Module: Metasploit::Credential::Creation

Included in:

Importer::Core, Importer::Pwdump, Migrator

Defined in:

lib/metasploit/credential/creation.rb

Overview

Helper methods for finding or creating a tree of credentials. The method ensure that duplicate credentials are not created.

Instance Method Summary

• #active_db? ⇒ Boolean

  Returns true if ActiveRecord has an active database connection, false otherwise.

• #create_cracked_credential(opts = {}) ⇒ Object

  This method takes a few simple parameters and creates a new username/password credential that was obtained by cracking a hash.

• #create_credential(opts = {}) ⇒ NilClass, Metasploit::Credential::Core

  This method is responsible for creation Core objects and all sub-objects that it is dependent upon.

• #create_credential_core(opts = {}) ⇒ NilClass, Metasploit::Credential::Core

  This method is responsible for creating Core objects.

• #create_credential_login(opts = {}) ⇒ NilClass, Metasploit::Credential::Login

  This method is responsible for creating a Login object which ties a Core to the ‘Mdm::Service` it is a valid credential for.

• #create_credential_origin(opts = {}) ⇒ NilClass, ...

  This method is responsible for creating the various Credential::Origin objects.

• #create_credential_origin_cracked_password(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::CrackedPassword

  This method is responsible for creating Origin::CrackedPassword objects.

• #create_credential_origin_import(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::Manual

  This method is responsible for creating Origin::Import objects.

• #create_credential_origin_manual(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::Manual

  This method is responsible for creating Origin::Manual objects.

• #create_credential_origin_service(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::Service

  This method is responsible for creating Origin::Service objects.

• #create_credential_origin_session(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::Session

  This method is responsible for creating Origin::Session objects.

• #create_credential_private(opts = {}) ⇒ NilClass, ...

  This method is responsible for the creation of Private objects.

• #create_credential_public(opts = {}) ⇒ NilClass, Metasploit::Credential::Public

  This method is responsible for the creation of Public objects.

• #create_credential_realm(opts = {}) ⇒ NilClass, Metasploit::Credential::Realm

  This method is responsible for creating the Realm objects that may be required.

• #create_credential_service(opts = {}) ⇒ NilClass, Mdm::Service

  This method is responsible for creating a barebones ‘Mdm::Service` object for use by Credential object creation.

• #invalidate_login(opts = {}) ⇒ void

  This method checks to see if a Login exists for a given set of details.

Instance Method Details

#active_db? ⇒ Boolean

Returns true if ActiveRecord has an active database connection, false otherwise.

Returns:

• (Boolean)

# File 'lib/metasploit/credential/creation.rb', line 12

def active_db?
  ActiveRecord::Base.connected?
end

#create_cracked_credential(opts = {}) ⇒ Object

This method takes a few simple parameters and creates a new username/password credential that was obtained by cracking a hash. It reuses the relevant components form the originating Metasploit::Credential::Core and builds new Login objects based on the ones attached to the originating Metasploit::Credential::Core

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :username (String) —

  the username to find or create the Public from

• :password (String) —

  the password to find or create the Password from

• :core_id (Fixnum) —

  the id for the originating Metasploit::Credential::Core

# File 'lib/metasploit/credential/creation.rb', line 25

def create_cracked_credential(opts={})
  return nil unless active_db?

  if self.respond_to?(:[]) and self[:task]
    opts[:task_id] ||= self[:task].record.id
  end

  username = opts.fetch(:username)
  password = opts.fetch(:password)
  core_id  = opts.fetch(:core_id)

  private  = nil
  public   = nil
  old_core = nil

  retry_transaction do
    private  = Metasploit::Credential::Password.where(data: password).first_or_create!
    public   = Metasploit::Credential::Public.where(username: username).first_or_create!
    old_core = Metasploit::Credential::Core.find(core_id)
  end

  core = nil

  retry_transaction do
    core = Metasploit::Credential::Core.where(public_id: public.id, private_id: private.id, realm_id: nil, workspace_id: old_core.workspace_id).first_or_initialize
    if core.origin_id.nil?
      origin      = Metasploit::Credential::Origin::CrackedPassword.where(metasploit_credential_core_id: core_id).first_or_create!
      core.origin = origin
    end
    if opts[:task_id]
      core.tasks << Mdm::Task.find(opts[:task_id])
    end
    core.save!
  end

  old_core.logins.each do |login|
    service_id = login.service_id
    new_login = Metasploit::Credential::Login.where(core_id: core.id, service_id: service_id).first_or_initialize
    if new_login.status.blank?
      new_login.status =  Metasploit::Model::Login::Status::UNTRIED
    end
    new_login.save!
  end
end

