Land rapid7#7680, Fix rapid7#7679, LoginScanner should abort if there is no creds to try

Author: bwatters-r7

lib/metasploit/framework/login_scanner/base.rb

@@ -304,6 +304,14 @@ def validate_cred_details
             unless cred_details.respond_to? :each
               errors.add(:cred_details, "must respond to :each")
             end
+
+            if cred_details.prepended_creds.empty? &&
+              cred_details.additional_publics.empty? &&
+              cred_details.additional_privates.empty? &&
+              !cred_details.username.present? &&
+              !cred_details.password.present?
+              errors.add(:cred_details, "can't be blank")
+            end
           end
 
         end

spec/lib/metasploit/framework/login_scanner/base_spec.rb

@@ -12,11 +12,26 @@ def self.model_name
     end
   }
 
+  let(:cred_collection) {
+    creds = double('Metasploit::Framework::CredentialCollection')
+    allow(creds).to receive(:pass_file)
+    allow(creds).to receive(:username).and_return('user')
+    allow(creds).to receive(:password).and_return('pass')
+    allow(creds).to receive(:user_file)
+    allow(creds).to receive(:userpass_file)
+    allow(creds).to receive(:prepended_creds).and_return([])
+    allow(creds).to receive(:additional_privates).and_return(['pass'])
+    allow(creds).to receive(:additional_publics).and_return(['user'])
+    allow(creds).to receive(:each).and_return(['user', 'pass'])
+    allow(creds).to receive(:additional_publics).and_return([])
+    creds
+  }
+
   let(:options) {
 
     {
       connection_timeout: 1,
-      cred_details: ["user", "pass"],
+      cred_details: cred_collection,
       host: '1.2.3.4',
       port: 4444,
       stop_on_success: true,

spec/lib/metasploit/framework/login_scanner/ftp_spec.rb

@@ -49,6 +49,18 @@
   it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
   it_behaves_like 'Metasploit::Framework::Tcp::Client'
 
+  before(:each) do
+    creds = double('Metasploit::Framework::CredentialCollection')
+    allow(creds).to receive(:pass_file)
+    allow(creds).to receive(:username)
+    allow(creds).to receive(:user_file)
+    allow(creds).to receive(:password)
+    allow(creds).to receive(:userpass_file)
+    allow(creds).to receive(:prepended_creds).and_return([])
+    allow(creds).to receive(:additional_privates).and_return([])
+    allow(creds).to receive(:additional_publics).and_return([])
+    ftp_scanner.cred_details = creds
+  end
 
 
   context 'validations' do

spec/lib/metasploit/framework/login_scanner/mssql_spec.rb

@@ -39,6 +39,19 @@
 
   it { is_expected.to respond_to :windows_authentication }
 
+  before(:each) do
+    creds = double('Metasploit::Framework::CredentialCollection')
+    allow(creds).to receive(:pass_file)
+    allow(creds).to receive(:username)
+    allow(creds).to receive(:password)
+    allow(creds).to receive(:user_file)
+    allow(creds).to receive(:userpass_file)
+    allow(creds).to receive(:prepended_creds).and_return([])
+    allow(creds).to receive(:additional_privates).and_return([])
+    allow(creds).to receive(:additional_publics).and_return([])
+    login_scanner.cred_details = creds
+  end
+
   context 'validations' do
     context '#windows_authentication' do
       it 'is not valid for the string true' do

spec/lib/metasploit/framework/login_scanner/smb_spec.rb

@@ -47,6 +47,19 @@
   it { is_expected.to respond_to :smb_pipe_evasion }
 
   context 'validations' do
+    before(:each) do
+        creds = double('Metasploit::Framework::CredentialCollection')
+        allow(creds).to receive(:pass_file)
+        allow(creds).to receive(:username)
+        allow(creds).to receive(:password)
+        allow(creds).to receive(:user_file)
+        allow(creds).to receive(:userpass_file)
+        allow(creds).to receive(:prepended_creds).and_return([])
+        allow(creds).to receive(:additional_privates).and_return([])
+        allow(creds).to receive(:additional_publics).and_return([])
+        login_scanner.cred_details = creds
+    end
+
     context '#smb_verify_signature' do
       it 'is not valid for the string true' do
         login_scanner.smb_verify_signature = 'true'

spec/lib/metasploit/framework/login_scanner/ssh_spec.rb

@@ -60,6 +60,19 @@
 
   it { is_expected.to respond_to :verbosity }
 
+  before(:each) do
+    creds = double('Metasploit::Framework::CredentialCollection')
+    allow(creds).to receive(:pass_file)
+    allow(creds).to receive(:username)
+    allow(creds).to receive(:password)
+    allow(creds).to receive(:user_file)
+    allow(creds).to receive(:userpass_file)
+    allow(creds).to receive(:prepended_creds).and_return([])
+    allow(creds).to receive(:additional_privates).and_return([])
+    allow(creds).to receive(:additional_publics).and_return([])
+    ssh_scanner.cred_details = creds
+  end
+
   context 'validations' do
 
     context 'verbosity' do

spec/lib/metasploit/framework/login_scanner/telnet_spec.rb

@@ -12,6 +12,19 @@
   it { is_expected.to respond_to :banner_timeout }
   it { is_expected.to respond_to :telnet_timeout }
 
