Class: Msf::Exploit::Remote::Pkcs12::Storage

Inherits:
Object
  • Object
show all
Includes:
Auxiliary::Report
Defined in:
lib/msf/core/exploit/remote/pkcs12/storage.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Auxiliary::Report

#active_db?, #create_cracked_credential, #create_credential, #create_credential_and_login, #create_credential_login, #db, #db_warning_given?, #get_client, #get_host, #inside_workspace_boundary?, #invalidate_login, #mytask, #myworkspace, #myworkspace_id, #report_auth_info, #report_client, #report_exploit, #report_host, #report_loot, #report_note, #report_service, #report_vuln, #report_web_form, #report_web_page, #report_web_site, #report_web_vuln, #store_cred, #store_local, #store_loot

Methods included from Metasploit::Framework::Require

optionally, optionally_active_record_railtie, optionally_include_metasploit_credential_creation, #optionally_include_metasploit_credential_creation, optionally_require_metasploit_db_gem_engines

Constructor Details

#initialize(framework: nil, framework_module: nil) ⇒ Storage

Returns a new instance of Storage.



14
15
16
17
 
# File 'lib/msf/core/exploit/remote/pkcs12/storage.rb', line 14

def initialize(framework: nil, framework_module: nil)
  @framework = framework || framework_module&.framework
  @framework_module = framework_module
end

Instance Attribute Details

#frameworkObject (readonly)

Returns the value of attribute framework.



8
9
10
 
# File 'lib/msf/core/exploit/remote/pkcs12/storage.rb', line 8

def framework
  @framework
end

#framework_moduleObject (readonly)

Returns the value of attribute framework_module.



12
13
14
 
# File 'lib/msf/core/exploit/remote/pkcs12/storage.rb', line 12

def framework_module
  @framework_module
end

Instance Method Details

#activate(ids:) ⇒ Array<StoredPkcs12>

Mark Pkcs12(s) as active

Parameters:

  • ids (Array<Integer>)

    The list of pkcs12 IDs.

Returns:



122
123
124
 
# File 'lib/msf/core/exploit/remote/pkcs12/storage.rb', line 122

def activate(ids:)
  set_status(ids: ids, status: 'active')
end

#deactivate(ids:) ⇒ Array<StoredPkcs12>

Mark Pkcs12(s) as inactive

Parameters:

  • ids (Array<Integer>)

    The list of pkcs12 IDs.

Returns:



114
115
116
 
# File 'lib/msf/core/exploit/remote/pkcs12/storage.rb', line 114

def deactivate(ids:)
  set_status(ids: ids, status: 'inactive')
end

#delete(options = {}) ⇒ Object 



88
89
90
91
92
93
94
95
96
97
98
99
 
# File 'lib/msf/core/exploit/remote/pkcs12/storage.rb', line 88

def delete(options = {})
  if options.keys == [:ids]
    # skip calling #filter_pkcs12 which issues a query when the IDs are specified
    ids = options[:ids]
  else
    ids = filter_pkcs12(options).map(&:id)
  end

  framework.db.delete_credentials(ids: ids).map do |stored_pkcs12|
    StoredPkcs12.new(stored_pkcs12)
  end
end

#filter_pkcs12(options) ⇒ Array<Metasploit::Credential::Core>

Return the raw stored pkcs12.

Parameters:

  • options (Hash)

    See the options hash description in #pkcs12.

Returns:

  • (Array<Metasploit::Credential::Core>) 


42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
# File 'lib/msf/core/exploit/remote/pkcs12/storage.rb', line 42

def filter_pkcs12(options)
  return [] unless active_db?

  filter = {}
  filter[:id] = options[:id] if options[:id].present?

  creds = framework.db.creds(
    workspace: options.fetch(:workspace) { workspace },
    type: 'Metasploit::Credential::Pkcs12',
    **filter
  ).select do |cred|
    # this is needed since if a filter is provided (e.g. `id:`) framework.db.creds will ignore the type:
    next false unless cred.private.type == 'Metasploit::Credential::Pkcs12'

    if options[:username].present?
      next false if options[:username].casecmp(cred.public.username) != 0
    end

    if options[:realm].present? && cred.realm
      next false if options[:realm].casecmp(cred.realm.value) != 0
    end

    if options[:status].present?
      # If status is not set on the credential, considere it is `active`
      status = cred.private.status || 'active'
      next false if status != options[:status]
    end

    cert = cred.private.openssl_pkcs12.certificate
    unless Time.now.between?(cert.not_before, cert.not_after)
      ilog("[filter_pkcs12] Found a matching certificate but it has expired")
      next false
    end

    if options[:tls_auth]
      eku = cert.extensions.select { |c| c.oid == 'extendedKeyUsage' }.first
      unless eku&.value.include?('TLS Web Client Authentication')
        ilog("[filter_pkcs12] Found a matching certificate but it doesn't have the 'TLS Web Client Authentication' EKU")
        next false
      end
    end

    true
  end
end

#pkcs12(options = {}, &block) ⇒ Array<StoredPkcs12>

Get stored pkcs12 matching the options query.

Parameters:

  • options (Hash) (defaults to: {})

    The options for matching pkcs12’s.

Options Hash (options):

  • :id (Integer, Array<Integer>)

    The identifier of the pkcs12 (optional)

  • :realm (String)

    The realm of the pkcs12 (optional)

  • :username (String)

    The username of the pkcs12 (optional)

Returns:



26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/msf/core/exploit/remote/pkcs12/storage.rb', line 26

def pkcs12(options = {}, &block)
  stored_pkcs12_array = filter_pkcs12(options).map do |pkcs12_entry|
    StoredPkcs12.new(pkcs12_entry)
  end

  stored_pkcs12_array.each do |stored_pkcs12|
    block.call(stored_pkcs12) if block_given?
  end

  stored_pkcs12_array
end

#workspaceString

Returns The name of the workspace in which to operate.

Returns:

  • (String)

    The name of the workspace in which to operate.



102
103
104
105
106
107
108
 
# File 'lib/msf/core/exploit/remote/pkcs12/storage.rb', line 102

def workspace
  if @framework_module
    return @framework_module.workspace
  elsif @framework&.db&.active
    return @framework.db.workspace&.name
  end
end