Allows reporting auth credentials to be optional with exploit/windows/smb/psexec. Sometimes you don't want this, especially if you already have an auth credential via smb_login.

For auxiliary/scanner/smb/smb_login, if a password hash is used instead of a password, record it as a :hash instead of a :pass when reporting to the DB. git-svn-id: file:///home/svn/framework3/trunk@9116 4d416f70-5f16-0410-b530-b9f4589650da
2024-11-12 11:52:01 +01:00 · 2010-04-22 17:23:29 +00:00 · 2010-04-22 17:23:29 +00:00 · bd94145d8d
commit bd94145d8d
parent 89842fb45f
2 changed files with 23 additions and 11 deletions
--- a/modules/auxiliary/scanner/smb/smb_login.rb
+++ b/modules/auxiliary/scanner/smb/smb_login.rb
@ -147,14 +147,19 @@ class Metasploit3 < Msf::Auxiliary
 
 		if(simple.client.auth_user)
 			print_good("#{rhost} - SUCCESSFUL LOGIN (#{smb_peer_os}) '#{user}' : '#{pass}'")
-			report_auth_info(
+			report_hash = {
 				:host	=> rhost,
 				:proto	=> 'smb',
 				:user	=> user,
-				:pass	=> pass,
 				:target_host	=> rhost,
 				:target_port	=> datastore['RPORT']
-			)
+			}
+			if pass =~ /[0-9a-fA-F]{32}:[0-9a-fA-F]{32}/
+				report_hash.merge!({:hash => pass})
+			else
+				report_hash.merge!({:pass => pass})
+			end
+			report_auth_info(report_hash)
 		else
 			# Samba has two interesting behaviors:
 			# 1) Invalid users receive a guest login
--- a/modules/exploits/windows/smb/psexec.rb
+++ b/modules/exploits/windows/smb/psexec.rb
@ -81,6 +81,11 @@ class Metasploit3 < Msf::Exploit::Remote
 				OptString.new('SMBUser', [ true, 'The username to authenticate as', "Administrator"]),
 				OptString.new('SMBPass', [ false, 'The password for the specified username', ""])
 			], self.class)
+			
+			register_advanced_options(
+				[
+					OptBool.new('DB_REPORT_AUTH', [true, "Report an auth_note upon a successful connection", true])
+				], self.class)

 	end

@ -105,14 +110,16 @@ class Metasploit3 < Msf::Exploit::Remote
 			return
 		end

-		report_auth_info(
-			:host	=> datastore['RHOST'],
-			:proto	=> 'SMB',
-			:user	=> datastore['SMBUser'],
-			:pass	=> datastore['SMBPass'],
-			:target_host	=> datastore['RHOST'],
-			:target_port	=> datastore['RPORT']
-		)
+		if datastore['DB_REPORT_AUTH']
+			report_auth_info(
+				:host	=> datastore['RHOST'],
+				:proto	=> 'SMB',
+				:user	=> datastore['SMBUser'],
+				:pass	=> datastore['SMBPass'],
+				:target_host	=> datastore['RHOST'],
+				:target_port	=> datastore['RPORT']
+			)
+		end

 		# Upload the shellcode to a file
 		print_status("Uploading payload...")