lib/metasploit/framework/credential.rb

require 'active_model'

module Metasploit
  module Framework
    # This class provides an in-memory representation of a conceptual Credential
    #
    # It contains the public, private, and realm if any.
    class Credential
      include ActiveModel::Validations

      # @!attribute paired
      #   @return [Boolean] Whether BOTH a public and private are required
      #     (defaults to `true`)
      attr_accessor :paired
      # @!attribute parent
      #   @return [Object] the parent object that had .to_credential called on it to create this object
      attr_accessor :parent
      # @!attribute private
      #   The private credential component (e.g. password)
      #
      #   @return [String] if {#paired} is `true` or {#private} is `nil`
      #   @return [String, nil] if {#paired} is `false` or {#private} is not `nil`.
      attr_accessor :private
      # @!attribute private_type
      #   The type of private credential this object represents, e.g. a
      #   password or an NTLM hash.
      #
      #   @return [String]
      attr_accessor :private_type
      # @!attribute public
      #   The public credential component (e.g. username)
      #
      #   @return [String] if {#paired} is `true` or {#public} is `nil`
      #   @return [String, nil] if {#paired} is `false` or {#public} is not `nil`.
      attr_accessor :public
      # @!attribute realm
      #   @return [String,nil] The realm credential component (e.g domain name)
      attr_accessor :realm
      # @!attribute realm_key
      #   @return [String,nil] The type of {#realm}
      attr_accessor :realm_key

      validates :paired,
        inclusion: { in: [true, false] }

      # If we have no public we MUST have a private (e.g. SNMP Community String)
      validates :private,
        exclusion: { in: [nil] },
        if: -> { public.nil? or paired }

      # These values should be #demodularized from subclasses of
      # `Metasploit::Credential::Private`
      validates :private_type,
        inclusion: { in: [ :password, :ntlm_hash, :postgres_md5, :ssh_key ] },
        if: -> { private_type.present? }

      # If we have no private we MUST have a public
      validates :public,
        presence: true,
        if: -> { private.nil? or paired }

      # @param attributes [Hash{Symbol => String,nil}]
      def initialize(attributes={})
        attributes.each do |attribute, value|
          public_send("#{attribute}=", value)
        end

        self.paired = true if self.paired.nil?
      end

      def inspect
        "#<#{self.class} \"#{self}\" >"
      end

      def to_s
        if realm && realm_key == Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN
          "#{self.realm}\\#{self.public}:#{self.private}"
        elsif self.private
          "#{self.public}:#{self.private}#{at_realm}"
        else
          self.public
        end
      end

      def ==(other)
        other.respond_to?(:public) && other.public == self.public &&
        other.respond_to?(:private) && other.private == self.private &&
        other.respond_to?(:realm) && other.realm == self.realm
      end

      def to_credential
        self.parent = self
        self
      end

      # This method takes all of the attributes of the {Credential} and spits
      # them out in a hash compatible with the create_credential calls.
      #
      # @return [Hash] a hash compatible with #create_credential
      def to_h
        {
            private_data: private,
            private_type: private_type,
            username: public,
            realm_key: realm_key,
            realm_value: realm
        }
      end

      private

      def at_realm
        if self.realm.present?
          "@#{self.realm}"
        else
          ""
        end
      end
    end
  end
end
Add a CredentialCollection 2014-06-04 13:01:09 -05:00			`require 'active_model'`

			`module Metasploit`
			`module Framework`
			`# This class provides an in-memory representation of a conceptual Credential`
			`#`
			`# It contains the public, private, and realm if any.`
			`class Credential`
			`include ActiveModel::Validations`

			`# @!attribute paired`
			`# @return [Boolean] Whether BOTH a public and private are required`
			# (defaults to `true`)
			`attr_accessor :paired`
have Credentials remember their aprents 2014-07-29 11:20:52 -05:00			`# @!attribute parent`
			`# @return [Object] the parent object that had .to_credential called on it to create this object`
			`attr_accessor :parent`
Add a CredentialCollection 2014-06-04 13:01:09 -05:00			`# @!attribute private`
fixed a swap typo in credential documentation 2024-01-15 04:10:49 -06:00			`# The private credential component (e.g. password)`
Add a CredentialCollection 2014-06-04 13:01:09 -05:00			`#`
			# @return [String] if {#paired} is `true` or {#private} is `nil`
			# @return [String, nil] if {#paired} is `false` or {#private} is not `nil`.
			`attr_accessor :private`
Add private_type and realm_key accessors 2014-07-07 13:07:28 -05:00			`# @!attribute private_type`
			`# The type of private credential this object represents, e.g. a`
			`# password or an NTLM hash.`
			`#`
			`# @return [String]`
			`attr_accessor :private_type`
Add a CredentialCollection 2014-06-04 13:01:09 -05:00			`# @!attribute public`
fixed a swap typo in credential documentation 2024-01-15 04:10:49 -06:00			`# The public credential component (e.g. username)`
Add a CredentialCollection 2014-06-04 13:01:09 -05:00			`#`
			# @return [String] if {#paired} is `true` or {#public} is `nil`
			# @return [String, nil] if {#paired} is `false` or {#public} is not `nil`.
			`attr_accessor :public`
			`# @!attribute realm`
			`# @return [String,nil] The realm credential component (e.g domain name)`
			`attr_accessor :realm`
Add in proper realm reporting cred abilities 2021-02-15 18:20:56 -05:00			`# @!attribute realm_key`
Add private_type and realm_key accessors 2014-07-07 13:07:28 -05:00			`# @return [String,nil] The type of {#realm}`
			`attr_accessor :realm_key`
Add a CredentialCollection 2014-06-04 13:01:09 -05:00
			`validates :paired,`
			`inclusion: { in: [true, false] }`

