Class: Metasploit::Framework::CredentialCollection

Inherits:

PrivateCredentialCollection

• Object
• PrivateCredentialCollection
• Metasploit::Framework::CredentialCollection

Defined in:

lib/metasploit/framework/credential_collection.rb

Instance Attribute Summary

• #additional_publics ⇒ Array<String>

  Additional public values that should be tried.

• #anonymous_login ⇒ Boolean

  Whether to attempt an anonymous login (blank user/pass).

• #ignore_private ⇒ Boolean

  Whether to ignore private (password).

• #ignore_public ⇒ Boolean

  Whether to ignore public (username).

• #password_spray ⇒ Boolean

  Whether password spray is enabled.

• #user_as_pass ⇒ Boolean

  Whether each username should be tried as a password for that user.

• #user_file ⇒ String

  Path to a file containing usernames, one per line.

• #username ⇒ String

  The username that should be tried.

• #userpass_file ⇒ String

  Path to a file containing usernames and passwords separated by a space, one pair per line.

Attributes inherited from PrivateCredentialCollection

#additional_privates, #blank_passwords, #filter, #nil_passwords, #pass_file, #password, #prepended_creds, #realm

Instance Method Summary

• #add_public(public_str = '') ⇒ void

  Adds a string as an additional public credential to be combined in the collection.

• #each_filtered {|credential| ... } ⇒ void (also: #each)

  Combines all the provided credential sources into a stream of Credential objects, yielding them one at a time.

• #each_unfiltered_password_first {|credential| ... } ⇒ void

  When password spraying is enabled, do first passwords then usernames i.e.

• #each_unfiltered_username_first {|credential| ... } ⇒ void

  When password spraying is not enabled, do first usernames then passwords i.e.

• #empty? ⇒ Boolean

  Returns true when #each will have no results to iterate.

• #has_privates? ⇒ Boolean

  Returns true when there are any private values set.

• #has_users? ⇒ Boolean

  Returns true when there are any user values set.

• #initialize(opts = {}) ⇒ CredentialCollection constructor

  A new instance of CredentialCollection.

Methods inherited from PrivateCredentialCollection

#add_private, #each_unfiltered, #filtered?, #prepend_cred, #private_type

Constructor Details

#initialize(opts = {}) ⇒ CredentialCollection

Returns a new instance of CredentialCollection.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :blank_passwords (Boolean) —

  See PrivateCredentialCollection#blank_passwords

• :pass_file (String) —

  See PrivateCredentialCollection#pass_file

• :password (String) —

  See PrivateCredentialCollection#password

• :prepended_creds (Array<Credential>) — default: [] —

  See PrivateCredentialCollection#prepended_creds

• :user_as_pass (Boolean) —

  See #user_as_pass

• :user_file (String) —

  See #user_file

• :username (String) —

  See #username

• :userpass_file (String) —

  See #userpass_file

# File 'lib/metasploit/framework/credential_collection.rb', line 240

def initialize(opts = {})
  super
  self.additional_publics  ||= []
end

Instance Attribute Details

#additional_publics ⇒ Array<String>

Additional public values that should be tried

Returns:

• (Array<String>)

# File 'lib/metasploit/framework/credential_collection.rb', line 187

def additional_publics
  @additional_publics
end

#anonymous_login ⇒ Boolean

Whether to attempt an anonymous login (blank user/pass)

Returns:

• (Boolean)

# File 'lib/metasploit/framework/credential_collection.rb', line 213

def anonymous_login
  @anonymous_login
end

#ignore_private ⇒ Boolean

Whether to ignore private (password). This is usually set when Kerberos or Schannel authentication is requested and the credentials are retrieved from cache or from a file. This attribute should be true in these scenarios, otherwise validation will fail since the password is not provided.

Returns:

• (Boolean)

# File 'lib/metasploit/framework/credential_collection.rb', line 222

def ignore_private
  @ignore_private
end

#ignore_public ⇒ Boolean

Whether to ignore public (username). This is usually set when Schannel authentication is requested and the credentials are retrieved from a file (certificate). This attribute should be true in this case, otherwise validation will fail since the password is not provided.

