metasploit-credential 0.13.10 → 0.13.11

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    ZTI2NTNmNzJkMWE3MzRjMTYxZjk5NDE4YjFiOWVkM2I3YTZkYzE2OQ==
+    ODI2ZjA2Nzg2ODU2YmRlNDlmODA5N2UzYTcyNmVlM2FlMjQ1MjdkYQ==
   data.tar.gz: !binary |-
-    N2IzZWIyZDk4NTUxMDJjMDY5NjFkZTBjM2I0YWY1OGZiZjE1ZGU5NA==
+    YmNjNWJkM2UyMDVkYzMwZTQxODU3YTRiMThhMjA1NGIwYjJjODNjMg==
 SHA512:
   metadata.gz: !binary |-
-    MzY4ZDdmYmVkYzM1NTAzNzU3OWU2NWQwYTA5ODQ5ODcyNzViNzUxNTQyOGM5
-    Y2RjMjIwYjEwMDdkYTQwOTk2MzQ3ZWZmOWJhMTE5ODJlNDQxZDk3NTBiNjNm
-    YWUwOGRmZjBlY2FhYWQ3OGJhMmFkMGVkNmYzOWQ3NmI3M2U2YzM=
+    Mjc3ODk2NTk3Mjg3NzZkODc0YzM4MmE1YTE5OTYxNzE1MDNiMjIxMGJjMmZl
+    Y2FhODdlOTllZThlOGMwZDhmNThhMDFlOWEzZTI4NDNmYjMzMTVjOWE5NjVk
+    YTk0YjcyZWNlZmUyZmEyNWViMTE1MGFmMzE1MjMzMmIzM2VjN2U=
   data.tar.gz: !binary |-
-    OGQyMWQyOTNjMmI4ZGY1OWEwNGNjNWRmMGIyZGMwYmUxYjBkMmFjMGRiNzIw
-    OWJmZjI4ODBhZWVkZmQ5NTI1YzQ4Yjg2ZjJjMjhjZThiYmQ4NzlmODczZmEz
-    NDFiMTUxNzAyOGM3NjI1YjhkZWNiZDAxN2RkNWYwNzBmZDIwYTU=
+    ZTYzMzIzMTNmNGNlODU4NjU4ZTVhNmEzMTU5N2EyNWFkOTgyZWVmNWEyNzQ3
+    YzhlY2IxYjU3OGVjNjFiOTcwZGFlNzY5Y2NiOTI3YTI5M2E0OWM0MDZmMTEw
+    ZmI2YTVjZWI4NjA0NGM4MDc2YjNkYTBmZjA2NmNkM2NlMmJhMDg=

data/lib/metasploit/credential/creation.rb

@@ -208,10 +208,10 @@ module Metasploit
           opts[:task_id] ||= self[:task].record.id
         end
 
-        access_level       = opts.fetch(:access_level, nil)
         core               = opts.fetch(:core)
+        access_level       = opts.fetch(:access_level, nil)
         last_attempted_at  = opts.fetch(:last_attempted_at, nil)
-        status             = opts.fetch(:status)
+        status             = opts.fetch(:status, Metasploit::Model::Login::Status::UNTRIED)
 
         login_object = nil
         retry_transaction do

data/lib/metasploit/credential/exporter/core.rb

@@ -122,6 +122,9 @@ class Metasploit::Credential::Exporter::Core
   # The hashes returned by this method will contain credentials for
   # networked devices which may or may not successfully authenticate to those
   # devices.
+  # Note that the order of columns here must match the order in
+  # Metasploit::Credential::Importer::Core::VALID_LONG_CSV_HEADERS or
+  # the headers and row values will be mismatched and break import.
   # @param login [Metasploit::Credential::Login]
   # @return [Hash]
   def line_for_login(login)
@@ -130,7 +133,10 @@ class Metasploit::Credential::Exporter::Core
       host_address: login.service.host.address,
       service_port: login.service.port,
       service_name: login.service.try(:name),
-      service_protocol: login.service.proto
+      service_protocol: login.service.proto,
+      status: login.status,
+      access_level: login.access_level,
+      last_attempted_at: login.last_attempted_at
     })
   end
 

data/lib/metasploit/credential/importer/core.rb

@@ -21,7 +21,12 @@ class Metasploit::Credential::Importer::Core
   BLANK_TOKEN = "<BLANK>"
 
