metasploit-credential 6.0.24 → 6.0.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/metasploit/credential/creation.rb +58 -0
- data/lib/metasploit/credential/exporter/core.rb +1 -1
- data/lib/metasploit/credential/importer/zip.rb +2 -2
- data/lib/metasploit/credential/version.rb +1 -1
- data/spec/dummy/tmp/local_secret.txt +1 -1
- data/spec/factories/metasploit/credential/importer/zips.rb +3 -3
- data/spec/lib/metasploit/credential/migrator_spec.rb +8 -2
- metadata +10 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a24d66b6c06687dd8a034334c4456ae7734f390cac037bdc256a54fed0404e1b
|
|
4
|
+
data.tar.gz: 42ec665f5eb4d410c2da7b20a6a8bb288e0510febf87c97c03224ca5d085f74e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2e9edb1ebc543d6da43c265bd5cd5dcf1e69e30a6152808c4b113ace8977b129bbcdb90fd18c0625d8f33dcbffa179810f3b435c812298e77945568d3115397e
|
|
7
|
+
data.tar.gz: 9903ec677370e44cecd5bba7b75936d6f3dfade5baa2946d80147788da71d293f2cb32596fa38bd33e98489a628a2b540f8b3e0bddffd07c42601c01a66452ba
|
|
@@ -617,16 +617,74 @@ module Metasploit::Credential::Creation
|
|
|
617
617
|
service_name = opts.fetch(:service_name)
|
|
618
618
|
protocol = opts.fetch(:protocol)
|
|
619
619
|
workspace_id = opts.fetch(:workspace_id)
|
|
620
|
+
resource = opts[:resource] || {}
|
|
620
621
|
|
|
621
622
|
host_object = Mdm::Host.where(address: address, workspace_id: workspace_id).first_or_create
|
|
622
623
|
service_object = Mdm::Service.where(host_id: host_object.id, port: port, proto: protocol, name: service_name).first_or_initialize
|
|
623
624
|
|
|
625
|
+
parents = process_service_chain(host_object, opts.delete(:parents)) if opts[:parents]
|
|
626
|
+
if parents
|
|
627
|
+
parents.each do |parent|
|
|
628
|
+
service_object.parents << parent if parent && !service_object.parents.include?(parent)
|
|
629
|
+
end
|
|
630
|
+
end
|
|
631
|
+
|
|
632
|
+
service_object.resource = resource
|
|
624
633
|
service_object.state = "open"
|
|
625
634
|
service_object.save!
|
|
626
635
|
|
|
627
636
|
service_object
|
|
628
637
|
end
|
|
629
638
|
|
|
639
|
+
# This is copy-pasted from Metasploit Framework (with small tweaks right now to lalow for :name and :service_name, and :proto/:protocol):
|
|
640
|
+
# https://github.com/rapid7/metasploit-framework/blob/2dcfb985ea68ba2384f5309afdc9ec1a17cb80b9/lib/msf/core/db_manager/service.rb#L193
|
|
641
|
+
# In the future, we can potentially migrate this AND the Metasploit Framework code to metasploit_data_models, so that
|
|
642
|
+
# both Framework and Credential have access to the shared code.
|
|
643
|
+
def process_service_chain(host, services)
|
|
644
|
+
return unless host.is_a?(Mdm::Host)
|
|
645
|
+
|
|
646
|
+
return if services.nil?
|
|
647
|
+
|
|
648
|
+
services = [services] unless services.is_a?(Array)
|
|
649
|
+
services.map do |service|
|
|
650
|
+
case service
|
|
651
|
+
when ::Mdm::Service
|
|
652
|
+
service_obj = service
|
|
653
|
+
when ::Hash
|
|
654
|
+
next if service[:port].nil? || service[:proto].nil?
|
|
655
|
+
|
|
656
|
+
parents = nil
|
|
657
|
+
if service[:parents]&.any?
