Cleanup auxiliary/scanner/msf/msf_rpc_login

[bcoles]

This PR includes a couple of bug fixes and minor code clean up for the Metasploit RPC Interface Login Utility module.

Output before and after this patch is shown below.

Changes

• Libraries:

  • The RPC library loading has been moved to the top of the file. This is cleaner and should be safe, given that the msf/core/rpc/v10/client library is packaged with Metasploit, and that the msgpack Gem requirement is included in Gemfile.lock.
  • The include Msf::Exploit::Remote::Tcp library has been included, for no other reason than to allow access to peer, rhost, rport, ssl variables.

• Output

  • When scanning more than one host the output made no sense. This has been cleaned up with the use of peer in output.

• Bug Fixes

  • If the connection is refused, the module will now skip the host, instead of needlessly continuing login attempts with all passwords against all users.
  • The proof has been removed from the reported credentials. The proof was res.body which was raising undefined method `body' for true:TrueClass which was triggering the rescue, causing the call to report_cred to fail, resulting in credentials being reported to console, but never to the database.

Output (Before)

msf auxiliary(msf_rpc_login) > set rhosts 127.0.0.1 172.16.191.181
rhosts => 127.0.0.1 172.16.191.181
rmsf auxiliary(msf_rpc_login) > run

[*] Trying username:'msf' with password:'test'
[*] true - Bad login
[*] Trying username:'msf' with password:'12345'
[*] true - Bad login
[*] Trying username:'msf' with password:'123456'
[*] true - Bad login
[*] Trying username:'msf' with password:'password'
[*] true - Bad login
[*] Trying username:'msf' with password:'abc123'
[*] true - Bad login
[*] Trying username:'msf' with password:'msfchangeme'
[*] true - Bad login
[*] Scanned 1 of 2 hosts (50% complete)
[*] Trying username:'msf' with password:'test'
[*] true - Bad login
[*] Trying username:'msf' with password:'12345'
[*] true - Bad login
[*] Trying username:'msf' with password:'123456'
[*] true - Bad login
[*] Trying username:'msf' with password:'password'
[*] true - Bad login
[*] Trying username:'msf' with password:'abc123'
[+] SUCCESSFUL LOGIN. 'msf' : 'abc123'
[*] true - Bad login
[*] Trying username:'msf' with password:'msfchangeme'
[*] true - Bad login
[*] Scanned 2 of 2 hosts (100% complete)
[*] Auxiliary module execution completed

Output (After)

msf auxiliary(msf_rpc_login) > set rhosts 127.0.0.1 172.16.191.181
rhosts => 127.0.0.1 172.16.191.181
msf auxiliary(msf_rpc_login) > run

[*] 127.0.0.1:55553       - Trying username:'msf' with password:'test'
[-] 127.0.0.1:55553       - 127.0.0.1:55553       - Connection refused
[*] Scanned 1 of 2 hosts (50% complete)
[*] 172.16.191.181:55553  - Trying username:'msf' with password:'test'
[*] 172.16.191.181:55553  - 172.16.191.181:55553 - [1/6] - Bad login
[*] 172.16.191.181:55553  - Trying username:'msf' with password:'12345'
[*] 172.16.191.181:55553  - 172.16.191.181:55553 - [2/6] - Bad login
[*] 172.16.191.181:55553  - Trying username:'msf' with password:'123456'
[*] 172.16.191.181:55553  - 172.16.191.181:55553 - [3/6] - Bad login
[*] 172.16.191.181:55553  - Trying username:'msf' with password:'password'
[*] 172.16.191.181:55553  - 172.16.191.181:55553 - [4/6] - Bad login
[*] 172.16.191.181:55553  - Trying username:'msf' with password:'abc123'
[+] 172.16.191.181:55553  - SUCCESSFUL LOGIN. 'msf' : 'abc123'
[!] 172.16.191.181:55553  - No active DB -- Credential data will not be saved!
[*] Scanned 2 of 2 hosts (100% complete)
[*] Auxiliary module execution completed

[bcoles]

New PR of #8654 which had merge conflicts.

[busterb]

Works for me, landing.

[busterb]

Release Notes

The auxiliary/scanner/msf/msf_rpc_login module has been updated to properly display target host information as the scan proceeds. Also, the module's scanning behavior now skips hosts that are not listening on the target service port, and the credential information is properly stored in the database.