Class: Metasploit::Framework::CredentialCollection

Inherits:

PrivateCredentialCollection

• Object
• PrivateCredentialCollection
• Metasploit::Framework::CredentialCollection

Defined in:

lib/metasploit/framework/credential_collection.rb

Instance Attribute Summary

• #additional_publics ⇒ Array<String>

  Additional public values that should be tried.

• #anonymous_login ⇒ Boolean

  Whether to attempt an anonymous login (blank user/pass).

• #password_spray ⇒ Object

  Returns the value of attribute password_spray.

• #user_as_pass ⇒ Boolean

  Whether each username should be tried as a password for that user.

• #user_file ⇒ String

  Path to a file containing usernames, one per line.

• #username ⇒ String

  The username that should be tried.

• #userpass_file ⇒ String

  Path to a file containing usernames and passwords separated by a space, one pair per line.

Attributes inherited from PrivateCredentialCollection

#additional_privates, #blank_passwords, #filter, #nil_passwords, #pass_file, #password, #prepended_creds, #realm

Instance Method Summary

• #add_public(public_str = '') ⇒ void

  Adds a string as an additional public credential to be combined in the collection.

• #each_unfiltered_password_first {|credential| ... } ⇒ void

  When password spraying is enabled, do first passwords then usernames i.e.

• #each_unfiltered_username_first {|credential| ... } ⇒ void

  When password spraying is not enabled, do first usernames then passwords i.e.

• #empty? ⇒ Boolean

  Returns true when #each will have no results to iterate.

• #has_privates? ⇒ Boolean

  Returns true when there are any private values set.

• #has_users? ⇒ Boolean

  Returns true when there are any user values set.

• #initialize(opts = {}) ⇒ CredentialCollection constructor

  A new instance of CredentialCollection.

Methods inherited from PrivateCredentialCollection

#add_private, #each_filtered, #each_unfiltered, #filtered?, #prepend_cred, #private_type

Constructor Details

#initialize(opts = {}) ⇒ CredentialCollection

Returns a new instance of CredentialCollection.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :blank_passwords (Boolean) —

  See PrivateCredentialCollection#blank_passwords

• :pass_file (String) —

  See PrivateCredentialCollection#pass_file

• :password (String) —

  See PrivateCredentialCollection#password

• :prepended_creds (Array<Credential>) — default: [] —

  See PrivateCredentialCollection#prepended_creds

• :user_as_pass (Boolean) —

  See #user_as_pass

• :user_file (String) —

  See #user_file

• :username (String) —

  See #username

• :userpass_file (String) —

  See #userpass_file

# File 'lib/metasploit/framework/credential_collection.rb', line 222

def initialize(opts = {})
  super
  self.additional_publics  ||= []
end

Instance Attribute Details

#additional_publics ⇒ Array<String>

Additional public values that should be tried

Returns:

• (Array<String>)

# File 'lib/metasploit/framework/credential_collection.rb', line 186

def additional_publics
  @additional_publics
end

#anonymous_login ⇒ Boolean

Whether to attempt an anonymous login (blank user/pass)

Returns:

• (Boolean)

# File 'lib/metasploit/framework/credential_collection.rb', line 212

def anonymous_login
  @anonymous_login
end

#password_spray ⇒ Object

Returns the value of attribute password_spray.

# File 'lib/metasploit/framework/credential_collection.rb', line 180

def password_spray
  @password_spray
end

#user_as_pass ⇒ Boolean

Whether each username should be tried as a password for that user

Returns:

• (Boolean)

# File 'lib/metasploit/framework/credential_collection.rb', line 191

def user_as_pass
  @user_as_pass
end

#user_file ⇒ String

Path to a file containing usernames, one per line

Returns:

• (String)

# File 'lib/metasploit/framework/credential_collection.rb', line 196

def user_file
  @user_file
end

#username ⇒ String

The username that should be tried

Returns:

• (String)

# File 'lib/metasploit/framework/credential_collection.rb', line 201

def username
  @username
end

#userpass_file ⇒ String

Path to a file containing usernames and passwords separated by a space, one pair per line

Returns:

• (String)

# File 'lib/metasploit/framework/credential_collection.rb', line 207

def userpass_file
  @userpass_file
end

Instance Method Details

#add_public(public_str = '') ⇒ void

This method returns an undefined value.

Adds a string as an additional public credential to be combined in the collection.

