metasploit-credential 6.0.4 → 6.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/app/models/metasploit/credential/krb_enc_key.rb +2 -10
- data/app/models/metasploit/credential/ntlm_hash.rb +5 -11
- data/app/models/metasploit/credential/postgres_md5.rb +2 -10
- data/lib/metasploit/credential/case_insensitive_serializer.rb +9 -0
- data/lib/metasploit/credential/importer/core.rb +1 -2
- data/lib/metasploit/credential/version.rb +1 -1
- data/lib/metasploit/credential.rb +1 -0
- data/spec/dummy/config/database.yml +2 -2
- data/spec/lib/metasploit/credential/creation_spec.rb +31 -0
- data/spec/models/metasploit/credential/krb_enc_key_spec.rb +26 -0
- data/spec/models/metasploit/credential/ntlm_hash_spec.rb +24 -0
- data/spec/models/metasploit/credential/postgres_md5_spec.rb +26 -0
- data.tar.gz.sig +0 -0
- metadata +3 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c890cd98fc73ff6cbd909ded7207646f534477a4308f60f1e7dc09231cd29d88
|
4
|
+
data.tar.gz: 62fd27bcb61c852fb705cb89a0848771f6c4ae64b6a3c76202228ea6d2037969
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 06bf39bbda84fc40c4f25085a39e4f27211a50246879fbe3b50f034c502a9b6fcf7cebbe9292912a4bfc42f8804837a45e8cbc332253b5f3fc5b122983f6b23e
|
7
|
+
data.tar.gz: d361ca8222849ab597accea494fef812339b971537bcd9cdbc3259eb19271a57f31cd1773c8338282211bf43569ee507888eb09f7326799b9ec6d66140bc50cd
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
@@ -73,7 +73,8 @@ class Metasploit::Credential::KrbEncKey < Metasploit::Credential::PasswordHash
|
|
73
73
|
# Callbacks
|
74
74
|
#
|
75
75
|
|
76
|
-
|
76
|
+
serialize :data, Metasploit::Credential::CaseInsensitiveSerializer
|
77
|
+
validates_uniqueness_of :data, :case_sensitive => false
|
77
78
|
|
78
79
|
#
|
79
80
|
# Validations
|
@@ -162,15 +163,6 @@ class Metasploit::Credential::KrbEncKey < Metasploit::Credential::PasswordHash
|
|
162
163
|
}
|
163
164
|
end
|
164
165
|
|
165
|
-
# Normalizes {#data} by making it all lowercase so that the unique validation and index on
|
166
|
-
# ({Metasploit::Credential::Private#type}, {#data}) catches collision in a case-insensitive manner without the need
|
167
|
-
# to use case-insensitive comparisons.
|
168
|
-
def normalize_data
|
169
|
-
if data
|
170
|
-
self.data = data.downcase
|
171
|
-
end
|
172
|
-
end
|
173
|
-
|
174
166
|
# Validates that {#data} is in the expected data format
|
175
167
|
def data_format
|
176
168
|
unless DATA_REGEXP.match(data)
|
@@ -55,15 +55,18 @@ class Metasploit::Credential::NTLMHash < Metasploit::Credential::ReplayableHash
|
|
55
55
|
# @return [String] `'<LAN Manager hex digest>:<NT LAN Manager hex digest>'`
|
56
56
|
|
57
57
|
#
|
58
|
-
#
|
58
|
+
# Serializers
|
59
59
|
#
|
60
60
|
|
61
|
-
|
61
|
+
# Hash results are always downcased when stored in the database
|
62
|
+
# This serializer allows for ORM to search in a case-insensitive
|
63
|
+
serialize :data, Metasploit::Credential::CaseInsensitiveSerializer
|
62
64
|
|
63
65
|
#
|
64
66
|
# Validations
|
65
67
|
#
|
66
68
|
|
69
|
+
validates_uniqueness_of :data, :case_sensitive => false
|
67
70
|
validate :data_format
|
68
71
|
|
69
72
|
#
|
@@ -130,15 +133,6 @@ class Metasploit::Credential::NTLMHash < Metasploit::Credential::ReplayableHash
