From 242d91ee72019a635b0eb5d18948174f2b16b747 Mon Sep 17 00:00:00 2001 From: cgranleese-r7 Date: Tue, 3 Sep 2024 12:33:48 +0100 Subject: [PATCH] Fixes ldap_login nil error when login is successful --- lib/msf/core/auxiliary/report_summary.rb | 31 +++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/lib/msf/core/auxiliary/report_summary.rb b/lib/msf/core/auxiliary/report_summary.rb index 28758cacdfa8..cc0bca04993b 100644 --- a/lib/msf/core/auxiliary/report_summary.rb +++ b/lib/msf/core/auxiliary/report_summary.rb @@ -55,6 +55,29 @@ def create_credential_login(credential_data) super end + # Creates a credential and adds to to the DB if one is present, then calls create_credential_login to + # attempt a login + # + # This is needed when create_credential_and_login in + # lib/metasploit/framework/data_service/proxy/credential_data_proxy.rb + # is called, which doesn't call of to create_credential_login at any point to initialize @report[rhost] + # + # This allow modules that make use of create_credential_and_login to make use of the report summary mixin + # + # @param [Hash] credential_data + # @return [Metasploit::Credential::Login] + def create_credential_and_login(credential_data) + return super unless framework.features.enabled?(Msf::FeatureManager::SHOW_SUCCESSFUL_LOGINS) && datastore['ShowSuccessfulLogins'] && @report + + credential = { + public: credential_data[:username], + private_data: credential_data[:private_data] + } + @report[rhost] = { successful_logins: [] } + @report[rhost][:successful_logins] << credential + super + end + # Framework is notified that we have a new session opened # # @param [MetasploitModule] obj @@ -65,7 +88,13 @@ def create_credential_login(credential_data) # @param [Msf::Sessions::] sess # @return [Msf::Sessions::] def start_session(obj, info, ds_merge, crlf = false, sock = nil, sess = nil) - return super unless framework.features.enabled?(Msf::FeatureManager::SHOW_SUCCESSFUL_LOGINS) && datastore['ShowSuccessfulLogins'] && @report + return super unless framework.features.enabled?(Msf::FeatureManager::SHOW_SUCCESSFUL_LOGINS) && datastore['ShowSuccessfulLogins'] + + unless @report && @report[rhost] + elog("No RHOST found in report, skipping reporting for #{rhost}") + print_brute level: :error, ip: rhost, msg: "No RHOST found in report, skipping reporting for #{rhost}" + return super + end result = super @report[rhost].merge!({ successful_sessions: [] })