Skip to content

Commit

Permalink
Merge pull request #19610 from cgranleese-r7/fixes-report-summary
Browse files Browse the repository at this point in the history
Updates report summary mixin with an additional fallback when finding creds
  • Loading branch information
adfoster-r7 authored Nov 7, 2024
2 parents c988308 + dc6cb34 commit 3ccf18f
Showing 1 changed file with 27 additions and 10 deletions.
37 changes: 27 additions & 10 deletions lib/msf/core/auxiliary/report_summary.rb
Original file line number Diff line number Diff line change
Expand Up @@ -39,19 +39,40 @@ def run
result
end

# Take credentials hash and check data for username and password and then returns a hash for those values
#
# @param [Hash] credential_data
# @return [Hash]
def login_credentials(credential_data)
# If the database is active and core is populated then grab the creds from there, otherwise
# fallback and check in credentials data's top layer
if framework.db&.active && credential_data[:core]
{
public: credential_data[:core].public,
private_data: credential_data[:core].private
}
elsif credential_data[:username] && credential_data[:private_data]
{
public: credential_data[:username],
private_data: credential_data[:private_data]
}
else
{
public: 'credentials could not be reported',
private_data: 'credentials could not be reported'
}
end
end

# Creates a credential and adds to to the DB if one is present
#
# @param [Hash] credential_data
# @return [Metasploit::Credential::Login]
def create_credential_login(credential_data)
return super unless framework.features.enabled?(Msf::FeatureManager::SHOW_SUCCESSFUL_LOGINS) && datastore['ShowSuccessfulLogins'] && @report

credential = {
public: credential_data[:username],
private_data: credential_data[:private_data]
}
@report[rhost] = { successful_logins: [] }
@report[rhost][:successful_logins] << credential
@report[rhost][:successful_logins] << login_credentials(credential_data)
super
end

Expand All @@ -69,12 +90,8 @@ def create_credential_login(credential_data)
def create_credential_and_login(credential_data)
return super unless framework.features.enabled?(Msf::FeatureManager::SHOW_SUCCESSFUL_LOGINS) && datastore['ShowSuccessfulLogins'] && @report

credential = {
public: credential_data[:username],
private_data: credential_data[:private_data]
}
@report[rhost] = { successful_logins: [] }
@report[rhost][:successful_logins] << credential
@report[rhost][:successful_logins] << login_credentials(credential_data)
super
end

Expand Down

0 comments on commit 3ccf18f

Please sign in to comment.