Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump metasploit credential to 6.0.5 #18024

Merged
merged 1 commit into from May 25, 2023
Merged

bump metasploit credential to 6.0.5 #18024

merged 1 commit into from May 25, 2023

Conversation

zgoldman-r7
Copy link
Contributor

@zgoldman-r7 zgoldman-r7 commented May 24, 2023
edited

This bumps the metasploit-credential gem to version 6.0.5 in order to fix a bug with credential imports.

Verification

-Import a credential of type NTLMHash, PostgresMD5, or KrbEncKey, where the key has uppercase values
-Delete that credential core
-Import the credential again
Previously, this will give an error on import. This should now yield successful imports on the version bump

@zgoldman-r7 zgoldman-r7 changed the title bump metasploit credential to 6.0.6 bump metasploit credential to 6.0.5 May 24, 2023
@zgoldman-r7 zgoldman-r7 marked this pull request as ready for review May 24, 2023 19:28
@zgoldman-r7 zgoldman-r7 marked this pull request as draft May 25, 2023 05:35
@jmartin-tech jmartin-tech self-assigned this May 25, 2023
@jmartin-tech
Copy link
Contributor

Before:

msf6 > creds add user:postgres postgres:md5BE86a79bf2043622d58d5453c47d4860
msf6 > creds
Credentials
===========

host  origin  service  public    private                              realm  private_type  JtR Format
----  ------  -------  ------    -------                              -----  ------------  ----------
                       postgres  md5be86a79bf2043622d58d5453c47d4860         Postgres md5  raw-md5,postgres

msf6 > creds -d
Credentials
===========

host  origin  service  public    private                              realm  private_type  JtR Format
----  ------  -------  ------    -------                              -----  ------------  ----------
                       postgres  md5be86a79bf2043622d58d5453c47d4860         Postgres md5  raw-md5,postgres

[*] Deleted 1 creds
msf6 > creds add user:postgres postgres:md5BE86a79bf2043622d58d5453c47d4860
[-] Failed to add : Validation failed: Data has already been taken

After:

msf6 > creds add user:postgres postgres:md5BE86a79bf2043622d58d5453c47d4860
msf6 > creds
Credentials
===========

host  origin  service  public    private                              realm  private_type  JtR Format
----  ------  -------  ------    -------                              -----  ------------  ----------
                       postgres  md5be86a79bf2043622d58d5453c47d4860         Postgres md5  raw-md5,postgres

msf6 > creds -d
Credentials
===========

host  origin  service  public    private                              realm  private_type  JtR Format
----  ------  -------  ------    -------                              -----  ------------  ----------
                       postgres  md5be86a79bf2043622d58d5453c47d4860         Postgres md5  raw-md5,postgres

[*] Deleted 1 creds
msf6 > creds add user:postgres postgres:md5BE86a79bf2043622d58d5453c47d4860
msf6 > creds
Credentials
===========

host  origin  service  public    private                              realm  private_type  JtR Format
----  ------  -------  ------    -------                              -----  ------------  ----------
                       postgres  md5be86a79bf2043622d58d5453c47d4860         Postgres md5  raw-md5,postgres

@jmartin-tech jmartin-tech marked this pull request as ready for review May 25, 2023 15:48
@jmartin-tech jmartin-tech merged commit 2879dca into rapid7:master May 25, 2023
24 of 30 checks passed
@cgranleese-r7
Copy link
Contributor

Release Notes

This PR fixes an issue with credentials being normalized to lowercase inconsistently, causing collisions with uppercase data. Relevant credentials are now automatically normalized to lowercase on insert and lookup.

@cgranleese-r7 cgranleese-r7 added the rn-fix release notes fix label May 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmartin-tech jmartin-tech Awaiting requested review from jmartin-tech

Assignees

@jmartin-tech jmartin-tech

Labels
rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@zgoldman-r7 @jmartin-tech @cgranleese-r7