Returns:

• (Boolean)

# File 'lib/metasploit/framework/credential_collection.rb', line 230

def ignore_public
  @ignore_public
end

#password_spray ⇒ Boolean

Whether password spray is enabled. When true, each password is tried against each username first. Otherwise the default bruteforce logic will attempt all passwords against the first user, before continuing to the next user

Returns:

• (Boolean)

# File 'lib/metasploit/framework/credential_collection.rb', line 181

def password_spray
  @password_spray
end

#user_as_pass ⇒ Boolean

Whether each username should be tried as a password for that user

Returns:

• (Boolean)

# File 'lib/metasploit/framework/credential_collection.rb', line 192

def user_as_pass
  @user_as_pass
end

#user_file ⇒ String

Path to a file containing usernames, one per line

Returns:

• (String)

# File 'lib/metasploit/framework/credential_collection.rb', line 197

def user_file
  @user_file
end

#username ⇒ String

The username that should be tried

Returns:

• (String)

# File 'lib/metasploit/framework/credential_collection.rb', line 202

def username
  @username
end

#userpass_file ⇒ String

Path to a file containing usernames and passwords separated by a space, one pair per line

Returns:

• (String)

# File 'lib/metasploit/framework/credential_collection.rb', line 208

def userpass_file
  @userpass_file
end

Instance Method Details

#add_public(public_str = '') ⇒ void

This method returns an undefined value.

Adds a string as an additional public credential to be combined in the collection.

Parameters:

• public_str (String) (defaults to: '') —

  The string to use as a public credential

# File 'lib/metasploit/framework/credential_collection.rb', line 250

def add_public(public_str='')
  additional_publics << public_str
end

#each_filtered {|credential| ... } ⇒ void Also known as: each

This method returns an undefined value.

Combines all the provided credential sources into a stream of Metasploit::Framework::Credential objects, yielding them one at a time

Yield Parameters:

• credential (Metasploit::Framework::Credential)

# File 'lib/metasploit/framework/credential_collection.rb', line 259

def each_filtered
  if ignore_private
    if ignore_public
      yield Metasploit::Framework::Credential.new(public: nil, private: nil, realm: realm)
    else
      yield Metasploit::Framework::Credential.new(public: username, private: nil, realm: realm)
    end
  elsif password_spray
    each_unfiltered_password_first do |credential|
      next unless self.filter.nil? || self.filter.call(credential)

      yield credential
    end
  else
    each_unfiltered_username_first do |credential|
      next unless self.filter.nil? || self.filter.call(credential)

      yield credential
    end
  end
end

#each_unfiltered_password_first {|credential| ... } ⇒ void

This method returns an undefined value.

When password spraying is enabled, do first passwords then usernames

i.e.
 username1:password1
 username2:password1
 username3:password1

…

username1:password2
username2:password2
username3:password2

…

Yield Parameters:

• credential (Metasploit::Framework::Credential)

# File 'lib/metasploit/framework/credential_collection.rb', line 295

def each_unfiltered_password_first
  if user_file.present?
    user_fd = File.open(user_file, 'r:binary')
  end

  prepended_creds.each { |c| yield c }

  if anonymous_login
    yield Metasploit::Framework::Credential.new(public: '', private: '', realm: realm, private_type: :password)
  end

  if user_as_pass
    if user_fd
      user_fd.each_line do |user_from_file|
        user_from_file.chomp!
        yield Metasploit::Framework::Credential.new(public: user_from_file, private: user_from_file, realm: realm, private_type: private_type(password))
      end
      user_fd.seek(0)
    end
  end

  if password.present?
    if nil_passwords
      yield Metasploit::Framework::Credential.new(public: username, private: nil, realm: realm, private_type: :password)
    end
    if username.present?
      yield Metasploit::Framework::Credential.new(public: username, private: password, realm: realm, private_type: private_type(password))
    end
    if user_as_pass
      yield Metasploit::Framework::Credential.new(public: username, private: username, realm: realm, private_type: :password)
    end
    if blank_passwords
      yield Metasploit::Framework::Credential.new(public: username, private: "", realm: realm, private_type: :password)
    end
    if user_fd
      user_fd.each_line do |user_from_file|
        user_from_file.chomp!
        yield Metasploit::Framework::Credential.new(public: user_from_file, private: password, realm: realm, private_type: private_type(password))
      end
      user_fd.seek(0)
    end
  end