Parameters:

• public_str (String) (defaults to: '') —

  The string to use as a public credential

# File 'lib/metasploit/framework/credential_collection.rb', line 232

def add_public(public_str='')
  additional_publics << public_str
end

#each_unfiltered_password_first {|credential| ... } ⇒ void

This method returns an undefined value.

When password spraying is enabled, do first passwords then usernames

i.e.
 username1:password1
 username2:password1
 username3:password1

…

username1:password2
username2:password2
username3:password2

…

Yield Parameters:

• credential (Metasploit::Framework::Credential)

# File 'lib/metasploit/framework/credential_collection.rb', line 248

def each_unfiltered_password_first
  if user_file.present?
    user_fd = File.open(user_file, 'r:binary')
  end

  prepended_creds.each { |c| yield c }

  if anonymous_login
    yield Metasploit::Framework::Credential.new(public: '', private: '', realm: realm, private_type: :password)
  end

  if password.present?
    if nil_passwords
      yield Metasploit::Framework::Credential.new(public: username, private: nil, realm: realm, private_type: :password)
    end
    if username.present?
      yield Metasploit::Framework::Credential.new(public: username, private: password, realm: realm, private_type: private_type(password))
    end
    if user_as_pass
      yield Metasploit::Framework::Credential.new(public: username, private: username, realm: realm, private_type: :password)
    end
    if blank_passwords
      yield Metasploit::Framework::Credential.new(public: username, private: "", realm: realm, private_type: :password)
    end
    if user_fd
      user_fd.each_line do |user_from_file|
        user_from_file.chomp!
        yield Metasploit::Framework::Credential.new(public: user_from_file, private: password, realm: realm, private_type: private_type(password))
      end
      user_fd.seek(0)
    end
  end

  if pass_file.present?
    File.open(pass_file, 'r:binary') do |pass_fd|
      pass_fd.each_line do |pass_from_file|
        pass_from_file.chomp!
        if user_as_pass
          yield Metasploit::Framework::Credential.new(public: pass_from_file, private: pass_from_file, realm: realm, private_type: :password)
        end
        if user_fd
          user_fd.each_line do |user_from_file|
            user_from_file.chomp!
            yield Metasploit::Framework::Credential.new(public: user_from_file, private: pass_from_file, realm: realm, private_type: private_type(pass_from_file))
          end
          user_fd.seek(0)
        end
        additional_privates.each do |add_private|
          yield Metasploit::Framework::Credential.new(public: user_from_file, private: add_private, realm: realm, private_type: private_type(add_private))
        end
      end
    end
  end

  if userpass_file.present?
    File.open(userpass_file, 'r:binary') do |userpass_fd|
      userpass_fd.each_line do |line|
        user, pass = line.split(" ", 2)
        if pass.blank?
          pass = ''
        else
          pass.chomp!
        end
        yield Metasploit::Framework::Credential.new(public: user, private: pass, realm: realm)
      end
    end
  end

  additional_publics.each do |add_public|
    if password.present?
      yield Metasploit::Framework::Credential.new(public: add_public, private: password, realm: realm, private_type: private_type(password) )
    end
    if user_as_pass
      yield Metasploit::Framework::Credential.new(public: add_public, private: user_from_file, realm: realm, private_type: :password)
    end
    if blank_passwords
      yield Metasploit::Framework::Credential.new(public: add_public, private: "", realm: realm, private_type: :password)
    end
    if user_fd
      user_fd.each_line do |user_from_file|
        user_from_file.chomp!
        yield Metasploit::Framework::Credential.new(public: add_public, private: user_from_file, realm: realm, private_type: private_type(user_from_file))
      end
      user_fd.seek(0)
    end
    additional_privates.each do |add_private|
      yield Metasploit::Framework::Credential.new(public: add_public, private: add_private, realm: realm, private_type: private_type(add_private))
    end
  end
ensure
  user_fd.close if user_fd && !user_fd.closed?
end

#each_unfiltered_username_first {|credential| ... } ⇒ void

This method returns an undefined value.

