Land rapid7#5935, final creds refactor

modules/auxiliary/admin/mysql/mysql_enum.rb

@@ -27,6 +27,33 @@ def initialize(info = {})
 
   end
 
+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      origin_type: :service,
+      module_fullname: fullname,
+      username: opts[:user],
+      private_data: opts[:password],
+      private_type: :nonreplayable_hash,
+      jtr_format: 'mysql,mysql-sha1'
+    }.merge(service_data)
+
+    login_data = {
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::UNTRIED,
+      proof: opts[:proof]
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
   def run
     return if not mysql_login_datastore
     print_status("Running MySQL Enumerator...")
@@ -86,15 +113,14 @@ def run
       print_status("\tList of Accounts with Password Hashes:")
       res.each do |row|
         print_status("\t\tUser: #{row[0]} Host: #{row[1]} Password Hash: #{row[2]}")
-        report_auth_info({
-          :host  => rhost,
-          :port  => rport,
-          :user  => row[0],
-          :pass  => row[2],
-          :type  => "mysql_hash",
-          :sname => "mysql",
-          :active => true
-        })
+        report_cred(
+          ip: rhost,
+          port: rport,
+          user: row[0],
+          password: row[2],
+          service_name: 'mysql',
+          proof: row.inspect
+        )
       end
     end
     # Only list accounts that can log in with SSL if SSL is enabled

modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb

@@ -175,22 +175,47 @@ def run
         @plain_passwords[i] << " (ISO-8859-1 hex chars)"
       end
 
-      report_auth_info({
-       :host => rhost,
-       :port => rport,
-       :user => @users[i][0],
-       :pass => @plain_passwords[i],
-       :type => "password",
-       :sname => (ssl ? "https" : "http"),
-       :proof => "Leaked encrypted password from #{@users[i][3]}: #{@users[i][1]}:#{@users[i][2]}"
-      })
+      report_cred(
+        ip: rhost,
+        port: rport,
+        user: @users[i][0],
+        password: @plain_passwords[i],
+        service_name: (ssl ? "https" : "http"),
+        proof: "Leaked encrypted password from #{@users[i][3]}: #{@users[i][1]}:#{@users[i][2]}"
+      )
 
       users_table << [@users[i][0], @users[i][1], @users[i][2], @plain_passwords[i], user_type(@users[i][3])]
     end
 
     print_line(users_table.to_s)
   end
 
+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      origin_type: :service,
+      module_fullname: fullname,
+      username: opts[:user],
+      private_data: opts[:password],
+      private_type: :password
+    }.merge(service_data)
+
+    login_data = {
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::UNTRIED,
+      proof: opts[:proof]
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
   def user_type(database)
     user_type = database
 

modules/auxiliary/admin/scada/modicon_password_recovery.rb

@@ -90,18 +90,45 @@ def run
     end
   end
 
+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      origin_type: :service,
+      module_fullname: fullname,
+      username: opts[:user],
+      private_data: opts[:password],
+      private_type: :password
+    }.merge(service_data)
+
+    login_data = {
+      last_attempted_at: Time.now,
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::SUCCESSFUL,
+      proof: opts[:proof]
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
   def setup_ftp_connection
     vprint_status "#{ip}:#{rport} - FTP - Connecting"
-    if connect_login()
+    conn = connect_login
+    if conn
       print_status("#{ip}:#{rport} - FTP - Login succeeded")
-      report_auth_info(
-        :host => ip,
-        :port => rport,
-        :proto => 'tcp',
-        :user => user,
-        :pass => pass,
-        :ptype => 'password_ro',
-        :active => true
+      report_cred(
+        ip: ip,
+        port: rport,
+        user: user,
+        password: pass,
+        service_name: 'modicon',
+        proof: "connect_login: #{conn}"
       )
       return true
     else

modules/auxiliary/analyze/jtr_oracle_fast.rb

@@ -37,6 +37,33 @@ def run
     crack("oracle11g")
   end
 
+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      origin_type: :service,
+      module_fullname: fullname,
+      username: opts[:user],
+      private_data: opts[:password],
+      private_type: :nonreplayable_hash,
+      jtr_format: opts[:format]
+    }.merge(service_data)
+
+    login_data = {
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::UNTRIED,
+      proof: opts[:proof]
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
 
   def crack(format)
 