  if pass_file.present?
    File.open(pass_file, 'r:binary') do |pass_fd|
      pass_fd.each_line do |pass_from_file|
        pass_from_file.chomp!
        if username.present?
          yield Metasploit::Framework::Credential.new(public: username, private: pass_from_file, realm: realm, private_type: :password)
        end
        next unless user_fd

        user_fd.each_line do |user_from_file|
          user_from_file.chomp!
          yield Metasploit::Framework::Credential.new(public: user_from_file, private: pass_from_file, realm: realm, private_type: private_type(pass_from_file))
        end
        user_fd.seek(0)
      end
    end
  end

  if userpass_file.present?
    File.open(userpass_file, 'r:binary') do |userpass_fd|
      userpass_fd.each_line do |line|
        user, pass = line.split(" ", 2)
        if pass.blank?
          pass = ''
        else
          pass.chomp!
        end
        yield Metasploit::Framework::Credential.new(public: user, private: pass, realm: realm)
      end
    end
  end

  additional_privates.each do |add_private|
    if username.present?
      yield Metasploit::Framework::Credential.new(public: username, private: add_private, realm: realm, private_type: private_type(add_private))
    end
    user_fd.each_line do |user_from_file|
      user_from_file.chomp!
      yield Metasploit::Framework::Credential.new(public: user_from_file, private: add_private, realm: realm, private_type: private_type(add_private))
    end
    user_fd.seek(0)
  end

  additional_publics.each do |add_public|
    if password.present?
      yield Metasploit::Framework::Credential.new(public: add_public, private: password, realm: realm, private_type: private_type(password) )
    end
    if user_as_pass
      yield Metasploit::Framework::Credential.new(public: add_public, private: user_from_file, realm: realm, private_type: :password)
    end
    if blank_passwords
      yield Metasploit::Framework::Credential.new(public: add_public, private: "", realm: realm, private_type: :password)
    end
    if nil_passwords
      yield Metasploit::Framework::Credential.new(public: add_public, private: nil, realm: realm, private_type: :password)
    end
    if user_fd
      user_fd.each_line do |user_from_file|
        user_from_file.chomp!
        yield Metasploit::Framework::Credential.new(public: add_public, private: user_from_file, realm: realm, private_type: private_type(user_from_file))
      end
      user_fd.seek(0)
    end
    additional_privates.each do |add_private|
      yield Metasploit::Framework::Credential.new(public: add_public, private: add_private, realm: realm, private_type: private_type(add_private))
    end
  end
ensure
  user_fd.close if user_fd && !user_fd.closed?
end

#each_unfiltered_username_first {|credential| ... } ⇒ void

This method returns an undefined value.

When password spraying is not enabled, do first usernames then passwords

i.e.
 username1:password1
 username1:password2
 username1:password3

…

username2:password1
username2:password2
username2:password3

Yield Parameters:

• credential (Metasploit::Framework::Credential)

# File 'lib/metasploit/framework/credential_collection.rb', line 420

def each_unfiltered_username_first
  if pass_file.present?
    pass_fd = File.open(pass_file, 'r:binary')
  end

  prepended_creds.each { |c| yield c }

  if anonymous_login
    yield Metasploit::Framework::Credential.new(public: '', private: '', realm: realm, private_type: :password)
  end