   # Valid headers for a CSV containing heterogenous {Metasploit::Credential::Private} types and values for {Metasploit::Credential::Realm}
-  VALID_LONG_CSV_HEADERS = [:username, :private_type, :private_data, :realm_key, :realm_value, :host_address, :service_port, :service_name, :service_protocol]
+  VALID_LONG_CSV_HEADERS = [:username, :private_type, :private_data,
+                            :realm_key, :realm_value, :host_address,
+                            :service_port, :service_name,
+                            :service_protocol, :status, :access_level,
+                            :last_attempted_at
+  ]
 
   # Valid headers for a "short" CSV containing only data for {Metasploit::Credential::Public} and {Metasploit::Credential::Private} objects
   VALID_SHORT_CSV_HEADERS = [:username,  :private_data]
@@ -107,10 +112,15 @@ class Metasploit::Credential::Importer::Core
         private_data  = row['private_data'].present? ? row['private_data'] : ''
 
         # Host and Service information for Logins
-        host_address     = row['host_address']
-        service_port     = row['service_port']
-        service_protocol = row['service_protocol']
-        service_name     = row['service_name']
+        host_address      = row['host_address']
+        service_port      = row['service_port']
+        service_protocol  = row['service_protocol']
+        service_name      = row['service_name']
+        # These were not initially included in the export, so handle
+        # legacy cases:
+        access_level      = row['access_level'].present? ? row['access_level'] : ''
+        last_attempted_at = row['last_attempted_at'].present? ? row['last_attempted_at'] : ''
+        status            = row['status'].present? ? row['status'] : ''
 
 
         if realms[realm_value].nil?
@@ -140,13 +150,16 @@ class Metasploit::Credential::Importer::Core
         if host_address.present? && service_port.present? && service_protocol.present?
           login_opts = {
             core: core,
-            status: Metasploit::Model::Login::Status::UNTRIED,  # don't trust creds on import
             address: host_address,
             port: service_port,
             protocol: service_protocol,
             workspace_id: workspace.id,
             service_name: service_name.present? ? service_name : ""
           }
+          login_opts[:last_attempted_at] = last_attempted_at unless status.blank?
+          login_opts[:status]            = status unless status.blank?
+          login_opts[:access_level]      = access_level unless access_level.blank?
+
           create_credential_login(login_opts)
         end
       end

data/lib/metasploit/credential/version.rb

@@ -7,7 +7,7 @@ module Metasploit
       # The minor version number, scoped to the {MAJOR} version number.
       MINOR = 13
       # The patch number, scoped to the {MINOR} version number.
-      PATCH = 10
+      PATCH = 11
 
       # The full version string, including the {MAJOR}, {MINOR}, {PATCH}, and optionally, the {PRERELEASE} in the
       # {http://semver.org/spec/v2.0.0.html semantic versioning v2.0.0} format.

data/spec/dummy/config/database.yml

@@ -1,18 +1,18 @@
 # Please only use postgresql bound to a TCP port.
-defaults: &defaults
+development: &pgsql
   adapter: postgresql
-  username: msf
-  password: pass123
+  database: metasploit_credential_development
   host: localhost
   port: 5432
-  pool: 50
+  pool: 5
   timeout: 5
 