|
|
130
133
|
|
131
134
|
private
|
132
135
|
|
133
|
-
# Normalizes {#data} by making it all lowercase so that the unique validation and index on
|
134
|
-
# ({Metasploit::Credential::Private#type}, {#data}) catches collision in a case-insensitive manner without the need
|
135
|
-
# to use case-insensitive comparisons.
|
136
|
-
def normalize_data
|
137
|
-
if data
|
138
|
-
self.data = data.downcase
|
139
|
-
end
|
140
|
-
end
|
141
|
-
|
142
136
|
# Validates that {#data} is in the NTLM data format of <LAN Manager hex digest>:<NT LAN Manager hex digest>. Both hex
|
143
137
|
# digests are 32 lowercase hexadecimal characters.
|
144
138
|
def data_format
|
@@ -13,7 +13,8 @@ class Metasploit::Credential::PostgresMD5 < Metasploit::Credential::ReplayableHa
|
|
13
13
|
# Callbacks
|
14
14
|
#
|
15
15
|
|
16
|
-
|
16
|
+
serialize :data, Metasploit::Credential::CaseInsensitiveSerializer
|
17
|
+
validates_uniqueness_of :data, :case_sensitive => false
|
17
18
|
|
18
19
|
#
|
19
20
|
# Validations
|
@@ -23,15 +24,6 @@ class Metasploit::Credential::PostgresMD5 < Metasploit::Credential::ReplayableHa
|
|
23
24
|
|
24
25
|
private
|
25
26
|
|
26
|
-
# Normalizes {#data} by making it all lowercase so that the unique validation and index on
|
27
|
-
# ({Metasploit::Credential::Private#type}, {#data}) catches collision in a case-insensitive manner without the need
|
28
|
-
# to use case-insensitive comparisons.
|
29
|
-
def normalize_data
|
30
|
-
if data
|
31
|
-
self.data = data.downcase
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
35
27
|
def data_format
|
36
28
|
unless DATA_REGEXP.match(data)
|
37
29
|
errors.add(:data, 'is not in Postgres MD5 Hash format')
|
@@ -116,7 +116,6 @@ class Metasploit::Credential::Importer::Core
|
|
116
116
|
private_class = row['private_type'].present? ? row['private_type'].constantize : ''
|
117
117
|
private_data = row['private_data'].present? ? row['private_data'] : ''
|
118
118
|
|
119
|
-
|
120
119
|
if realms[realm_value].nil?
|
121
120
|
realms[realm_value] = Metasploit::Credential::Realm.where(key: realm_key, value: realm_value).first_or_create
|
122
121
|
end
|
@@ -210,7 +209,7 @@ class Metasploit::Credential::Importer::Core
|
|
210
209
|
if private_data.strip == BLANK_TOKEN
|
211
210
|
private_object_for_row = Metasploit::Credential::BlankPassword.first_or_create
|
212
211
|
else
|
213
|
-
private_object_for_row = @private_credential_type.constantize.where(data:
|
212
|
+
private_object_for_row = @private_credential_type.constantize.where(data: private_data).first_or_create
|
214
213
|
end
|
215
214
|
|
216
215
|
# need to check private_object_for_row.valid? to raise a user facing message if any cred had invalid private
|
@@ -1,6 +1,6 @@
|
|
1
1
|
development: &pgsql
|
2
2
|
adapter: postgresql
|
3
|
-
database: metasploit-
|
3
|
+
database: metasploit-credential_development2
|
4
4
|
username: msf
|
5
5
|
password: pass123
|
6
6
|
host: localhost
|
@@ -10,4 +10,4 @@ development: &pgsql
|
|
10
10
|
min_messages: warning
|
11
11
|
test:
|
12
12
|
<<: *pgsql
|
13
|
-
database: metasploit-
|
13
|
+
database: metasploit-credential_test2
|
@@ -178,6 +178,37 @@ RSpec.describe Metasploit::Credential::Creation do
|
|
178
178
|
end
|
179
179
|
end
|
180
180
