Class: Metasploit::Framework::CredentialCollection

Inherits:
PrivateCredentialCollection show all
Defined in:
lib/metasploit/framework/credential_collection.rb

Instance Attribute Summary collapse

Attributes inherited from PrivateCredentialCollection

#additional_privates, #blank_passwords, #filter, #nil_passwords, #pass_file, #password, #prepended_creds, #realm

Instance Method Summary collapse

Methods inherited from PrivateCredentialCollection

#add_private, #filtered?, #prepend_cred, #private_type

Constructor Details

#initialize(opts = {}) ⇒ CredentialCollection

Returns a new instance of CredentialCollection.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):



223
224
225
226
# File 'lib/metasploit/framework/credential_collection.rb', line 223

def initialize(opts = {})
  super
  self.additional_publics  ||= []
end

Instance Attribute Details

#additional_publicsArray<String>

Additional public values that should be tried

Returns:

  • (Array<String>)


187
188
189
# File 'lib/metasploit/framework/credential_collection.rb', line 187

def additional_publics
  @additional_publics
end

#anonymous_loginBoolean

Whether to attempt an anonymous login (blank user/pass)

Returns:

  • (Boolean)


213
214
215
# File 'lib/metasploit/framework/credential_collection.rb', line 213

def 
  @anonymous_login
end

#password_sprayBoolean

Whether password spray is enabled. When true, each password is tried against each username first. Otherwise the default bruteforce logic will attempt all passwords against the first user, before continuing to the next user

Returns:

  • (Boolean)


181
182
183
# File 'lib/metasploit/framework/credential_collection.rb', line 181

def password_spray
  @password_spray
end

#user_as_passBoolean

Whether each username should be tried as a password for that user

Returns:

  • (Boolean)


192
193
194
# File 'lib/metasploit/framework/credential_collection.rb', line 192

def user_as_pass
  @user_as_pass
end

#user_fileString

Path to a file containing usernames, one per line

Returns:

  • (String)


197
198
199
# File 'lib/metasploit/framework/credential_collection.rb', line 197

def user_file
  @user_file
end

#usernameString

The username that should be tried

Returns:

  • (String)


202
203
204
# File 'lib/metasploit/framework/credential_collection.rb', line 202

def username
  @username
end

#userpass_fileString

Path to a file containing usernames and passwords separated by a space, one pair per line

Returns:

  • (String)


208
209
210
# File 'lib/metasploit/framework/credential_collection.rb', line 208

def userpass_file
  @userpass_file
end

Instance Method Details

#add_public(public_str = '') ⇒ void

This method returns an undefined value.

Adds a string as an additional public credential to be combined in the collection.

Parameters:

  • public_str (String) (defaults to: '')

    The string to use as a public credential



233
234
235
# File 'lib/metasploit/framework/credential_collection.rb', line 233

def add_public(public_str='')
  additional_publics << public_str
end

#each_filtered {|credential| ... } ⇒ void Also known as: each

This method returns an undefined value.

Combines all the provided credential sources into a stream of Metasploit::Framework::Credential objects, yielding them one at a time

Yield Parameters:



242
243
244
245
246
247
248
# File 'lib/metasploit/framework/credential_collection.rb', line 242

def each_filtered
  each_unfiltered do |credential|
    next unless self.filter.nil? || self.filter.call(credential)

    yield credential
  end
end

#each_password(user) ⇒ Object

Iterates over all possible passwords



388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
# File 'lib/metasploit/framework/credential_collection.rb', line 388

def each_password(user)
  if nil_passwords
    yield [nil, :password]
  end

  if password.present?
    yield [password, private_type(password)]
  end

  if user_as_pass
    yield [user, :password]
  end

  if blank_passwords
    yield ["", :password]
  end

  if pass_file
    File.open(pass_file, 'r:binary') do |pass_fd|
      pass_fd.each_line do |pass_from_file|
        pass_from_file.chomp!
        yield [pass_from_file, private_type(pass_from_file)]
      end
      pass_fd.seek(0)
    end
  end

  additional_privates.each do |add_private|
    yield [add_private, private_type(add_private)]
  end
end

#each_unfiltered(&block) ⇒ Object



252
253
254
255
256
257
258
259
260
261
262
263
264
# File 'lib/metasploit/framework/credential_collection.rb', line 252

def each_unfiltered(&block)
  prepended_creds.each { |c| yield c }

  if 
    yield Metasploit::Framework::Credential.new(public: '', private: '', realm: realm, private_type: :password)
  end

  if password_spray
    each_unfiltered_password_first(&block)
  else
    each_unfiltered_username_first(&block)
  end
end

#each_unfiltered_password_first {|credential| ... } ⇒ void

This method returns an undefined value.

