Skip to content

Commit

Permalink
Add user affordance for scanner modules that can create a new session
Browse files Browse the repository at this point in the history
  • Loading branch information
dwelch-r7 committed Mar 20, 2024
1 parent 15c56a8 commit 4946fc2
Show file tree
Hide file tree
Showing 4 changed files with 71 additions and 8 deletions.
20 changes: 18 additions & 2 deletions modules/auxiliary/scanner/mssql/mssql_login.rb
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,19 @@ def create_session?
end
end

def run
results = super
logins = results.flat_map { |_k, v| v[:successful_logins] }
sessions = results.flat_map { |_k, v| v[:successful_sessions] }
print_status("Bruteforce completed, #{logins.size} credentials were successful.")
if datastore['CreateSession']
print_status("#{sessions.size} MSSQL sessions were opened successfully.")
else
print_status('You can open an MSSQL session with these credentials and CreateSession set to true')
end
results
end

def run_host(ip)
print_status("#{rhost}:#{rport} - MSSQL - Starting authentication scanner.")

Expand Down Expand Up @@ -102,7 +115,8 @@ def run_host(ip)
local_port: datastore['CPORT'],
local_host: datastore['CHOST']
)

successful_logins = []
successful_sessions = []
scanner.scan! do |result|
credential_data = result.to_h
credential_data.merge!(
Expand All @@ -114,11 +128,12 @@ def run_host(ip)
credential_data[:core] = credential_core
create_credential_login(credential_data)
print_good "#{ip}:#{rport} - Login Successful: #{result.credential}"
successful_logins << result

if create_session?
begin
mssql_client = result.proof
session_setup(result, mssql_client)
successful_sessions << session_setup(result, mssql_client)
rescue ::StandardError => e
elog('Failed: ', error: e)
print_error(e)
Expand All @@ -130,6 +145,7 @@ def run_host(ip)
vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
end
end
{ successful_logins: successful_logins, successful_sessions: successful_sessions }
end

def session_setup(result, client)
Expand Down
18 changes: 17 additions & 1 deletion modules/auxiliary/scanner/mysql/mysql_login.rb
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,18 @@ def target
[rhost,rport].join(":")
end

def run
results = super
logins = results.flat_map { |_k, v| v[:successful_logins] }
sessions = results.flat_map { |_k, v| v[:successful_sessions] }
print_status("Bruteforce completed, #{logins.size} credentials were successful.")
if datastore['CreateSession']
print_status("#{sessions.size} MySQL sessions were opened successfully.")
else
print_status('You can open an MySQL session with these credentials and CreateSession set to true')
end
results
end

def run_host(ip)
begin
Expand Down Expand Up @@ -90,6 +102,8 @@ def run_host(ip)
local_host: datastore['CHOST']
)

successful_logins = []
successful_sessions = []
scanner.scan! do |result|
credential_data = result.to_h
credential_data.merge!(
Expand All @@ -102,11 +116,12 @@ def run_host(ip)
create_credential_login(credential_data)

print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"
successful_logins << result

if create_session?
begin
mysql_client = result.proof
session_setup(result, mysql_client)
successful_sessions << session_setup(result, mysql_client)
rescue ::StandardError => e
elog('Failed: ', error: e)
print_error(e)
Expand All @@ -125,6 +140,7 @@ def run_host(ip)
rescue ::Rex::ConnectionError, ::EOFError => e
vprint_error "#{target} - Unable to connect: #{e.to_s}"
end
{ successful_logins: successful_logins, successful_sessions: successful_sessions }
end

# Tmtm's rbmysql is only good for recent versions of mysql, according
Expand Down
21 changes: 18 additions & 3 deletions modules/auxiliary/scanner/postgres/postgres_login.rb
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,19 @@ def create_session?
end
end

def run
results = super
logins = results.flat_map { |_k, v| v[:successful_logins] }
sessions = results.flat_map { |_k, v| v[:successful_sessions] }
print_status("Bruteforce completed, #{logins.size} credentials were successful.")
if datastore['CreateSession']
print_status("#{sessions.size} Postgres sessions were opened successfully.")
else
print_status('You can open a Postgres session with these credentials and CreateSession set to true')
end
results
end

# Loops through each host in turn. Note the current IP address is both
# ip and datastore['RHOST']
def run_host(ip)
Expand All @@ -85,7 +98,8 @@ def run_host(ip)
framework_module: self,
use_client_as_proof: create_session?
)

successful_logins = []
successful_sessions = []
scanner.scan! do |result|
credential_data = result.to_h
credential_data.merge!(
Expand All @@ -98,11 +112,12 @@ def run_host(ip)
create_credential_login(credential_data)

print_good "#{ip}:#{rport} - Login Successful: #{result.credential}"
successful_logins << result

if create_session?
begin
postgresql_client = result.proof
session_setup(result, postgresql_client)
successful_sessions << session_setup(result, postgresql_client)
rescue ::StandardError => e
elog('Failed: ', error: e)
print_error(e)
Expand All @@ -114,7 +129,7 @@ def run_host(ip)
vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})"
end
end

{ successful_logins: successful_logins, successful_sessions: successful_sessions }
end

# Alias for RHOST
Expand Down
20 changes: 18 additions & 2 deletions modules/auxiliary/scanner/smb/smb_login.rb
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,19 @@ def create_session?
end
end

def run
results = super
logins = results.flat_map { |_k, v| v[:successful_logins] }
sessions = results.flat_map { |_k, v| v[:successful_sessions] }
print_status("Bruteforce completed, #{logins.size} credentials were successful.")
if datastore['CreateSession']
print_status("#{sessions.size} SMB sessions were opened successfully.")
else
print_status('You can open an SMB session with these credentials and CreateSession set to true')
end
results
end

def run_host(ip)
print_brute(level: :vstatus, ip: ip, msg: 'Starting SMB login bruteforce')

Expand Down Expand Up @@ -156,7 +169,8 @@ def run_host(ip)
cred_collection = prepend_db_hashes(cred_collection)

@scanner.cred_details = cred_collection

successful_logins = []
successful_sessions = []
@scanner.scan! do |result|
case result.status
when Metasploit::Model::Login::Status::LOCKED_OUT
Expand All @@ -173,11 +187,12 @@ def run_host(ip)
:next_user
when Metasploit::Model::Login::Status::SUCCESSFUL
print_brute level: :good, ip: ip, msg: "Success: '#{result.credential}' #{result.access_level}"
successful_logins << result
report_creds(ip, rport, result)
if create_session?
begin
smb_client = result.proof
session_setup(result, smb_client)
successful_sessions << session_setup(result, smb_client)
rescue StandardError => e
elog('Failed to setup the session', error: e)
print_brute level: :error, ip: ip, msg: "Failed to setup the session - #{e.class} #{e.message}"
Expand Down Expand Up @@ -217,6 +232,7 @@ def run_host(ip)
)
end
end
{ successful_logins: successful_logins, successful_sessions: successful_sessions }
end

# This logic is not universal ie a local account will not care about workgroup
Expand Down

0 comments on commit 4946fc2

Please sign in to comment.