Skip to content

Commit

Permalink
Land #19550, Fix username/password generation in case both PASSWORD_S…
Browse files Browse the repository at this point in the history 
…PRAY and USER_AS_PASS are enabled
  • Loading branch information
@cgranleese-r7
cgranleese-r7 authored Nov 6, 2024
2 parents c27c943 + 8c5bead commit 96f6f66
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 3 deletions.
13 changes: 10 additions & 3 deletions lib/metasploit/framework/credential_collection.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -280,6 +280,16 @@ def each_unfiltered_password_first
yield Metasploit::Framework::Credential.new(public: '', private: '', realm: realm, private_type: :password)
end

if user_as_pass
if user_fd
user_fd.each_line do |user_from_file|
user_from_file.chomp!
yield Metasploit::Framework::Credential.new(public: user_from_file, private: user_from_file, realm: realm, private_type: private_type(password))
end
user_fd.seek(0)
end
end

if password.present?
if nil_passwords
yield Metasploit::Framework::Credential.new(public: username, private: nil, realm: realm, private_type: :password)
Expand Down Expand Up @@ -309,9 +319,6 @@ def each_unfiltered_password_first
if username.present?
yield Metasploit::Framework::Credential.new(public: username, private: pass_from_file, realm: realm, private_type: :password)
end
if user_as_pass
yield Metasploit::Framework::Credential.new(public: pass_from_file, private: pass_from_file, realm: realm, private_type: :password)
end
next unless user_fd

user_fd.each_line do |user_from_file|
Expand Down
18 changes: 18 additions & 0 deletions spec/lib/metasploit/framework/credential_collection_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,24 @@
Metasploit::Framework::Credential.new(public: "user3", private: "password2"),
)
end

context 'when :user_as_pass is true' do
let(:user_as_pass) { true }

specify do
expect { |b| collection.each(&b) }.to yield_successive_args(
Metasploit::Framework::Credential.new(public: "user1", private: "user1"),
Metasploit::Framework::Credential.new(public: "user2", private: "user2"),
Metasploit::Framework::Credential.new(public: "user3", private: "user3"),
Metasploit::Framework::Credential.new(public: "user1", private: "password1"),
Metasploit::Framework::Credential.new(public: "user2", private: "password1"),
Metasploit::Framework::Credential.new(public: "user3", private: "password1"),
Metasploit::Framework::Credential.new(public: "user1", private: "password2"),
Metasploit::Framework::Credential.new(public: "user2", private: "password2"),
Metasploit::Framework::Credential.new(public: "user3", private: "password2"),
)
end
end
end

context 'when given a username and password' do
Expand Down

0 comments on commit 96f6f66

Please sign in to comment.