|
|
658
|
+
parents = process_service_chain(host, service[:parents])
|
|
659
|
+
end
|
|
660
|
+
|
|
661
|
+
service_info = {
|
|
662
|
+
port: service[:port].to_i,
|
|
663
|
+
proto: service[:proto].to_s.downcase,
|
|
664
|
+
}
|
|
665
|
+
service_info[:name] = service[:name].downcase if service[:name]
|
|
666
|
+
service_info[:resource] = service[:resource] if service[:resource]
|
|
667
|
+
service_obj = host.services.find_or_create_by(service_info)
|
|
668
|
+
if service_obj.id.nil?
|
|
669
|
+
# elog("Failed to create service #{service_info.inspect} for host #{host.name} (#{host.address})")
|
|
670
|
+
return
|
|
671
|
+
end
|
|
672
|
+
service_obj.state ||= 'open'
|
|
673
|
+
service_obj.info = service[:info] ? service[:info] : ''
|
|
674
|
+
|
|
675
|
+
if parents
|
|
676
|
+
parents.each do |parent|
|
|
677
|
+
service_obj.parents << parent if parent && !service_obj.parents.include?(parent)
|
|
678
|
+
end
|
|
679
|
+
end
|
|
680
|
+
else
|
|
681
|
+
next
|
|
682
|
+
end
|
|
683
|
+
|
|
684
|
+
service_obj
|
|
685
|
+
end.compact
|
|
686
|
+
end
|
|
687
|
+
|
|
630
688
|
# This method checks to see if a {Metasploit::Credential::Login} exists for a given
|
|
631
689
|
# set of details. If it does exists, we then appropriately set the status to one of our
|
|
632
690
|
# failure statuses.
|
|
@@ -211,7 +211,7 @@ class Metasploit::Credential::Exporter::Core
|
|
|
211
211
|
def render_zip
|
|
212
212
|
zip_dir_path = Pathname.new(output_final_directory_path)
|
|
213
213
|
|
|
214
|
-
Zip::File.open(output_zipfile_path,
|
|
214
|
+
Zip::File.open(output_zipfile_path, create: true) do |zipfile|
|
|
215
215
|
Dir[File.join(output_final_directory_path, '**', '**')].each do |file|
|
|
216
216
|
file_path = Pathname.new(file)
|
|
217
217
|
path_in_zip = file_path.relative_path_from(zip_dir_path)
|
|
@@ -57,7 +57,7 @@ class Metasploit::Credential::Importer::Zip
|
|
|
57
57
|
def import!
|
|
58
58
|
::Zip::File.open(input.path) do |zip_file|
|
|
59
59
|
zip_file.each do |entry|
|
|
60
|
-
entry.extract(File.join(extracted_zip_directory
|
|
60
|
+
entry.extract(destination_directory: File.join(extracted_zip_directory))
|
|
61
61
|
end
|
|
62
62
|
end
|
|
63
63
|
|
|
@@ -80,7 +80,7 @@ class Metasploit::Credential::Importer::Zip
|
|
|
80
80
|
# @return [void]
|
|
81
81
|
def input_is_well_formed
|
|
82
82
|
begin
|
|
83
|
-
Zip::File.open
|
|
83
|
+
::Zip::File.open(input.path) do |archive|
|
|
84
84
|
glob_check = archive.glob("**#{File::SEPARATOR}#{MANIFEST_FILE_NAME}")
|
|
85
85
|
if glob_check.present?