#create_credential(opts = {}) ⇒ NilClass, Metasploit::Credential::Core

This method is responsible for creation Metasploit::Credential::Core objects and all sub-objects that it is dependent upon.

Examples:

Reporting a Bruteforced Credential

create_credential(
  origin_type: :service,
  address: '192.168.1.100',
  port: 445,
  service_name: 'smb',
  protocol: 'tcp',
  module_fullname: 'auxiliary/scanner/smb/smb_login',
  workspace_id: myworkspace.id,
  private_data: 'password1',
  private_type: :password,
  username: 'Administrator'
)

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :jtr_format (String) —

  The format for John the ripper to use to try and crack this

• :origin_type (Symbol) —

  The Origin type we are trying to create

• :address (String) —

  The address of the ‘Mdm::Host` to link this Origin to

• :port (Fixnum) —

  The port number of the ‘Mdm::Service` to link this Origin to

• :service_name (String) —

  The service name to use for the ‘Mdm::Service`

• :protocol (String) —

  The protocol type of the ‘Mdm::Service` to link this Origin to

• :module_fullname (String) —

  The fullname of the Metasploit Module to link this Origin to

• :workspace_id (Fixnum) —

  The ID of the ‘Mdm::Workspace` to use for the `Mdm::Host`

• :task_id (Fixnum) —

  The ID of the ‘Mdm::Task` to link this Origin and Core to

• :filename (String) —

  The filename of the file that was imported

• :user_id (Fixnum) —

  The ID of the ‘Mdm::User` to link this Origin to

• :session_id (Fixnum) —

  The ID of the ‘Mdm::Session` to link this Origin to

• :post_reference_name (String) —

  The reference name of the Metasploit Post module to link the origin to

• :private_data (String) —

  The actual data for the private (e.g. password, hash, key etc)

• :private_type (Symbol) —

  The type of Private to create

• :username (String) —

  The username to use for the Public

Returns:

• (NilClass) —

  if there is no active database connection

• (Metasploit::Credential::Core)

Raises:

• (KeyError) —

  if a required option is missing

• (ArgumentError) —

  if an invalid :private_type is specified

• (ArgumentError) —

  if an invalid :origin_type is specified

# File 'lib/metasploit/credential/creation.rb', line 108

def create_credential(opts={})
  return nil unless active_db?

  if self.respond_to?(:[]) and self[:task]
    opts[:task_id] ||= self[:task].record.id
  end

  if opts[:origin]
    origin = opts[:origin]
  else
    origin = create_credential_origin(opts)
  end

  core_opts = {
      origin: origin,
      workspace_id: opts.fetch(:workspace_id)
  }

  if opts.has_key?(:realm_key) && opts.has_key?(:realm_value)
    core_opts[:realm] = create_credential_realm(opts)
  end

  if opts.has_key?(:private_type) && opts.has_key?(:private_data)
    core_opts[:private] = create_credential_private(opts)
  end

  if opts.has_key?(:username)
    core_opts[:public] = create_credential_public(opts)
  end

  if opts.has_key?(:task_id)
    core_opts[:task_id] = opts[:task_id]
  end

  create_credential_core(core_opts)
end

#create_credential_core(opts = {}) ⇒ NilClass, Metasploit::Credential::Core

This method is responsible for creating Metasploit::Credential::Core objects.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :origin (Metasploit::Credential::Origin) —

  The origin object to tie the core to

• :public (Metasploit::Credential::Public) —

  The Public component

• :private (Metasploit::Credential::Private) —

  The Private component

• :realm (Metasploit::Credential::Realm) —

  The Realm component

• :workspace_id (Fixnum) —

  The ID of the ‘Mdm::Workspace` to tie the Core to

• :task_id (Fixnum) —

  The ID of the ‘Mdm::Task` to link this Core to

Returns:

• (NilClass) —

  if there is no active database connection

• (Metasploit::Credential::Core)

# File 'lib/metasploit/credential/creation.rb', line 155

def create_credential_core(opts={})
  return nil unless active_db?

  if self.respond_to?(:[]) and self[:task]
    opts[:task_id] ||= self[:task].record.id
  end

  origin       = opts.fetch(:origin)
  workspace_id = opts.fetch(:workspace_id)

  private_id   = opts[:private].try(:id)
  public_id    = opts[:public].try(:id)
  realm_id     = opts[:realm].try(:id)

  core = nil
  retry_transaction do
    core = Metasploit::Credential::Core.where(private_id: private_id, public_id: public_id, realm_id: realm_id, workspace_id: workspace_id).first_or_initialize
    if core.origin_id.nil?
      core.origin = origin
    end
    if opts[:task_id]
      core.tasks << Mdm::Task.find(opts[:task_id])
    end
    core.save!
  end

  core
end

#create_credential_login(opts = {}) ⇒ NilClass, Metasploit::Credential::Login

This method is responsible for creating a Login object which ties a Metasploit::Credential::Core to the ‘Mdm::Service` it is a valid credential for.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :access_level (String) —

  The access level to assign to this login if we know it

• :address (String) —

  The address of the ‘Mdm::Host` to link this Login to

• :last_attempted_at (DateTime) —

  The last time this Login was attempted

• :core (Metasploit::Credential::Core) —

  The Metasploit::Credential::Core to link this login to

• :port (Fixnum) —

  The port number of the ‘Mdm::Service` to link this Login to

• :service_name (String) —

  The service name to use for the ‘Mdm::Service`

• :status (String) —

  The status for the Login object

• :protocol (String) —

  The protocol type of the ‘Mdm::Service` to link this Login to

• :workspace_id (Fixnum) —

  The ID of the ‘Mdm::Workspace` to use for the `Mdm::Host`

• :task_id (Fixnum) —

  The ID of the ‘Mdm::Task` to link this Login to

Returns:

• (NilClass) —

  if there is no active database connection

• (Metasploit::Credential::Login)

Raises:

• (KeyError) —

  if a required option is missing

# File 'lib/metasploit/credential/creation.rb', line 201

def create_credential_login(opts={})
  return nil unless active_db?

  if self.respond_to?(:[]) and self[:task]
    opts[:task_id] ||= self[:task].record.id
  end

  access_level       = opts.fetch(:access_level, nil)
  core               = opts.fetch(:core)
  last_attempted_at  = opts.fetch(:last_attempted_at, nil)
  status             = opts.fetch(:status)

  login_object = nil
  retry_transaction do
    service_object = create_credential_service(opts)
    login_object = Metasploit::Credential::Login.where(core_id: core.id, service_id: service_object.id).first_or_initialize

    if opts[:task_id]
      login_object.tasks << Mdm::Task.find(opts[:task_id])
    end

    login_object.access_level      = access_level if access_level
    login_object.last_attempted_at = last_attempted_at if last_attempted_at
    login_object.status            = status
    login_object.save!
  end

  login_object
end

#create_credential_origin(opts = {}) ⇒ NilClass, ...

This method is responsible for creating the various Credential::Origin objects. It takes a key for the Origin type and delegates to the correct sub-method.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :origin_type (Symbol) —

  The Origin type we are trying to create

• :address (String) —

  The address of the ‘Mdm::Host` to link this Origin to

• :port (Fixnum) —

  The port number of the ‘Mdm::Service` to link this Origin to

• :service_name (String) —

  The service name to use for the ‘Mdm::Service`

• :protocol (String) —

  The protocol type of the ‘Mdm::Service` to link this Origin to

• :module_fullname (String) —

  The fullname of the Metasploit Module to link this Origin to

• :workspace_id (Fixnum) —

  The ID of the ‘Mdm::Workspace` to use for the `Mdm::Host`

• :task_id (Fixnum) —

  The ID of the ‘Mdm::Task` to link this Origin to

• :filename (String) —

  The filename of the file that was imported

• :user_id (Fixnum) —

  The ID of the ‘Mdm::User` to link this Origin to

• :session_id (Fixnum) —

  The ID of the ‘Mdm::Session` to link this Origin to

• :post_reference_name (String) —

  The reference name of the Metasploit Post module to link the origin to

Returns:

• (NilClass) —

  if there is no connected database

• (Metasploit::Credential::Origin::Manual) —

  if :origin_type was :manual

• (Metasploit::Credential::Origin::Import) —

  if :origin_type was :import

• (Metasploit::Credential::Origin::Service) —

  if :origin_type was :service

• (Metasploit::Credential::Origin::Session) —

  if :origin_type was :session

Raises:

• (ArgumentError) —

  if an invalid origin_type was provided

• (KeyError) —

  if a required option is missing

# File 'lib/metasploit/credential/creation.rb', line 253

def create_credential_origin(opts={})
  return nil unless active_db?
  case opts[:origin_type]
    when :cracked_password
      create_credential_origin_cracked_password(opts)
    when :import
      create_credential_origin_import(opts)
    when :manual
      create_credential_origin_manual(opts)
    when :service
      create_credential_origin_service(opts)
    when :session
      create_credential_origin_session(opts)
    else
      raise ArgumentError, "Unknown Origin Type #{opts[:origin_type]}"
  end
end

#create_credential_origin_cracked_password(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::CrackedPassword

This method is responsible for creating Origin::CrackedPassword objects. These are the origins that show that a password Credential was obtained by cracking a hash Credential that previously existed in the database.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :originating_core_id (Fixnum) —

  The ID of the originating Credential core.

Returns:

• (NilClass) —

  if there is no connected database

• (Metasploit::Credential::Origin::CrackedPassword) —

  The created Origin::CrackedPassword object

# File 'lib/metasploit/credential/creation.rb', line 278

def create_credential_origin_cracked_password(opts={})
  return nil unless active_db?
  originating_core_id = opts.fetch(:originating_core_id)

  retry_transaction do
    Metasploit::Credential::Origin::CrackedPassword.where(metasploit_credential_core_id: originating_core_id ).first_or_create!
  end
end

#create_credential_origin_import(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::Manual

This method is responsible for creating Origin::Import objects.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :filename (String) —

  The filename of the file that was imported

Returns:

• (NilClass) —

  if there is no connected database

• (Metasploit::Credential::Origin::Manual) —

  The created Origin::Import object

Raises:

• (KeyError) —

  if a required option is missing

# File 'lib/metasploit/credential/creation.rb', line 293

def create_credential_origin_import(opts={})
  return nil unless active_db?
  filename = opts.fetch(:filename)

  retry_transaction do
    Metasploit::Credential::Origin::Import.where(filename: filename).first_or_create!
  end
end

#create_credential_origin_manual(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::Manual

This method is responsible for creating Origin::Manual objects.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :user_id (Fixnum) —

  The ID of the ‘Mdm::User` to link this Origin to

Returns:

• (NilClass) —

  if there is no connected database

• (Metasploit::Credential::Origin::Manual) —

  The created Origin::Manual object

Raises:

• (KeyError) —

  if a required option is missing

# File 'lib/metasploit/credential/creation.rb', line 308

def create_credential_origin_manual(opts={})
  return nil unless active_db?
  user_id = opts.fetch(:user_id)

  retry_transaction do
    Metasploit::Credential::Origin::Manual.where(user_id: user_id).first_or_create!
  end
end

#create_credential_origin_service(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::Service

This method is responsible for creating Origin::Service objects. If there is not a matching ‘Mdm::Host` it will create it. If there is not a matching `Mdm::Service` it will create that too.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :address (String) —

  The address of the ‘Mdm::Host` to link this Origin to

• :port (Fixnum) —

  The port number of the ‘Mdm::Service` to link this Origin to

• :service_name (String) —

  The service name to use for the ‘Mdm::Service`

• :protocol (String) —

  The protocol type of the ‘Mdm::Service` to link this Origin to

• :module_fullname (String) —

  The fullname of the Metasploit Module to link this Origin to

Returns:

• (NilClass) —

  if there is no connected database

• (Metasploit::Credential::Origin::Service) —

  The created Origin::Service object

Raises:

• (KeyError) —

  if a required option is missing

# File 'lib/metasploit/credential/creation.rb', line 329

def create_credential_origin_service(opts={})
  return nil unless active_db?
  module_fullname  = opts.fetch(:module_fullname)

  service_object = create_credential_service(opts)

  retry_transaction do
    Metasploit::Credential::Origin::Service.where(service_id: service_object.id, module_full_name: module_fullname).first_or_create!
  end

end

#create_credential_origin_session(opts = {}) ⇒ NilClass, Metasploit::Credential::Origin::Session

This method is responsible for creating Origin::Session objects.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :session_id (Fixnum) —

  The ID of the ‘Mdm::Session` to link this Origin to

• :post_reference_name (String) —

  The reference name of the Metasploit Post module to link the origin to

Returns:

• (NilClass) —

  if there is no connected database

• (Metasploit::Credential::Origin::Session) —

  The created Origin::Session object

Raises:

• (KeyError) —

  if a required option is missing

# File 'lib/metasploit/credential/creation.rb', line 348

def create_credential_origin_session(opts={})
  return nil unless active_db?
  session_id           = opts.fetch(:session_id)
  post_reference_name  = opts.fetch(:post_reference_name)

  retry_transaction do
    Metasploit::Credential::Origin::Session.where(session_id: session_id, post_reference_name: post_reference_name).first_or_create!
  end
end

#create_credential_private(opts = {}) ⇒ NilClass, ...

This method is responsible for the creation of Private objects. It will create the correct subclass based on the type.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :jtr_format (String) —

  The format for John the ripper to use to try and crack this

• :private_data (String) —

  The actual data for the private (e.g. password, hash, key etc)

• :private_type (Symbol) —

  The type of Private to create

Returns:

• (NilClass) —

  if there is no active database connection

• (Metasploit::Credential::Password) —

  if the private_type was :password

• (Metasploit::Credential::SSHKey) —

  if the private_type was :ssh_key

• (Metasploit::Credential::NTLMHash) —

  if the private_type was :ntlm_hash

• (Metasploit::Credential::NonreplayableHash) —

  if the private_type was :nonreplayable_hash

Raises:

• (ArgumentError) —

  if a valid type is not supplied

• (KeyError) —

  if a required option is missing

# File 'lib/metasploit/credential/creation.rb', line 371

def create_credential_private(opts={})
  return nil unless active_db?
  private_data = opts.fetch(:private_data)
  private_type = opts.fetch(:private_type)

  private_object = nil

  retry_transaction do
    if private_data.blank?
      private_object = Metasploit::Credential::BlankPassword.where(data:'').first_or_create
    else
      case private_type
        when :password
          private_object = Metasploit::Credential::Password.where(data: private_data).first_or_create
        when :ssh_key
          private_object = Metasploit::Credential::SSHKey.where(data: private_data).first_or_create
        when :ntlm_hash
          private_object = Metasploit::Credential::NTLMHash.where(data: private_data).first_or_create
          private_object.jtr_format = 'nt,lm'
        when :nonreplayable_hash
          private_object = Metasploit::Credential::NonreplayableHash.where(data: private_data).first_or_create
          if opts[:jtr_format].present?
            private_object.jtr_format = opts[:jtr_format]
          end
        else
          raise ArgumentError, "Invalid Private type: #{private_type}"
      end
    end
    private_object.save!
  end
  private_object
end

#create_credential_public(opts = {}) ⇒ NilClass, Metasploit::Credential::Public

This method is responsible for the creation of Public objects.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :username (String) —

  The username to use for the Public

Returns:

• (NilClass) —

  if there is no active database connection

• (Metasploit::Credential::Public)

Raises:

• (KeyError) —

  if a required option is missing

# File 'lib/metasploit/credential/creation.rb', line 410

def create_credential_public(opts={})
  return nil unless active_db?
  username = opts.fetch(:username)

  retry_transaction do
    if username.blank?
      Metasploit::Credential::BlankUsername.where(username:'').first_or_create!
    else
      Metasploit::Credential::Username.where(username: username).first_or_create!
    end
  end
end