			`# If we have no public we MUST have a private (e.g. SNMP Community String)`
			`validates :private,`
			`exclusion: { in: [nil] },`
Rails 5, all models inherit from ApplicationRecord 2020-04-03 09:38:15 -05:00			`if: -> { public.nil? or paired }`
Add a CredentialCollection 2014-06-04 13:01:09 -05:00
Add private_type and realm_key accessors 2014-07-07 13:07:28 -05:00			`# These values should be #demodularized from subclasses of`
			# `Metasploit::Credential::Private`
			`validates :private_type,`
allow credentials to have a type of postgres_md5 2015-03-03 16:35:30 -06:00			`inclusion: { in: [ :password, :ntlm_hash, :postgres_md5, :ssh_key ] },`
Rails 5, all models inherit from ApplicationRecord 2020-04-03 09:38:15 -05:00			`if: -> { private_type.present? }`
Add private_type and realm_key accessors 2014-07-07 13:07:28 -05:00
Add a CredentialCollection 2014-06-04 13:01:09 -05:00			`# If we have no private we MUST have a public`
			`validates :public,`
			`presence: true,`
Rails 5, all models inherit from ApplicationRecord 2020-04-03 09:38:15 -05:00			`if: -> { private.nil? or paired }`
Add a CredentialCollection 2014-06-04 13:01:09 -05:00
			`# @param attributes [Hash{Symbol => String,nil}]`
			`def initialize(attributes={})`
			`attributes.each do \|attribute, value\|`
			`public_send("#{attribute}=", value)`
			`end`

			`self.paired = true if self.paired.nil?`
			`end`

			`def inspect`
Add support for realm in CredentialCollection 2014-06-04 17:03:52 -05:00			`"#<#{self.class} \"#{self}\" >"`
			`end`

			`def to_s`
Display 'realm\user' for AD instead of 'user@realm' 2014-07-10 14:31:42 -05:00			`if realm && realm_key == Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN`
			`"#{self.realm}\\#{self.public}:#{self.private}"`
account for public only credentials in #to_s 2015-05-18 13:42:15 -05:00			`elsif self.private`
Display 'realm\user' for AD instead of 'user@realm' 2014-07-10 14:31:42 -05:00			`"#{self.public}:#{self.private}#{at_realm}"`
account for public only credentials in #to_s 2015-05-18 13:42:15 -05:00			`else`
			`self.public`
Display 'realm\user' for AD instead of 'user@realm' 2014-07-10 14:31:42 -05:00			`end`
Add a CredentialCollection 2014-06-04 13:01:09 -05:00			`end`
Add Credential#== to facilitate specs 2014-06-05 11:37:48 -05:00
			`def ==(other)`
changing Credential == operator 2014-07-23 16:17:09 -05:00			`other.respond_to?(:public) && other.public == self.public &&`
			`other.respond_to?(:private) && other.private == self.private &&`
			`other.respond_to?(:realm) && other.realm == self.realm`
Add Credential#== to facilitate specs 2014-06-05 11:37:48 -05:00			`end`
Add private_type and realm_key accessors 2014-07-07 13:07:28 -05:00
adding .to_credential 2014-06-26 11:05:59 -05:00			`def to_credential`
.to_credential now assigns a parent 2014-07-31 14:52:27 -05:00			`self.parent = self`
remove spaces at EOL 2020-03-24 18:07:18 +05:30			`self`
adding .to_credential 2014-06-26 11:05:59 -05:00			`end`
Add private_type and realm_key accessors 2014-07-07 13:07:28 -05:00
use to_h instead of to_hash 2014-08-01 09:45:51 -05:00			`# This method takes all of the attributes of the {Credential} and spits`
			`# them out in a hash compatible with the create_credential calls.`
			`#`
			`# @return [Hash] a hash compatible with #create_credential`
			`def to_h`
add to_hash to Credential 2014-07-31 18:10:48 -05:00			`{`
			`private_data: private,`
			`private_type: private_type,`
			`username: public,`
			`realm_key: realm_key,`
			`realm_value: realm`
			`}`
			`end`

invalidate_login 2014-06-10 11:07:15 -05:00			`private`

			`def at_realm`
			`if self.realm.present?`
			`"@#{self.realm}"`
			`else`
			`""`
			`end`
			`end`
Add a CredentialCollection 2014-06-04 13:01:09 -05:00			`end`
			`end`
			`end`