|
end
|
181
|
+
context 'deletion and creation' do
|
182
|
+
let(:private_data) { 'md5ac4bbe016b808c3c0b816981f240dcae' }
|
183
|
+
let(:private_data_upcase) { private_data.upcase }
|
184
|
+
let(:credential_data) {{
|
185
|
+
workspace_id: workspace.id,
|
186
|
+
user_id: user.id,
|
187
|
+
origin_type: :manual,
|
188
|
+
username: 'admin',
|
189
|
+
private_data: private_data,
|
190
|
+
private_type: :postgres_md5
|
191
|
+
}}
|
192
|
+
it 'creates a private cred' do
|
193
|
+
expect{ test_object.create_credential(credential_data) }.to change{ Metasploit::Credential::PostgresMD5.count }.by(1)
|
194
|
+
end
|
195
|
+
let(:credential_data_upcase) {{
|
196
|
+
workspace_id: workspace.id,
|
197
|
+
user_id: user.id,
|
198
|
+
origin_type: :manual,
|
199
|
+
username: 'admin',
|
200
|
+
private_data: private_data_upcase,
|
201
|
+
private_type: :postgres_md5
|
202
|
+
}}
|
203
|
+
it 'allows for the recreation of core with case insensitive private credentials set to different case' do
|
204
|
+
expect{ test_object.create_credential(credential_data) }.to change{ Metasploit::Credential::PostgresMD5.count }.by(1)
|
205
|
+
expect{ Metasploit::Credential::Core.first.destroy }.to change{ Metasploit::Credential::Core.count }.by(-1)
|
206
|
+
expect( Metasploit::Credential::PostgresMD5.count ).to eq(1)
|
207
|
+
expect( Metasploit::Credential::Core.count ).to eq(0)
|
208
|
+
expect{ test_object.create_credential(credential_data_upcase) }.to change{ Metasploit::Credential::Core.count }.by(1)
|
209
|
+
expect( Metasploit::Credential::PostgresMD5.count ).to eq(1)
|
210
|
+
end
|
211
|
+
end
|
181
212
|
end
|
182
213
|
|
183
214
|
context '#create_credential_and_login' do
|
@@ -148,4 +148,30 @@ RSpec.describe Metasploit::Credential::KrbEncKey, type: :model do
|
|
148
148
|
end
|
149
149
|
end
|
150
150
|
end
|
151
|
+
|
152
|
+
context 'serialization' do
|
153
|
+
context '#first_or_create' do
|
154
|
+
let(:data) { 'msf_krbenckey:23:e22e04519aa757d12f1219c4f31252f4:' }
|
155
|
+
let(:upcase_data) {data.upcase}
|
156
|
+
|
157
|
+
context 'creates a new instance that stores case-insensitive value' do
|
158
|
+
it 'creates case insensitive data' do
|
159
|
+
expect{ Metasploit::Credential::KrbEncKey.where(data: data).first_or_create }.to change{Metasploit::Credential::KrbEncKey.count}.by(1)
|
160
|
+
expect{ Metasploit::Credential::KrbEncKey.where(data: upcase_data).first_or_create }.not_to change{Metasploit::Credential::KrbEncKey.count}
|
161
|
+
end
|
162
|
+
end
|
163
|
+
|
164
|
+
context 'finds an existing case insensitive match' do
|
165
|
+
let(:krb_enc_key) do
|
166
|
+
FactoryBot.build(
|
167
|
+
:metasploit_credential_krb_enc_key,
|
168
|
+
data: upcase_data
|
169
|
+
)
|
170
|
+
end
|
171
|
+
it 'successfully looks up credential in case insensitive way' do
|
172
|
+
expect( krb_enc_key.data ).to eq(data)
|
173
|
+
end
|
174
|
+
end
|
175
|
+
end
|
176
|
+
end
|
151
177
|
end
|
@@ -397,5 +397,29 @@ RSpec.describe Metasploit::Credential::NTLMHash, type: :model do
|
|
397
397
|
end
|
398
398
|
end
|
399
399
|
|
400
|
+
context 'serialization' do
|
401
|
+
context '#first_or_create' do
|
402
|
+
let(:data) { 'aad3b435b51404eeaad3b435b51404ee:4dc0249ad90ab626362050195893c788' }
|
403
|
+