When password spraying is enabled, do first passwords then usernames

i.e.
 username1:password1
 username2:password1
 username3:password1

username1:password2
username2:password2
username3:password2

Yield Parameters:



278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
# File 'lib/metasploit/framework/credential_collection.rb', line 278

def each_unfiltered_password_first
  if nil_passwords
    each_username do |username|
      yield Metasploit::Framework::Credential.new(public: username, private: nil, realm: realm, private_type: :password)
    end
  end

  if password.present?
    each_username do |username|
      yield Metasploit::Framework::Credential.new(public: username, private: password, realm: realm, private_type: private_type(password))
    end
  end

  if user_as_pass
    each_username do |username|
      yield Metasploit::Framework::Credential.new(public: username, private: username, realm: realm, private_type: :password)
    end
  end

  if blank_passwords
    each_username do |username|
      yield Metasploit::Framework::Credential.new(public: username, private: "", realm: realm, private_type: :password)
    end
  end

  if pass_file.present?
    File.open(pass_file, 'r:binary') do |pass_fd|
      pass_fd.each_line do |pass_from_file|
        pass_from_file.chomp!

        each_username do |username|
          yield Metasploit::Framework::Credential.new(public: username, private: pass_from_file, realm: realm, private_type: private_type(pass_from_file))
        end
      end
    end
  end

  each_user_pass_from_userpass_file do |user, pass|
    yield Metasploit::Framework::Credential.new(public: user, private: pass, realm: realm, private_type: private_type(pass))
  end

  additional_privates.each do |add_private|
    each_username do |username|
      yield Metasploit::Framework::Credential.new(public: username, private: add_private, realm: realm, private_type: private_type(add_private))
    end
  end
end

#each_unfiltered_username_first {|credential| ... } ⇒ void

This method returns an undefined value.

When password spraying is not enabled, do first usernames then passwords

i.e.
 username1:password1
 username1:password2
 username1:password3

username2:password1
username2:password2
username2:password3

Yield Parameters:



358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
# File 'lib/metasploit/framework/credential_collection.rb', line 358

def each_unfiltered_username_first
  if username.present?
    each_password(username) do |password, private_type|
      yield Metasploit::Framework::Credential.new(public: username, private: password, realm: realm, private_type: private_type)
    end
  end

  if user_file.present?
    File.open(user_file, 'r:binary') do |user_fd|
      user_fd.each_line do |user_from_file|
        user_from_file.chomp!
        each_password(user_from_file) do |password, private_type|
          yield Metasploit::Framework::Credential.new(public: user_from_file, private: password, realm: realm, private_type: private_type)
        end
      end
    end
  end

  each_user_pass_from_userpass_file do |user, pass|
    yield Metasploit::Framework::Credential.new(public: user, private: pass, realm: realm, private_type: private_type(pass))
  end

  additional_publics.each do |add_public|
    each_password(add_public) do |password, private_type|
      yield Metasploit::Framework::Credential.new(public: add_public, private: password, realm: realm, private_type: private_type)
    end
  end
end

#each_user_pass_from_userpass_fileObject

Iterates on userpass file if present



421
422
423
424
425
426
427
428
429
430
431
432
# File 'lib/metasploit/framework/credential_collection.rb', line 421

def each_user_pass_from_userpass_file
  return unless userpass_file.present?

  File.open(userpass_file, 'r:binary') do |userpass_fd|
    userpass_fd.each_line do |line|
      user, pass = line.split(" ", 2)
      pass = pass.blank? ? '' : pass.chomp!

      yield [user, pass]
    end
  end
end

#each_usernameObject

Iterates over all possible usernames



327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
# File 'lib/metasploit/framework/credential_collection.rb', line 327

def each_username
  if username.present?
    yield username
  end

  if user_file.present?
    File.open(user_file, 'r:binary') do |user_fd|
      user_fd.each_line do |user_from_file|
        user_from_file.chomp!
        yield user_from_file
      end
      user_fd.seek(0)
    end
  end

  additional_publics.each do |add_public|
    yield add_public
  end
end

#empty?Boolean

Returns true when #each will have no results to iterate

Returns:

  • (Boolean)


437
438
439
# File 'lib/metasploit/framework/credential_collection.rb', line 437

def empty?
  prepended_creds.empty? && !has_users? && ! || (has_users? && !has_privates?)
end

#has_privates?Boolean

Returns true when there are any private values set

Returns:

  • (Boolean)


451
452
453
# File 'lib/metasploit/framework/credential_collection.rb', line 451

def has_privates?
  super || userpass_file.present? || user_as_pass
end

#has_users?Boolean

Returns true when there are any user values set

Returns:

  • (Boolean)


444
445
446
# File 'lib/metasploit/framework/credential_collection.rb', line 444

def has_users?
  username.present? || user_file.present? || userpass_file.present? || !additional_publics.empty?
end