adding .to_credential

Metasploit::Framework::Credential and Metasploit::Credential::Core need to be consumable by the login scanners. the easiest way to do this was to create a shared to_credential method on both that return Metasploit::Framework::Credential MSP-9912
2014-06-26 11:05:59 -05:00 · 2014-06-26 11:05:59 -05:00 · b5351eec2b
parent 07d548caeb
commit b5351eec2b
6 changed files with 60 additions and 2 deletions
--- a/app/concerns/metasploit/credential/core/to_credential.rb
+++ b/app/concerns/metasploit/credential/core/to_credential.rb
@ -0,0 +1,14 @@
+# Adds associations to `Metasploit::Credential::Core` which are inverses of association on models under
+# {BruteForce::Reuse}.
+module Metasploit::Credential::Core::ToCredential
+  extend ActiveSupport::Concern
+  
+  included do
+    
+    def to_credential
+      Metasploit::Framework::Credential.new(public: public.try(:username), private: private.try(:data), realm: realm.try(:value) )
+    end
+    
+  end
+  
+end
--- a/lib/metasploit/framework/credential.rb
+++ b/lib/metasploit/framework/credential.rb
@ -61,7 +61,11 @@ module Metasploit
      def ==(other)
        other.public == self.public && other.private == self.private && other.realm == self.realm
      end
-
+ 
+      def to_credential
+        self
+      end
+      
      private

      def at_realm
--- a/lib/metasploit/framework/login_scanner/base.rb
+++ b/lib/metasploit/framework/login_scanner/base.rb
@ -101,7 +101,8 @@ module Metasploit
            consecutive_error_count = 0
            total_error_count = 0

-            cred_details.each do |credential|
+            cred_details.each do |raw_credential|
+              credential = raw_credential.to_credential
              result = attempt_login(credential)
              result.freeze

--- a/spec/lib/metasploit/framework/credential_spec.rb
+++ b/spec/lib/metasploit/framework/credential_spec.rb
@ -74,6 +74,19 @@ describe Metasploit::Framework::Credential do

  end

+  describe ".to_credential" do
+    let(:public) { "public" }
+    let(:private) { "private" }
+    let(:realm) { "realm" }
+    subject(:cred_detail) do
+      described_class.new(public: public, private: private, realm: realm)
+    end
+    it { should respond_to :to_credential }
+    it "should return self" do
+      cred_detail.to_credential.should eq(cred_detail)
+    end
+  end
+  
  describe "#==" do
    let(:public) { "public" }
    let(:private) { "private" }
--- a/spec/models/metasploit/credential/core_spec.rb
+++ b/spec/models/metasploit/credential/core_spec.rb
@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe Metasploit::Credential::Core do
+  it_should_behave_like 'Metasploit::Credential::Core::ToCredential'
+end
--- a/spec/support/shared/examples/credential/core/to_credential.rb
+++ b/spec/support/shared/examples/credential/core/to_credential.rb
@ -0,0 +1,21 @@
+require 'metasploit/framework/credential'
+
+shared_examples_for 'Metasploit::Credential::Core::ToCredential' do
+  context "methods" do
+    context ".to_credential" do
+     
+      subject(:crednetial_core) do
+        FactoryGirl.create(:metasploit_credential_core)
+      end
+      
+      it { should respond_to :to_credential }
+      
+      it "should return a Metasploit::Framework::Credential" do
+        expect {
+          to_credential
+        }.to be_a Metasploit::Framework::Credential
+      end
+      
+    end
+  end
+end