let(:upcase_data) {data.upcase}
|
404
|
+
|
405
|
+
context 'creates a new instance that stores case-insensitive value' do
|
406
|
+
it 'creates case insensitive data' do
|
407
|
+
expect{ Metasploit::Credential::NTLMHash.where(data: data).first_or_create }.to change{Metasploit::Credential::NTLMHash.count}.by(1)
|
408
|
+
expect{ Metasploit::Credential::NTLMHash.where(data: upcase_data).first_or_create }.not_to change{Metasploit::Credential::NTLMHash.count}
|
409
|
+
end
|
410
|
+
end
|
400
411
|
|
412
|
+
context 'finds an existing case insensitive match' do
|
413
|
+
let(:ntlm_hash) do
|
414
|
+
FactoryBot.build(
|
415
|
+
:metasploit_credential_ntlm_hash,
|
416
|
+
data: upcase_data
|
417
|
+
)
|
418
|
+
end
|
419
|
+
it 'successfully looks up credential in case insensitive way' do
|
420
|
+
expect( ntlm_hash.data ).to eq(data)
|
421
|
+
end
|
422
|
+
end
|
423
|
+
end
|
424
|
+
end
|
401
425
|
end
|
@@ -119,4 +119,30 @@ RSpec.describe Metasploit::Credential::PostgresMD5, type: :model do
|
|
119
119
|
end
|
120
120
|
end
|
121
121
|
|
122
|
+
context 'serialization' do
|
123
|
+
context '#first_or_create' do
|
124
|
+
let(:data) { "md5#{SecureRandom.hex(16)}" }
|
125
|
+
let(:upcase_data) {data.upcase}
|
126
|
+
|
127
|
+
context 'creates a new instance that stores case-insensitive value' do
|
128
|
+
it 'creates case insensitive data' do
|
129
|
+
expect{ Metasploit::Credential::PostgresMD5.where(data: data).first_or_create }.to change{Metasploit::Credential::PostgresMD5.count}.by(1)
|
130
|
+
expect{ Metasploit::Credential::PostgresMD5.where(data: upcase_data).first_or_create }.not_to change{Metasploit::Credential::PostgresMD5.count}
|
131
|
+
end
|
132
|
+
end
|
133
|
+
|
134
|
+
context 'finds an existing case insensitive match' do
|
135
|
+
let(:postgres_md5) do
|
136
|
+
FactoryBot.build(
|
137
|
+
:metasploit_credential_postgres_md5,
|
138
|
+
data: upcase_data
|
139
|
+
)
|
140
|
+
end
|
141
|
+
|
142
|
+
it 'successfully looks up credential in case insensitive way' do
|
143
|
+
expect( postgres_md5.data ).to eq(data)
|
144
|
+
end
|
145
|
+
end
|
146
|
+
end
|
147
|
+
end
|
122
148
|
end
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: metasploit-credential
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.0.
|
4
|
+
version: 6.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Metasploit Hackers
|
@@ -93,7 +93,7 @@ cert_chain:
|
|
93
93
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
94
94
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
95
95
|
-----END CERTIFICATE-----
|
96
|
-
date: 2023-
|
96
|
+
date: 2023-05-19 00:00:00.000000000 Z
|
97
97
|
dependencies:
|
98
98
|
- !ruby/object:Gem::Dependency
|
99
99
|
name: metasploit-concern
|
@@ -291,6 +291,7 @@ files:
|
|
291
291
|
- db/migrate/20161107203710_create_index_on_private_data_and_type_for_ssh_key.rb
|
292
292
|
- db/migrate/20221209005658_create_index_on_private_data_and_type_for_pkcs12.rb
|
293
293
|
- lib/metasploit/credential.rb
|
294
|
+
- lib/metasploit/credential/case_insensitive_serializer.rb
|
294
295
|
- lib/metasploit/credential/core_validations.rb
|
295
296
|
- lib/metasploit/credential/creation.rb
|
296
297
|
- lib/metasploit/credential/engine.rb
|
metadata.gz.sig
CHANGED
Binary file
|