From 43f3b1b0d470f2134630b331948d7cfd42ba56ac Mon Sep 17 00:00:00 2001 From: cgranleese-r7 Date: Fri, 1 Nov 2024 10:36:42 +0000 Subject: [PATCH] Updates report summary mixin to have additional fallback when looking for creds --- lib/msf/core/auxiliary/report_summary.rb | 40 ++++++++++++++++++------ 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/lib/msf/core/auxiliary/report_summary.rb b/lib/msf/core/auxiliary/report_summary.rb index cc0bca04993b..422a4011cfa5 100644 --- a/lib/msf/core/auxiliary/report_summary.rb +++ b/lib/msf/core/auxiliary/report_summary.rb @@ -39,6 +39,34 @@ def run result end + # Take credentials hash and check data for username and password and then returns a hash for those values + # + # @param [Hash] credential_data + # @return [Hash] + def login_credentials(credential_data) + active_db = framework.db&.active + core_available = active_db && credential_data[:core] + + # If the database is active and core is populated then grab the creds from there, otherwise + # fallback and check in credentials data's top layer + if active_db && core_available + { + public: credential_data[:core].public, + private_data: credential_data[:core].private + } + elsif credential_data[:username] && credential_data[:private_data] + { + public: credential_data[:username], + private_data: credential_data[:private_data] + } + else + { + public: 'credentials could not be reported', + private_data: 'credentials could not be reported' + } + end + end + # Creates a credential and adds to to the DB if one is present # # @param [Hash] credential_data @@ -46,12 +74,8 @@ def run def create_credential_login(credential_data) return super unless framework.features.enabled?(Msf::FeatureManager::SHOW_SUCCESSFUL_LOGINS) && datastore['ShowSuccessfulLogins'] && @report - credential = { - public: credential_data[:username], - private_data: credential_data[:private_data] - } @report[rhost] = { successful_logins: [] } - @report[rhost][:successful_logins] << credential + @report[rhost][:successful_logins] << login_credentials(credential_data) super end @@ -69,12 +93,8 @@ def create_credential_login(credential_data) def create_credential_and_login(credential_data) return super unless framework.features.enabled?(Msf::FeatureManager::SHOW_SUCCESSFUL_LOGINS) && datastore['ShowSuccessfulLogins'] && @report - credential = { - public: credential_data[:username], - private_data: credential_data[:private_data] - } @report[rhost] = { successful_logins: [] } - @report[rhost][:successful_logins] << credential + @report[rhost][:successful_logins] << login_credentials(credential_data) super end