-development:
-  database: metasploit_cr
-  <<: *defaults
-
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+#
+# Note also, sqlite3 is totally unsupported by Metasploit now.
 test:
-  database: metasploit_cr_test
-  min_messages: WARNING
-  <<: *defaults
+  <<: *pgsql
+  database: metasploit_credential_test
+

data/spec/factories/metasploit/credential/importer/cores.rb

@@ -1,20 +1,26 @@
 FactoryGirl.define do
+  long_form_headers  = 'username,private_type,private_data,realm_key,realm_value,host_address,service_port,service_name,service_protocol,status,access_level,last_attempted_at'
+  short_form_headers = 'username,private_data'
+  login_status       = Metasploit::Model::Login::Status::ALL.select {|x| x != Metasploit::Model::Login::Status::UNTRIED }.sample
+  access_level       = ['Admin', 'Foo'].sample
+  last_attempted_at  = Time.now - 10
+
   factory :metasploit_credential_core_importer,
           class: Metasploit::Credential::Importer::Core do
-
-    origin {FactoryGirl.build :metasploit_credential_origin_import }
-    input { generate(:well_formed_csv_compliant_header)}
+            origin { FactoryGirl.build :metasploit_credential_origin_import }
+            input  { generate(:well_formed_csv_compliant_header) }
   end
 
+
   # Well-formed CSV
   # Has a compliant header as defined by Metasploit::Credential::Importer::Core
   # Contains 2 realms
   sequence :well_formed_csv_compliant_header do |n|
     csv_string =<<-eos
-username,private_type,private_data,realm_key,realm_value,host_address,service_port,service_name,service_protocol
-han_solo-#{n},#{Metasploit::Credential::Password.name},falcon_chief,#{Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN},Rebels
-princessl-#{n},#{Metasploit::Credential::Password.name},bagel_head,#{Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN},Rebels
-lord_vader-#{n},#{Metasploit::Credential::Password.name},evilisfun,#{Metasploit::Model::Realm::Key::ORACLE_SYSTEM_IDENTIFIER},dstar_admins
+#{long_form_headers}
+han_solo-#{n},#{Metasploit::Credential::Password.name},falcon_chief,#{Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN},Rebels,,,,,#{login_status},#{access_level},#{last_attempted_at}
+princessl-#{n},#{Metasploit::Credential::Password.name},bagel_head,#{Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN},Rebels,,,,,#{login_status},#{access_level},#{last_attempted_at}
+lord_vader-#{n},#{Metasploit::Credential::Password.name},evilisfun,#{Metasploit::Model::Realm::Key::ORACLE_SYSTEM_IDENTIFIER},dstar_admins,,,,,#{login_status},#{access_level},#{last_attempted_at}
     eos
     StringIO.new(csv_string)
   end
@@ -24,10 +30,10 @@ lord_vader-#{n},#{Metasploit::Credential::Password.name},evilisfun,#{Metasploit:
   # Contains 2 logins
   sequence :well_formed_csv_compliant_header_with_service_info do |n|
     csv_string =<<-eos
-username,private_type,private_data,realm_key,realm_value,host_address,service_port,service_name,service_protocol
-han_solo-#{n},#{Metasploit::Credential::Password.name},falcon_chief,#{Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN},Rebels,10.0.1.1,1234,smb,tcp
-princessl-#{n},#{Metasploit::Credential::Password.name},bagel_head,#{Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN},Rebels,10.0.1.2,1234,smb,tcp
-lord_vader-#{n},#{Metasploit::Credential::Password.name},evilisfun,#{Metasploit::Model::Realm::Key::ORACLE_SYSTEM_IDENTIFIER},dstar_admins
+#{long_form_headers}
+han_solo-#{n},#{Metasploit::Credential::Password.name},falcon_chief,#{Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN},Rebels,10.0.1.1,1234,smb,tcp,#{login_status},#{access_level},#{last_attempted_at}
+princessl-#{n},#{Metasploit::Credential::Password.name},bagel_head,#{Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN},Rebels,10.0.1.2,1234,smb,tcp,#{login_status},#{access_level},#{last_attempted_at}
+lord_vader-#{n},#{Metasploit::Credential::Password.name},evilisfun,#{Metasploit::Model::Realm::Key::ORACLE_SYSTEM_IDENTIFIER},dstar_admins,#{login_status},#{access_level},#{last_attempted_at}
     eos
     StringIO.new(csv_string)
   end
@@ -37,10 +43,10 @@ lord_vader-#{n},#{Metasploit::Credential::Password.name},evilisfun,#{Metasploit:
   # Contains no realm data
   sequence :well_formed_csv_compliant_header_no_realm do |n|
     csv_string =<<-eos
-username,private_type,private_data,realm_key,realm_value,host_address,service_port,service_name,service_protocol
-han_solo-#{n},#{Metasploit::Credential::Password.name},falcon_chief,,
-princessl-#{n},#{Metasploit::Credential::Password.name},bagel_head,,
-lord_vader-#{n},#{Metasploit::Credential::Password.name},evilisfun,,
+#{long_form_headers}
+han_solo-#{n},#{Metasploit::Credential::Password.name},falcon_chief,,,,,,#{login_status},#{access_level},#{last_attempted_at},,,,,#{login_status},#{access_level},#{last_attempted_at}
+princessl-#{n},#{Metasploit::Credential::Password.name},bagel_head,,,,,,#{login_status},#{access_level},#{last_attempted_at},,,,,#{login_status},#{access_level},#{last_attempted_at}
+lord_vader-#{n},#{Metasploit::Credential::Password.name},evilisfun,,,,,,#{login_status},#{access_level},#{last_attempted_at},,,,,#{login_status},#{access_level},#{last_attempted_at}
     eos
     StringIO.new(csv_string)
   end
@@ -51,10 +57,10 @@ lord_vader-#{n},#{Metasploit::Credential::Password.name},evilisfun,,
   # Contains core with a blank Public
   sequence :well_formed_csv_compliant_header_missing_public do |n|
     csv_string =<<-eos
-username,private_type,private_data,realm_key,realm_value,host_address,service_port,service_name,service_protocol
-,#{Metasploit::Credential::Password.name},falcon_chief,#{Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN},Rebels
-princessl-#{n},#{Metasploit::Credential::Password.name},bagel_head,#{Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN},Rebels
-lord_vader-#{n},#{Metasploit::Credential::Password.name},evilisfun,#{Metasploit::Model::Realm::Key::ORACLE_SYSTEM_IDENTIFIER},dstar_admins
+#{long_form_headers}
+,#{Metasploit::Credential::Password.name},falcon_chief,#{Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN},Rebels,,,,,#{login_status},#{access_level},#{last_attempted_at}
+princessl-#{n},#{Metasploit::Credential::Password.name},bagel_head,#{Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN},Rebels,,,,,#{login_status},#{access_level},#{last_attempted_at}
+lord_vader-#{n},#{Metasploit::Credential::Password.name},evilisfun,#{Metasploit::Model::Realm::Key::ORACLE_SYSTEM_IDENTIFIER},dstar_admins,,,,,#{login_status},#{access_level},#{last_attempted_at}
     eos
     StringIO.new(csv_string)
   end
@@ -65,7 +71,7 @@ lord_vader-#{n},#{Metasploit::Credential::Password.name},evilisfun,#{Metasploit:
   # Contains core with a blank Private
   sequence :well_formed_csv_compliant_header_missing_private do |n|
     csv_string =<<-eos
-username,private_type,private_data,realm_key,realm_value,host_address,service_port,service_name,service_protocol
+#{long_form_headers}
 han_solo,,,#{Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN},Rebels
 princessl-#{n},#{Metasploit::Credential::Password.name},bagel_head,#{Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN},Rebels
 lord_vader-#{n},#{Metasploit::Credential::Password.name},evilisfun,#{Metasploit::Model::Realm::Key::ORACLE_SYSTEM_IDENTIFIER},dstar_admins
@@ -78,7 +84,7 @@ lord_vader-#{n},#{Metasploit::Credential::Password.name},evilisfun,#{Metasploit:
   # Conforms to "short" form, in which only username and private_data are specified in the file
   sequence :short_well_formed_csv do |n|
     csv_string =<<-eos
-username,private_data
+#{short_form_headers}
 han_solo-#{n},falC0nBaws
 princessl-#{n},bagelHead
     eos
@@ -116,7 +122,7 @@ foo,{"""}
   # We have a header row but nothing else
   sequence :empty_core_csv do |n|
     csv_string =<<-eos
-username,private_type,private_data,realm_key,realm_value,host_address,service_port,service_name,service_protocol
+#{long_form_headers}
     eos
     StringIO.new(csv_string)
   end