#create_credential_realm(opts = {}) ⇒ NilClass, Metasploit::Credential::Realm

This method is responsible for creating the Realm objects that may be required.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :realm_key (String) —

  The type of Realm this is (e.g. ‘Active Directory Domain’)

• :realm_value (String) —

  The actual Realm name (e.g. contosso)

Returns:

• (NilClass) —

  if there is no active database connection

• (Metasploit::Credential::Realm) —

  if it successfully creates or finds the object

Raises:

• (KeyError) —

  if a required option is missing

# File 'lib/metasploit/credential/creation.rb', line 431

def create_credential_realm(opts={})
  return nil unless active_db?
  realm_key   = opts.fetch(:realm_key)
  realm_value = opts.fetch(:realm_value)

  retry_transaction do
    Metasploit::Credential::Realm.where(key: realm_key, value: realm_value).first_or_create!
  end
end

#create_credential_service(opts = {}) ⇒ NilClass, Mdm::Service

This method is responsible for creating a barebones ‘Mdm::Service` object for use by Credential object creation.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :address (String) —

  The address of the ‘Mdm::Host`

• :port (Fixnum) —

  The port number of the ‘Mdm::Service`

• :service_name (String) —

  The service name to use for the ‘Mdm::Service`

• :protocol (String) —

  The protocol type of the ‘Mdm::Service“

• :workspace_id (Fixnum) —

  The ID of the ‘Mdm::Workspace` to use for the `Mdm::Host`

Returns:

• (NilClass) —

  if there is no connected database

• (Mdm::Service)

Raises:

• (KeyError) —

  if a required option is missing

# File 'lib/metasploit/credential/creation.rb', line 454

def create_credential_service(opts={})
  return nil unless active_db?
  address          = opts.fetch(:address)
  port             = opts.fetch(:port)
  service_name     = opts.fetch(:service_name)
  protocol         = opts.fetch(:protocol)
  workspace_id     = opts.fetch(:workspace_id)

  host_object    = Mdm::Host.where(address: address, workspace_id: workspace_id).first_or_create
  service_object = Mdm::Service.where(host_id: host_object.id, port: port, proto: protocol).first_or_initialize

  service_object.name  = service_name
  service_object.state = "open"
  service_object.save!

  service_object
end

#invalidate_login(opts = {}) ⇒ void

This method returns an undefined value.

This method checks to see if a Login exists for a given set of details. If it does exists, we then appropriately set the status to one of our failure statuses.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :address (String) —

  The address of the host we attempted

• :port (Fixnum) —

  the port of the service we attempted

• :protocol (String) —

  the transport protocol of the service we attempted

• :public (String) —

  A string representation of the public we tried

• :private (String) —

  A string representation of the private we tried

• :status (Symbol) —

  The status symbol from the Framework::LoginScanner::Result

Raises:

• (KeyError) —

  if any of the above options are missing

# File 'lib/metasploit/credential/creation.rb', line 484

def invalidate_login(opts = {})
  return nil unless active_db?
  address     = opts.fetch(:address)
  port        = opts.fetch(:port)
  protocol    = opts.fetch(:protocol)
  public      = opts.fetch(:username, nil)
  private     = opts.fetch(:private_data, nil)
  realm_key   = opts.fetch(:realm_key, nil)
  realm_value = opts.fetch(:realm_value, nil)
  status      = opts.fetch(:status)


  pub_obj = Metasploit::Credential::Public.where(username: public).first.try(:id)
  priv_obj = Metasploit::Credential::Private.where(data: private).first.try(:id)
  realm_obj = Metasploit::Credential::Realm.where(key: realm_key, value: realm_value).first.try(:id)

  core = Metasploit::Credential::Core.where(public_id: pub_obj, private_id: priv_obj, realm_id: realm_obj).first

  # Do nothing else if we have no matching core. Otherwise look for a Login.
  if core.present?
    login = core.logins.joins(service: :host).where(services: { port: port, proto: protocol } ).where( hosts: {address: address}).readonly(false).first

    if login.present?
      login.status = status
      login.last_attempted_at = DateTime.now
      login.save!
    end

  end

end