Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/msp 11162/db all creds #3746

Merged
merged 4 commits into from Sep 8, 2014
Merged

Feature/msp 11162/db all creds #3746

merged 4 commits into from Sep 8, 2014

Conversation

thelightcosine
Copy link

This PR adds back the functionality for DB_ALL_CREDS on login modules. It implements 3 methods in AuthBrute to handle Passwords, NTLMHashes, and SSHKeys respectively.

VERIFICATION STEPS

  • have a workspace with some creds in it (preferably both NTLMHashes and passwords, but either will do)
  • use auxiliary/scanner/smb/smb_login
  • set RHOSTS to a target with smb
  • set DB_ALL_CREDS to true
  • unset any other username and password options
  • run
  • vERIFY it attempts the other credentials already saved in your DB

David Maloney added 2 commits September 4, 2014 12:20
add db_all_cred methods to authbrute
093f488 
adds 3 methods to add db_all_creds functionality back to
the loginscanners
call new prepend cred methods
00ec47f 
add method calls o all the lgoinscanner modules
so that they call the prepend_db_* methods as approrpiate
these methods automatically check to see if DB_ALL_CREDS was
selected
jlee-r7
jlee-r7 reviewed Sep 5, 2014
View reviewed changes
lib/msf/core/auxiliary/auth_brute.rb
# @param [Metasploit::Framework::CredentialCollection] the credential collection to add to
# @return [Metasploit::Framework::CredentialCollection] the modified Credentialcollection
def prepend_db_hashes(cred_collection)
if datastore['DB_ALL_CREDS']
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to also check that the database is connected

@thelightcosine
Copy link
Author

@jlee-r7 good catch, fixed now

@jlee-r7 jlee-r7 merged commit ef748fd into rapid7:master Sep 8, 2014
jlee-r7 pushed a commit that referenced this pull request Sep 8, 2014
@egypt
Land #3746, reinstate DB_ALL_CREDS
b800051
@thelightcosine thelightcosine deleted the feature/MSP-11162/db-all-creds branch March 4, 2015 20:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
library module
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@thelightcosine @jlee-r7 @todb-r7