Land #18952, Updates Postgres hashdump module to now work with newer …

…versions of Postgres
rapid7 · Mar 12, 2024 · 81e96d3 · 81e96d3
2 parents 1baf868 + a33e7a7
commit 81e96d3
Showing 1 changed file with 16 additions and 12 deletions.
diff --git a/modules/auxiliary/scanner/postgres/postgres_hashdump.rb b/modules/auxiliary/scanner/postgres/postgres_hashdump.rb
@@ -114,23 +114,27 @@ def run_host(ip)
         workspace_id: myworkspace_id
     }
 
-    credential_data = {
-        origin_type: :service,
-        jtr_format: 'raw-md5,postgres',
-        module_fullname: self.fullname,
-        private_type: :postgres_md5
-    }
-
-    credential_data.merge!(service_data)
-
-
     res[:complete].rows.each do |row|
       next if row[0].nil? or row[1].nil?
       next if row[0].empty? or row[1].empty?
+
       password = row[1]
 
-      credential_data[:username]     = row[0]
-      credential_data[:private_data] = password
+      credential_data = {
+        origin_type: :service,
+        module_fullname: self.fullname,
+        private_data: password,
+        username: row[0]
+      }
+
+      if password.start_with?('md5')
+        credential_data[:private_type] = :postgres_md5
+        credential_data[:jtr_format] = 'raw-md5,postgres'
+      else
+        credential_data[:private_type] = :nonreplayable_hash
+      end
+
+      credential_data.merge!(service_data)
 
       credential_core = create_credential(credential_data)
       login_data = {