When password spraying is not enabled, do first usernames then passwords

i.e.
 username1:password1
 username1:password2
 username1:password3

…

username2:password1
username2:password2
username2:password3

Yield Parameters:

• credential (Metasploit::Framework::Credential)

# File 'lib/metasploit/framework/credential_collection.rb', line 352

def each_unfiltered_username_first
  if pass_file.present?
    pass_fd = File.open(pass_file, 'r:binary')
  end

  prepended_creds.each { |c| yield c }

  if anonymous_login
    yield Metasploit::Framework::Credential.new(public: '', private: '', realm: realm, private_type: :password)
  end

  if username.present?
    if nil_passwords
      yield Metasploit::Framework::Credential.new(public: username, private: nil, realm: realm, private_type: :password)
    end
    if password.present?
      yield Metasploit::Framework::Credential.new(public: username, private: password, realm: realm, private_type: private_type(password))
    end
    if user_as_pass
      yield Metasploit::Framework::Credential.new(public: username, private: username, realm: realm, private_type: :password)
    end
    if blank_passwords
      yield Metasploit::Framework::Credential.new(public: username, private: "", realm: realm, private_type: :password)
    end
    if pass_fd
      pass_fd.each_line do |pass_from_file|
        pass_from_file.chomp!
        yield Metasploit::Framework::Credential.new(public: username, private: pass_from_file, realm: realm, private_type: private_type(pass_from_file))
      end
      pass_fd.seek(0)
    end
    additional_privates.each do |add_private|
      yield Metasploit::Framework::Credential.new(public: username, private: add_private, realm: realm, private_type: private_type(add_private))
    end
  end

  if user_file.present?
    File.open(user_file, 'r:binary') do |user_fd|
      user_fd.each_line do |user_from_file|
        user_from_file.chomp!
        if nil_passwords
          yield Metasploit::Framework::Credential.new(public: user_from_file, private: nil, realm: realm, private_type: :password)
        end
        if password.present?
          yield Metasploit::Framework::Credential.new(public: user_from_file, private: password, realm: realm, private_type: private_type(password) )
        end
        if user_as_pass
          yield Metasploit::Framework::Credential.new(public: user_from_file, private: user_from_file, realm: realm, private_type: :password)
        end
        if blank_passwords
          yield Metasploit::Framework::Credential.new(public: user_from_file, private: "", realm: realm, private_type: :password)
        end
        if pass_fd
          pass_fd.each_line do |pass_from_file|
            pass_from_file.chomp!
            yield Metasploit::Framework::Credential.new(public: user_from_file, private: pass_from_file, realm: realm, private_type: private_type(pass_from_file))
          end
          pass_fd.seek(0)
        end
        additional_privates.each do |add_private|
          yield Metasploit::Framework::Credential.new(public: user_from_file, private: add_private, realm: realm, private_type: private_type(add_private))
        end
      end
    end
  end

  if userpass_file.present?
    File.open(userpass_file, 'r:binary') do |userpass_fd|
      userpass_fd.each_line do |line|
        user, pass = line.split(" ", 2)
        if pass.blank?
          pass = ''
        else
          pass.chomp!
        end
        yield Metasploit::Framework::Credential.new(public: user, private: pass, realm: realm)
      end
    end
  end

  additional_publics.each do |add_public|
    if password.present?
      yield Metasploit::Framework::Credential.new(public: add_public, private: password, realm: realm, private_type: private_type(password) )
    end
    if user_as_pass
      yield Metasploit::Framework::Credential.new(public: add_public, private: user_from_file, realm: realm, private_type: :password)
    end
    if blank_passwords
      yield Metasploit::Framework::Credential.new(public: add_public, private: "", realm: realm, private_type: :password)
    end
    if pass_fd
      pass_fd.each_line do |pass_from_file|
        pass_from_file.chomp!
        yield Metasploit::Framework::Credential.new(public: add_public, private: pass_from_file, realm: realm, private_type: private_type(pass_from_file))
      end
      pass_fd.seek(0)
    end
    additional_privates.each do |add_private|
      yield Metasploit::Framework::Credential.new(public: add_public, private: add_private, realm: realm, private_type: private_type(add_private))
    end
  end
ensure
  pass_fd.close if pass_fd && !pass_fd.closed?
end

#empty? ⇒ Boolean

Returns true when #each will have no results to iterate

Returns:

• (Boolean)

# File 'lib/metasploit/framework/credential_collection.rb', line 460

def empty?
  prepended_creds.empty? && !has_users? && !anonymous_login || (has_users? && !has_privates?)
end

#has_privates? ⇒ Boolean

Returns true when there are any private values set

Returns:

• (Boolean)

# File 'lib/metasploit/framework/credential_collection.rb', line 474

def has_privates?
  super || userpass_file.present? || user_as_pass
end

#has_users? ⇒ Boolean

Returns true when there are any user values set

Returns:

• (Boolean)

# File 'lib/metasploit/framework/credential_collection.rb', line 467

def has_users?
  username.present? || user_file.present? || userpass_file.present? || !additional_publics.empty?
end