|
|
86
86
|
true
|
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
d35473b1badc957901eab5af80c9922037aa331ffa8df42e2f0287d5447dbb159cefe2b044bdcf047b03c2e3e5838bcd4c86f56e98a5ecc7735ee3c4bb63d74b
|
|
@@ -57,7 +57,7 @@ FactoryBot.define do
|
|
|
57
57
|
|
|
58
58
|
# Write out zip file
|
|
59
59
|
zip_location = "#{path}.zip"
|
|
60
|
-
::Zip::File.open(zip_location,
|
|
60
|
+
::Zip::File.open(zip_location, create: true) do |zipfile|
|
|
61
61
|
Dir[File.join(path, '**', '**')].each do |file|
|
|
62
62
|
zipfile.add(file.sub(path + '/', ''), file)
|
|
63
63
|
end
|
|
@@ -98,7 +98,7 @@ FactoryBot.define do
|
|
|
98
98
|
|
|
99
99
|
# Write out zip file
|
|
100
100
|
zip_location = "#{path}.zip"
|
|
101
|
-
::Zip::File.open(zip_location,
|
|
101
|
+
::Zip::File.open(zip_location, create: true) do |zipfile|
|
|
102
102
|
Dir[File.join(path, '**', '**')].each do |file|
|
|
103
103
|
zipfile.add(file.sub(path + '/', ''), file)
|
|
104
104
|
end
|
|
@@ -140,7 +140,7 @@ FactoryBot.define do
|
|
|
140
140
|
|
|
141
141
|
# Write out zip file
|
|
142
142
|
zip_location = "#{path}.zip"
|
|
143
|
-
::Zip::File.open(zip_location,
|
|
143
|
+
::Zip::File.open(zip_location, create: true) do |zipfile|
|
|
144
144
|
Dir[File.join(path, '**', '**')].each do |file|
|
|
145
145
|
zipfile.add(file.sub(path + '/', ''), file)
|
|
146
146
|
end
|
|
@@ -99,13 +99,15 @@ RSpec.describe Metasploit::Credential::Migrator do
|
|
|
99
99
|
|
|
100
100
|
context "when Cred#pass points to a file system path" do
|
|
101
101
|
|
|
102
|
-
let(:
|
|
102
|
+
let(:ssh_key_tempfile) do
|
|
103
103
|
t = Tempfile.new('ssh')
|
|
104
104
|
t.write(ssh_key_content)
|
|
105
105
|
t.close
|
|
106
|
-
t
|
|
106
|
+
t
|
|
107
107
|
end
|
|
108
108
|
|
|
109
|
+
let(:path_to_ssh_key) { ssh_key_tempfile.path }
|
|
110
|
+
|
|
109
111
|
let(:cred) do
|
|
110
112
|
FactoryBot.create(:mdm_cred,
|
|
111
113
|
service: service,
|
|
@@ -114,6 +116,10 @@ RSpec.describe Metasploit::Credential::Migrator do
|
|
|
114
116
|
)
|
|
115
117
|
end
|
|
116
118
|
|
|
119
|
+
after(:example) do
|
|
120
|
+
ssh_key_tempfile.unlink
|
|
121
|
+
end
|
|
122
|
+
|
|
117
123
|
before(:example) do
|
|
118
124
|
migrator.convert_creds_in_workspace(cred.service.host.workspace)
|
|
119
125
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: metasploit-credential
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.0.
|
|
4
|
+
version: 6.0.26
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Metasploit Hackers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2026-05-
|
|
11
|
+
date: 2026-05-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: metasploit-concern
|
|
@@ -84,16 +84,22 @@ dependencies:
|
|
|
84
84
|
name: rubyzip
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
|
86
86
|
requirements:
|
|
87
|
+
- - ">="
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: 3.1.1
|
|
87
90
|
- - "<"
|
|
88
91
|
- !ruby/object:Gem::Version
|
|
89
|
-
version:
|
|
92
|
+
version: '4.0'
|
|
90
93
|
type: :runtime
|
|
91
94
|
prerelease: false
|
|
92
95
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
96
|
requirements:
|
|
97
|
+
- - ">="
|
|
98
|
+
- !ruby/object:Gem::Version
|
|
99
|
+
version: 3.1.1
|
|
94
100
|
- - "<"
|
|
95
101
|
- !ruby/object:Gem::Version
|
|
96
|
-
version:
|
|
102
|
+
version: '4.0'
|
|
97
103
|
- !ruby/object:Gem::Dependency
|
|
98
104
|
name: rex-socket
|
|
99
105
|
requirement: !ruby/object:Gem::Requirement
|