Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
require 'metasploit/framework/credential'
2

3
module Metasploit
4
  module Framework
5

6
    # This class is responsible for taking datastore options from the snmp_login module
7
    # and yielding appropriate {Metasploit::Framework::Credential}s to the {Metasploit::Framework::LoginScanner::SNMP}.
8
    # This one has to be different from credentialCollection as it will only have a {Metasploit::Framework::Credential#public}
9
    # It may be slightly confusing that the attributes are called password and pass_file, because this is what the legacy
10
    # module used. However, community Strings are now considered more to be public credentials than private ones.
11
    class CommunityStringCollection
12
      # @!attribute pass_file
13
      #   Path to a file containing passwords, one per line
14
      #   @return [String]
15
      attr_accessor :pass_file
16

17
      # @!attribute password
18
      #   @return [String]
19
      attr_accessor :password
20

21
      # @!attribute prepended_creds
22
      #   List of credentials to be tried before any others
23
      #
24
      #   @see #prepend_cred
25
      #   @return [Array<Credential>]
26
      attr_accessor :prepended_creds
27

28
      # @option opts [String] :pass_file See {#pass_file}
29
      # @option opts [String] :password See {#password}
30
      # @option opts [Array<Credential>] :prepended_creds ([]) See {#prepended_creds}
31
      def initialize(opts = {})
32
        opts.each do |attribute, value|
33
          public_send("#{attribute}=", value)
34
        end
35
        self.prepended_creds ||= []
36
      end
37

38
      # Combines all the provided credential sources into a stream of {Credential}
39
      # objects, yielding them one at a time
40
      #
41
      # @yieldparam credential [Metasploit::Framework::Credential]
42
      # @return [void]
43
      def each
44
        begin
45
          if pass_file.present?
46
            pass_fd = File.open(pass_file, 'r:binary')
47
            pass_fd.each_line do |line|
48
              line.chomp!
49
              yield Metasploit::Framework::Credential.new(public: line, paired: false)
50
            end
51
          end
52

53
          if password.present?
54
            yield Metasploit::Framework::Credential.new(public: password, paired: false)
55
          end
56

57
        ensure
58
          pass_fd.close if pass_fd && !pass_fd.closed?
59
        end
60
      end
61

62
      def empty?
63
        prepended_creds.empty? && !pass_file.present? && !password.present?
64
      end
65

66
      # Add {Credential credentials} that will be yielded by {#each}
67
      #
68
      # @see prepended_creds
69
      # @param cred [Credential]
70
      # @return [self]
71
      def prepend_cred(cred)
72
        prepended_creds.unshift cred
73
        self
74
      end
75

76
    end
77
  end
78
end
79

80