Dummy
     # like if you have constraints or database-specific column types
     config.active_record.schema_format = :sql
-    config.autoloader = :zeitwerk
     if ActiveRecord.respond_to?(:legacy_connection_handling)
       ActiveRecord.legacy_connection_handling = false
     end

data/spec/dummy/db/structure.sql CHANGED Viewed

@@ -1,7 +1,11 @@
+\restrict mBrhviFaGapJnTy1Ng5G4Nmfldi6cVCqDsnBZBhvNpaMCYyEUttPQyvzrS3RhNF
+-- Dumped from database version 14.22 (Homebrew)
+-- Dumped by pg_dump version 14.22 (Homebrew)
 SET statement_timeout = 0;
 SET lock_timeout = 0;
 SET idle_in_transaction_session_timeout = 0;
-SET transaction_timeout = 0;
 SET client_encoding = 'UTF8';
 SET standard_conforming_strings = on;
 SELECT pg_catalog.set_config('search_path', '', false);
@@ -4004,6 +4008,8 @@ CREATE UNIQUE INDEX unique_realmless_metasploit_credential_cores ON public.metas
 -- PostgreSQL database dump complete
 --
+\unrestrict mBrhviFaGapJnTy1Ng5G4Nmfldi6cVCqDsnBZBhvNpaMCYyEUttPQyvzrS3RhNF
 SET search_path TO "$user", public;
 INSERT INTO "schema_migrations" (version) VALUES

data/spec/dummy/tmp/local_secret.txt ADDED Viewed

	@@ -0,0 +1 @@
1	+ 6a51993ec952777b354be51d945c684ff857fc3d3998977cce58c852e7e84603f6999bdbe3471130e137c437a38e775c2eef37156a46f59bd7a46eb38b642b9a

data/spec/lib/metasploit/credential/creation_spec.rb CHANGED Viewed

@@ -652,6 +652,49 @@ RSpec.describe Metasploit::Credential::Creation do
         expect{ test_object.create_credential_origin_service(opts)}.to raise_error KeyError
       end
     end
+    context 'when :service is provided' do
+      it 'uses the given service object and does not create a new Mdm::Service' do
+        host = FactoryBot.create(:mdm_host, workspace: workspace)
+        existing_service = FactoryBot.create(:mdm_service, host: host)
+        opts = {
+          service: existing_service,
+          module_fullname: 'auxiliary/scanner/smb/smb_login',
+          origin_type: :service
+        }
+        expect { test_object.create_credential_origin_service(opts) }.to_not change { Mdm::Service.count }
+        origin = test_object.create_credential_origin_service(opts)
+        expect(origin.service_id).to eq(existing_service.id)
+      end
+    end
+    context 'when :service_id is provided' do
+      context 'and the ID corresponds to an existing Mdm::Service' do
+        it 'uses that service and does not create a new Mdm::Service' do
+          host = FactoryBot.create(:mdm_host, workspace: workspace)
+          existing_service = FactoryBot.create(:mdm_service, host: host)
+          opts = {
+            service_id: existing_service.id,
+            module_fullname: 'auxiliary/scanner/smb/smb_login',
+            origin_type: :service
+          }
+          expect { test_object.create_credential_origin_service(opts) }.to_not change { Mdm::Service.count }
+          origin = test_object.create_credential_origin_service(opts)
+          expect(origin.service_id).to eq(existing_service.id)
+        end
+      end
+      context 'and the ID does not correspond to an existing Mdm::Service' do
+        it 'returns nil' do
+          opts = {
+            service_id: 0,
+            module_fullname: 'auxiliary/scanner/smb/smb_login',
+            origin_type: :service
+          }
+          expect(test_object.create_credential_origin_service(opts)).to be_nil
+        end
+      end
+    end
   end
   context '#create_credential_origin_session' do

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-credential
 version: !ruby/object:Gem::Version
-  version: 6.0.20
+  version: 6.0.22
 platform: ruby
 authors:
 - Metasploit Hackers
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-02-09 00:00:00.000000000 Z
+date: 2026-04-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: metasploit-concern
@@ -325,6 +325,7 @@ files:
 - spec/dummy/public/500.html
 - spec/dummy/public/favicon.ico
 - spec/dummy/script/rails
+- spec/dummy/tmp/local_secret.txt
 - spec/factories/metasploit/credential/blank_usernames.rb
 - spec/factories/metasploit/credential/cores.rb
 - spec/factories/metasploit/credential/importer/cores.rb
@@ -457,6 +458,7 @@ test_files:
 - spec/dummy/public/500.html
 - spec/dummy/public/favicon.ico
 - spec/dummy/script/rails
+- spec/dummy/tmp/local_secret.txt
 - spec/factories/metasploit/credential/blank_usernames.rb
 - spec/factories/metasploit/credential/cores.rb
 - spec/factories/metasploit/credential/importer/cores.rb