Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ERROR: invalid input when using new Credential API

From: Pedro Ribeiro <pedrib () gmail com>
Date: Fri, 3 Oct 2014 09:15:20 +0100
Isn't that too limiting? What if you are collecting the creds for a host
which is inside a private network, but you can only see the externally
facing host?

Or in other words, what would you do in this case? The host name might be
the same as the rhost, but not on all cases and we can't know that from the
exploit.

Regards
Pedro


On 3 Oct 2014 01:37, "HD Moore" <x () hdm io> wrote:


The database is keyed off IP addresses, so you are correct in that any

reported credential with an address field needs to have an associated IP
(or the hostname must resolve).


-HD


-----Original Message-----
From: framework [mailto:framework-bounces () spool metasploit com] On
Behalf Of Pedro Ribeiro
Sent: Thursday, October 2, 2014 5:19 PM
To: Metasploit List
Subject: [framework] ERROR: invalid input when using new Credential API

Hi,

I'm building an aux module that gets the SQL database credentials from

a

target. These credentials are provided in the form hostname-username-
password. I'm using the new Credential API and doing the following:

      service_data = {
        address: loot[database_server_name].split('\\')[0],
        # port is 0 because we can't get it from the packet_reply
        port: 0,
        service_name: loot[database_type],
        protocol: 'tcp',
        workspace_id: myworkspace_id
      }
(full code in [1])

However, when I run the module I get the stack trace on [2].

It seems I cannot set the address to a hostname, only numeric IP

values?

Or am I doing something wrong?

Thanks for the help.

Regards,
Pedro


[1]:
      service_data = {
        address: loot[database_server_name].split('\\')[0],
        # port is 0 because we can't get it from the packet_reply
        port: 0,
        service_name: loot[database_type],
        protocol: 'tcp',
        workspace_id: myworkspace_id
      }
      credential_data = {
        origin_type: :service,
        module_fullname: self.fullname,
        private_type: :password,
        private_data: loot[database_pw],
        username: loot[schema_owner] ,
        # We store the SID for Oracle or the instance name for SQL

Server.

        # There's no realm_key for SQL Server so store it as Oracle

anyway.

        realm_key:

Metasploit::Model::Realm::Key::ORACLE_SYSTEM_IDENTIFIER,

        realm_value: loot[database_server_name].split('\\')[1]
      }

      credential_data.merge!(service_data)
      credential_core = create_credential(credential_data)
      login_data = {
        core: credential_core,
        status: Metasploit::Model::Login::Status::UNTRIED
      }
      login_data.merge!(service_data)
      create_credential_login(login_data)



[2]:
[-] Auxiliary failed: ActiveRecord::StatementInvalid
PG::InvalidTextRepresentation: ERROR:  invalid input syntax for type
inet: "SVR-KIT-TI"
LINE 1: ..."hosts".* FROM "hosts"  WHERE "hosts"."address" =

'SVR-KIT-T...

                                                             ^
: SELECT  "hosts".* FROM "hosts"  WHERE "hosts"."address" =

'SVR-KIT-TI' AND

"hosts"."workspace_id" = 1 LIMIT 1 [-] Call stack:
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-



3.2.17/lib/active_record/connection_adapters/postgresql_adapter.rb:1163:in

`async_exec'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-



3.2.17/lib/active_record/connection_adapters/postgresql_adapter.rb:1163:in

`exec_no_cache'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-



3.2.17/lib/active_record/connection_adapters/postgresql_adapter.rb:660:in

`block in exec_query'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-

3.2.17/lib/active_record/connection_adapters/abstract_adapter.rb:280:in
`block in log'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activesupport-

3.2.17/lib/active_support/notifications/instrumenter.rb:20:in
`instrument'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-

3.2.17/lib/active_record/connection_adapters/abstract_adapter.rb:275:in
`log'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-



3.2.17/lib/active_record/connection_adapters/postgresql_adapter.rb:659:in

`exec_query'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-



3.2.17/lib/active_record/connection_adapters/postgresql_adapter.rb:1262:in

`select'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-



3.2.17/lib/active_record/connection_adapters/abstract/database_statements.r

b:18:in
`select_all'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-



3.2.17/lib/active_record/connection_adapters/abstract/query_cache.rb:63:in

`select_all'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-

3.2.17/lib/active_record/querying.rb:38:in
`block in find_by_sql'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-

3.2.17/lib/active_record/explain.rb:26:in
`logging_query_plan'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-

3.2.17/lib/active_record/querying.rb:37:in
`find_by_sql'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-

3.2.17/lib/active_record/relation.rb:171:in
`exec_queries'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-

3.2.17/lib/active_record/relation.rb:160:in
`block in to_a'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-

3.2.17/lib/active_record/explain.rb:26:in
`logging_query_plan'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-

3.2.17/lib/active_record/relation.rb:159:in
`to_a'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-

3.2.17/lib/active_record/relation/finder_methods.rb:381:in
`find_first'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-

3.2.17/lib/active_record/relation/finder_methods.rb:122:in
`first'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-

3.2.17/lib/active_record/relation.rb:119:in
`first_or_create'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/metasploit-

credential-0.10.1/lib/metasploit/credential/creation.rb:430:in
`create_credential_service'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/metasploit-

credential-0.10.1/lib/metasploit/credential/creation.rb:309:in
`create_credential_origin_service'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/metasploit-

credential-0.10.1/lib/metasploit/credential/creation.rb:239:in
`create_credential_origin'
[-]

 /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/metasploit-

credential-0.10.1/lib/metasploit/credential/creation.rb:104:in
`create_credential'
_______________________________________________
https://dev.metasploit.com/mailman/listinfo/framework


_______________________________________________
https://dev.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://dev.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: