Skip to content

Commit

Permalink
Fixes some password_spray issues
Browse files Browse the repository at this point in the history
  • Loading branch information
@cgranleese-r7
cgranleese-r7 committed May 2, 2024
1 parent 4c7f1e6 commit 6420f64
Show file tree
Hide file tree
Showing 2 changed files with 93 additions and 12 deletions.
32 changes: 20 additions & 12 deletions lib/metasploit/framework/credential_collection.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -260,9 +260,6 @@ def each_unfiltered_password_first
if nil_passwords
yield Metasploit::Framework::Credential.new(public: username, private: nil, realm: realm, private_type: :password)
end
if username.present?
yield Metasploit::Framework::Credential.new(public: username, private: password, realm: realm, private_type: private_type(password))
end
if user_as_pass
yield Metasploit::Framework::Credential.new(public: username, private: username, realm: realm, private_type: :password)
end
Expand All @@ -282,19 +279,19 @@ def each_unfiltered_password_first
File.open(pass_file, 'r:binary') do |pass_fd|
pass_fd.each_line do |pass_from_file|
pass_from_file.chomp!
if username.present?
yield Metasploit::Framework::Credential.new(public: username, private: pass_from_file, realm: realm, private_type: :password)
end
if user_as_pass
yield Metasploit::Framework::Credential.new(public: pass_from_file, private: pass_from_file, realm: realm, private_type: :password)
end
if user_fd
user_fd.each_line do |user_from_file|
user_from_file.chomp!
yield Metasploit::Framework::Credential.new(public: user_from_file, private: pass_from_file, realm: realm, private_type: private_type(pass_from_file))
end
user_fd.seek(0)
end
additional_privates.each do |add_private|
yield Metasploit::Framework::Credential.new(public: user_from_file, private: add_private, realm: realm, private_type: private_type(add_private))
next unless user_fd

user_fd.each_line do |user_from_file|
user_from_file.chomp!
yield Metasploit::Framework::Credential.new(public: user_from_file, private: pass_from_file, realm: realm, private_type: private_type(pass_from_file))
end
user_fd.seek(0)
end
end
end
Expand All @@ -313,6 +310,17 @@ def each_unfiltered_password_first
end
end

additional_privates.each do |add_private|
if username.present?
yield Metasploit::Framework::Credential.new(public: username, private: add_private, realm: realm, private_type: private_type(add_private))
end
user_fd.each_line do |user_from_file|
user_from_file.chomp!
yield Metasploit::Framework::Credential.new(public: user_from_file, private: add_private, realm: realm, private_type: private_type(add_private))
end
user_fd.seek(0)
end

additional_publics.each do |add_public|
if password.present?
yield Metasploit::Framework::Credential.new(public: add_public, private: password, realm: realm, private_type: private_type(password) )
Expand Down
73 changes: 73 additions & 0 deletions spec/lib/metasploit/framework/credential_collection_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,79 @@
end
end

context 'when given a pass_file, user_file, password spray and a default username' do
let(:password) { nil }
let(:username) { 'root' }
let(:password_spray) { true }
let(:pass_file) do
filename = "pass_file"
stub_file = StringIO.new("password1\npassword2\n")
allow(File).to receive(:open).with(filename,/^r/).and_yield stub_file

filename
end
let(:user_file) do
filename = "user_file"
stub_file = StringIO.new("user1\nuser2\nuser3\n")
allow(File).to receive(:open).with(filename,/^r/).and_return stub_file

filename
end

specify do
expected = [
Metasploit::Framework::Credential.new(public: "root", private: "password1"),
Metasploit::Framework::Credential.new(public: "user1", private: "password1"),
Metasploit::Framework::Credential.new(public: "user2", private: "password1"),
Metasploit::Framework::Credential.new(public: "user3", private: "password1"),
Metasploit::Framework::Credential.new(public: "root", private: "password2"),
Metasploit::Framework::Credential.new(public: "user1", private: "password2"),
Metasploit::Framework::Credential.new(public: "user2", private: "password2"),
Metasploit::Framework::Credential.new(public: "user3", private: "password2"),
]
expect { |b| collection.each(&b) }.to yield_successive_args(*expected)
end
end

context 'when given a pass_file, user_file, password spray and additional privates' do
let(:password) { nil }
let(:username) { 'root' }
let(:password_spray) { true }
let(:additional_privates) { ['foo'] }
let(:pass_file) do
filename = "pass_file"
stub_file = StringIO.new("password1\npassword2\n")
allow(File).to receive(:open).with(filename,/^r/).and_yield stub_file

filename
end
let(:user_file) do
filename = "user_file"
stub_file = StringIO.new("user1\nuser2\nuser3\n")
allow(File).to receive(:open).with(filename,/^r/).and_return stub_file

filename
end

specify do
expected = [
Metasploit::Framework::Credential.new(public: "root", private: "password1"),
Metasploit::Framework::Credential.new(public: "user1", private: "password1"),
Metasploit::Framework::Credential.new(public: "user2", private: "password1"),
Metasploit::Framework::Credential.new(public: "user3", private: "password1"),
Metasploit::Framework::Credential.new(public: "root", private: "password2"),
Metasploit::Framework::Credential.new(public: "user1", private: "password2"),
Metasploit::Framework::Credential.new(public: "user2", private: "password2"),
Metasploit::Framework::Credential.new(public: "user3", private: "password2"),
Metasploit::Framework::Credential.new(public: "root", private: "foo"),
Metasploit::Framework::Credential.new(public: "user1", private: "foo"),
Metasploit::Framework::Credential.new(public: "user2", private: "foo"),
Metasploit::Framework::Credential.new(public: "user3", private: "foo"),
]
expect { |b| collection.each(&b) }.to yield_successive_args(*expected)
end
end

context 'when given a username, user_file and pass_file' do
let(:password) { nil }
let(:username) { 'my_username' }
Expand Down

0 comments on commit 6420f64

Please sign in to comment.