  if username.present?
    if nil_passwords
      yield Metasploit::Framework::Credential.new(public: username, private: nil, realm: realm, private_type: :password)
    end
    if password.present?
      yield Metasploit::Framework::Credential.new(public: username, private: password, realm: realm, private_type: private_type(password))
    end
    if user_as_pass
      yield Metasploit::Framework::Credential.new(public: username, private: username, realm: realm, private_type: :password)
    end
    if blank_passwords
      yield Metasploit::Framework::Credential.new(public: username, private: "", realm: realm, private_type: :password)
    end
    if pass_fd
      pass_fd.each_line do |pass_from_file|
        pass_from_file.chomp!
        yield Metasploit::Framework::Credential.new(public: username, private: pass_from_file, realm: realm, private_type: private_type(pass_from_file))
      end
      pass_fd.seek(0)
    end
    additional_privates.each do |add_private|
      yield Metasploit::Framework::Credential.new(public: username, private: add_private, realm: realm, private_type: private_type(add_private))
    end
  end

  if user_file.present?
    File.open(user_file, 'r:binary') do |user_fd|
      user_fd.each_line do |user_from_file|
        user_from_file.chomp!
        if nil_passwords
          yield Metasploit::Framework::Credential.new(public: user_from_file, private: nil, realm: realm, private_type: :password)
        end
        if password.present?
          yield Metasploit::Framework::Credential.new(public: user_from_file, private: password, realm: realm, private_type: private_type(password) )
        end
        if user_as_pass
          yield Metasploit::Framework::Credential.new(public: user_from_file, private: user_from_file, realm: realm, private_type: :password)
        end
        if blank_passwords
          yield Metasploit::Framework::Credential.new(public: user_from_file, private: "", realm: realm, private_type: :password)
        end
        if pass_fd
          pass_fd.each_line do |pass_from_file|
            pass_from_file.chomp!
            yield Metasploit::Framework::Credential.new(public: user_from_file, private: pass_from_file, realm: realm, private_type: private_type(pass_from_file))
          end
          pass_fd.seek(0)
        end
        additional_privates.each do |add_private|
          yield Metasploit::Framework::Credential.new(public: user_from_file, private: add_private, realm: realm, private_type: private_type(add_private))
        end
      end
    end
  end

  if userpass_file.present?
    File.open(userpass_file, 'r:binary') do |userpass_fd|
      userpass_fd.each_line do |line|
        user, pass = line.split(" ", 2)
        if pass.blank?
          pass = ''
        else
          pass.chomp!
        end
        yield Metasploit::Framework::Credential.new(public: user, private: pass, realm: realm)
      end
    end
  end

  additional_publics.each do |add_public|
    if password.present?
      yield Metasploit::Framework::Credential.new(public: add_public, private: password, realm: realm, private_type: private_type(password) )
    end
    if user_as_pass
      yield Metasploit::Framework::Credential.new(public: add_public, private: user_from_file, realm: realm, private_type: :password)
    end
    if blank_passwords
      yield Metasploit::Framework::Credential.new(public: add_public, private: "", realm: realm, private_type: :password)
    end
    if pass_fd
      pass_fd.each_line do |pass_from_file|
        pass_from_file.chomp!
        yield Metasploit::Framework::Credential.new(public: add_public, private: pass_from_file, realm: realm, private_type: private_type(pass_from_file))
      end
      pass_fd.seek(0)
    end
    additional_privates.each do |add_private|
      yield Metasploit::Framework::Credential.new(public: add_public, private: add_private, realm: realm, private_type: private_type(add_private))
    end
  end
ensure
  pass_fd.close if pass_fd && !pass_fd.closed?
end

#empty? ⇒ Boolean

Returns true when #each will have no results to iterate

Returns:

• (Boolean)

# File 'lib/metasploit/framework/credential_collection.rb', line 528

def empty?
  prepended_creds.empty? && !has_users? && !anonymous_login || (has_users? && !has_privates?)
end

#has_privates? ⇒ Boolean

Returns true when there are any private values set

Returns:

• (Boolean)

# File 'lib/metasploit/framework/credential_collection.rb', line 542

def has_privates?
  super || userpass_file.present? || user_as_pass || !!ignore_private
end

#has_users? ⇒ Boolean

Returns true when there are any user values set

Returns:

• (Boolean)

# File 'lib/metasploit/framework/credential_collection.rb', line 535

def has_users?
  username.present? || user_file.present? || userpass_file.present? || !additional_publics.empty? || !!ignore_public
end