data/spec/lib/metasploit/credential/exporter/core_spec.rb

@@ -59,69 +59,76 @@ describe Metasploit::Credential::Exporter::Core do
   end
 
   describe "#line_for_core" do
+    let(:result_hash) { core_exporter.line_for_core(core) }
+
     it 'should produce values in the proper order' do
-      core_exporter.line_for_core(core).values.should == [core.public.username, core.private.type,
-                                                          core.private.data, core.realm.key, core.realm.value]
+      result_hash.values.should == [core.public.username, core.private.type,
+                                    core.private.data, core.realm.key, core.realm.value]
     end
 
     it 'should produce a hash with the public username' do
-      result_hash = core_exporter.line_for_core(core)
       result_hash[:username].should == core.public.username
     end
 
     it 'should produce a hash with the private data' do
-      result_hash = core_exporter.line_for_core(core)
       result_hash[:private_data].should == core.private.data
     end
 
     it 'should produce a hash with the name of the private type' do
-      result_hash = core_exporter.line_for_core(core)
       result_hash[:private_type].should == core.private.type
     end
   end
 
   describe "#line_for_login" do
     let(:login){ FactoryGirl.create(:metasploit_credential_login, core: core, service: service) }
+    let(:result_hash) { core_exporter.line_for_login(login) }
 
     it 'should produce values in the proper order' do
-      core_exporter.line_for_login(login).values.should == [core.public.username, core.private.type,
-                                                            core.private.data, core.realm.key, core.realm.value,
-                                                            login.service.host.address, login.service.port,
-                                                            login.service.name, login.service.proto]
+      result_hash.values.should == [core.public.username, core.private.type,
+                                    core.private.data, core.realm.key, core.realm.value,
+                                    login.service.host.address, login.service.port,
+                                    login.service.name, login.service.proto,
+                                    login.status, login.access_level, login.last_attempted_at
+      ]
     end
 
     it 'should produce a hash with the service host address' do
-      result_hash = core_exporter.line_for_login(login)
       result_hash[:host_address].should == login.service.host.address
     end
 
     it 'should produce a hash with the service port' do
-      result_hash = core_exporter.line_for_login(login)
       result_hash[:service_port].should == login.service.port
     end
 
     it 'should produce a hash with the service name' do
-      result_hash = core_exporter.line_for_login(login)
       result_hash[:service_name].should == login.service.name
     end
 
     it 'should produce a hash with the service protocol' do
-      result_hash = core_exporter.line_for_login(login)
       result_hash[:service_protocol].should == login.service.proto
     end
 
+    it 'should produce a hash with the login status' do
+      result_hash[:status].should == login.status
+    end
+
+    it 'should produce a hash with the login access_level' do
+      result_hash[:access_level].should == login.access_level
+    end
+
+    it 'should produce a hash with the login last_attempted_at' do
+      result_hash[:last_attempted_at].should == login.last_attempted_at
+    end
+
     it 'should produce a hash with the public information' do
-      result_hash = core_exporter.line_for_login(login)
       result_hash[:username].should == login.core.public.username
     end
 
     it 'should produce a hash with the private data' do
-      result_hash = core_exporter.line_for_login(login)
       result_hash[:private_data].should == login.core.private.data
     end
 
-    it 'should produce a hash with the demodulized name of the  private type' do
-      result_hash = core_exporter.line_for_login(login)
+    it 'should produce a hash with the demodulized name of the private type' do
       result_hash[:private_type].should == login.core.private.type
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-credential
 version: !ruby/object:Gem::Version
-  version: 0.13.10
+  version: 0.13.11
 platform: ruby
 authors:
 - Luke Imhoff
@@ -310,7 +310,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.4
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Credential models for metasploit-framework and Metasploit Pro