Use PostgreSQL session type for postgres_hashdump

sjanusz-r7 · Jan 24, 2024 · a7c9f1f · a7c9f1f
1 parent 438114f
commit a7c9f1f
Showing 1 changed file with 23 additions and 12 deletions.
diff --git a/modules/auxiliary/scanner/postgres/postgres_hashdump.rb b/modules/auxiliary/scanner/postgres/postgres_hashdump.rb
@@ -7,6 +7,7 @@ class MetasploitModule < Msf::Auxiliary
   include Msf::Exploit::Remote::Postgres
   include Msf::Auxiliary::Report
   include Msf::Auxiliary::Scanner
+  include Msf::OptionalSession
 
   def initialize
     super(
@@ -16,22 +17,32 @@ def initialize
         hashes from a Postgres server and stores them for later cracking.
       },
       'Author'         => ['theLightCosine'],
-      'License'        => MSF_LICENSE
+      'License'        => MSF_LICENSE,
+      'SessionTypes'   => %w[PostgreSQL]
     )
-    register_options([
-      OptString.new('DATABASE', [ true, 'The database to authenticate against', 'postgres']),
-      ])
     deregister_options('SQL', 'RETURN_ROWSET', 'VERBOSE')
 
   end
 
-  def run_host(ip)
+  def username
+    session ? session.client.params['username'] : datastore['USERNAME']
+  end
+
+  def database
+    session ? session.client.params['database'] : datastore['DATABASE']
+  end
 
+  def private_data
+    # The session or its client doesn't store the password
+    session ? nil : datastore['PASSWORD']
+  end
+
+  def run_host(ip)
     # Query the Postgres Shadow table for username and password hashes and report them
     res = postgres_query('SELECT usename, passwd FROM pg_shadow',false)
 
     service_data = {
-        address: ip,
+        address: rhost,
         port: rport,
         service_name: 'postgres',
         protocol: 'tcp',
@@ -41,11 +52,11 @@ def run_host(ip)
     credential_data = {
         module_fullname: self.fullname,
         origin_type: :service,
-        private_data: datastore['PASSWORD'],
+        private_data: private_data,
         private_type: :password,
-        username: datastore['USERNAME'],
+        username: username,
         realm_key:  Metasploit::Model::Realm::Key::POSTGRESQL_DATABASE,
-        realm_value: datastore['DATABASE']
+        realm_value: database
     }
 
     credential_data.merge!(service_data)
@@ -68,10 +79,10 @@ def run_host(ip)
 
       case res[:sql_error]
       when /^C42501/
-        print_error "#{datastore['RHOST']}:#{datastore['RPORT']} Postgres - Insufficient permissions."
+        print_error "#{rhost}:#{rport} Postgres - Insufficient permissions."
         return
       else
-        print_error "#{datastore['RHOST']}:#{datastore['RPORT']} Postgres - #{res[:sql_error]}"
+        print_error "#{rhost}:#{rport} Postgres - #{res[:sql_error]}"
         return
       end
     when :complete
@@ -96,7 +107,7 @@ def run_host(ip)
     )
 
     service_data = {
-        address: ::Rex::Socket.getaddress(rhost,true),
+        address: rhost,
         port: rport,
         service_name: 'postgres',
         protocol: 'tcp',