@@ -71,12 +98,14 @@ def crack(format)
       print_status("#{cracked[:cracked]} hashes were cracked!")
       cracked[:users].each_pair do |k,v|
         print_good("Host: #{v[1]} Port: #{v[2]} User: #{k} Pass: #{v[0]}")
-        report_auth_info(
-          :host  => v[1],
-          :port => v[2],
-          :sname => 'oracle',
-          :user => k,
-          :pass => v[0]
+        report_cred(
+          ip: v[1],
+          port: v[2],
+          service_name: 'oracle',
+          user: k,
+          pass: v[0],
+          format: format,
+          proof: cracked.inspect
         )
       end
     end

modules/auxiliary/dos/http/wordpress_long_password_dos.rb

@@ -68,16 +68,41 @@ def timeout
     datastore['TIMEOUT']
   end
 
+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      origin_type: :service,
+      module_fullname: fullname,
+      username: opts[:user]
+    }.merge(service_data)
+
+    login_data = {
+      last_attempted_at: DateTime.now,
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::SUCCESSFUL,
+      proof: opts[:proof]
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
   def user_exists(user)
     exists = wordpress_user_exists?(user)
     if exists
       print_good("#{peer} - Username \"#{username}\" is valid")
-      report_auth_info(
-        :host => rhost,
-        :sname => (ssl ? 'https' : 'http'),
-        :user => user,
-        :port => rport,
-        :proof => "WEBAPP=\"Wordpress\", VHOST=#{vhost}"
+      report_cred(
+        ip: rhost,
+        port: rport,
+        user: user,
+        service_name: (ssl ? 'https' : 'http'),
+        proof: "WEBAPP=\"Wordpress\", VHOST=#{vhost}"
       )
 
       return true

modules/auxiliary/gather/apache_rave_creds.rb

@@ -103,6 +103,33 @@ def setup
     }
   end
 
+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      origin_type: :service,
+      module_fullname: fullname,
+      username: opts[:user],
+      private_data: opts[:password],
+      private_type: :password
+    }.merge(service_data)
+
+    login_data = {
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::UNTRIED,
+      proof: opts[:proof]
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
+
   def run
 
     print_status("#{rhost}:#{rport} - Fingerprinting...")
@@ -183,13 +210,13 @@ def run
       print_status("#{rhost}:#{rport} - Recovering Hashes...")
       json_info["result"]["resultSet"].each { |result|
         print_good("#{rhost}:#{rport} - Found cred: #{result["username"]}:#{result["password"]}")
-        report_auth_info(
-          :host => rhost,
-          :port => rport,
-          :sname => "Apache Rave",
-          :user => result["username"],
-          :pass => result["password"],
-          :active => result["enabled"]
+        report_cred(
+          ip: rhost,
+          port: rport,
+          service_name: 'Apache Rave',
+          user: result["username"],
+          password: result["password"],
+          proof: user_data
         )
       }
 

modules/auxiliary/gather/d20pass.rb

@@ -182,6 +182,32 @@ def findentry(f, name, start)
     return res
   end
 
+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      origin_type: :service,
+      module_fullname: fullname,
+      username: opts[:user],
+      private_data: opts[:password],
+      private_type: :password
+    }.merge(service_data)
+
+    login_data = {
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::UNTRIED,
+      proof: opts[:proof]
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
   # Parse the usernames, passwords, and security levels from the config
   # It's a little ugly (lots of hard-coded offsets).
   # The userdata starts at an offset dictated by the B014USERS config
@@ -213,13 +239,13 @@ def parseusers(f, userentryptr)
         break
       end
       logins <<  [accounttype,  accountname,  accountpass]
-      report_auth_info(
-        :host => datastore['RHOST'],
-        :port => 23,
-        :sname => "telnet",
-        :user => accountname,
-        :pass => accountpass,
-        :active => true
+      report_cred(
+        ip: datastore['RHOST'],
+        port: 23,
+        service_name: 'telnet',
+        user: accountname,
+        password: accountpass,
+        proof: accounttype
       )
     end
     if not logins.rows.empty?