+  before(:each) do
+    creds = double('Metasploit::Framework::CredentialCollection')
+    allow(creds).to receive(:pass_file)
+    allow(creds).to receive(:username)
+    allow(creds).to receive(:password)
+    allow(creds).to receive(:user_file)
+    allow(creds).to receive(:userpass_file)
+    allow(creds).to receive(:prepended_creds).and_return([])
+    allow(creds).to receive(:additional_privates).and_return([])
+    allow(creds).to receive(:additional_publics).and_return([])
+    login_scanner.cred_details = creds
+  end
+
   context 'validations' do
     context 'banner_timeout' do
       it 'is not valid for a non-number' do

spec/support/shared/examples/metasploit/framework/login_scanner/login_scanner_base.rb

@@ -65,6 +65,19 @@
   it { is_expected.to respond_to :proxies }
   it { is_expected.to respond_to :stop_on_success }
 
+  before do
+    creds = double('Metasploit::Framework::CredentialCollection')
+    allow(creds).to receive(:pass_file)
+    allow(creds).to receive(:username)
+    allow(creds).to receive(:password)
+    allow(creds).to receive(:user_file)
+    allow(creds).to receive(:userpass_file)
+    allow(creds).to receive(:prepended_creds).and_return([])
+    allow(creds).to receive(:additional_privates).and_return([])
+    allow(creds).to receive(:additional_publics).and_return(['user'])
+    login_scanner.cred_details = creds
+  end
+
   context 'validations' do
     context 'port' do
 
@@ -160,12 +173,32 @@
 
     context 'cred_details' do
       it 'is not valid for not set' do
+        creds = double('Metasploit::Framework::CredentialCollection')
+        allow(creds).to receive(:pass_file)
+        allow(creds).to receive(:username)
+        allow(creds).to receive(:password)
+        allow(creds).to receive(:user_file)
+        allow(creds).to receive(:userpass_file)
+        allow(creds).to receive(:prepended_creds).and_return([])
+        allow(creds).to receive(:additional_privates).and_return([])
+        allow(creds).to receive(:additional_publics).and_return([])
+        login_scanner.cred_details = creds
         expect(login_scanner).to_not be_valid
         expect(login_scanner.errors[:cred_details]).to include "can't be blank"
       end
 
       it 'is not valid for a non-array input' do
-        login_scanner.cred_details = rand(10)
+        creds = double('Metasploit::Framework::CredentialCollection')
+        allow(creds).to receive(:pass_file)
+        allow(creds).to receive(:pass_file)
+        allow(creds).to receive(:username)
+        allow(creds).to receive(:password)
+        allow(creds).to receive(:user_file)
+        allow(creds).to receive(:userpass_file)
+        allow(creds).to receive(:prepended_creds).and_return([])
+        allow(creds).to receive(:additional_privates).and_return([])
+        allow(creds).to receive(:additional_publics).and_return(['user'])
+        login_scanner.cred_details = creds
         expect(login_scanner).to_not be_valid
         expect(login_scanner.errors[:cred_details]).to include "must respond to :each"
       end

spec/support/shared/examples/metasploit/framework/login_scanner/ntlm.rb

@@ -11,6 +11,19 @@
 
   context 'validations' do
 
+    before(:each) do
+      creds = double('Metasploit::Framework::CredentialCollection')
+        allow(creds).to receive(:pass_file)
+        allow(creds).to receive(:username)
+        allow(creds).to receive(:password)
+        allow(creds).to receive(:user_file)
+        allow(creds).to receive(:userpass_file)
+        allow(creds).to receive(:prepended_creds).and_return([])
+        allow(creds).to receive(:additional_privates).and_return([])
+        allow(creds).to receive(:additional_publics).and_return([])
+        login_scanner.cred_details = creds
+    end
+
     context '#send_lm' do
       it 'is not valid for the string true' do
         login_scanner.send_lm = 'true'

spec/support/shared/examples/metasploit/framework/tcp/client.rb

@@ -5,6 +5,19 @@
   it { is_expected.to respond_to :send_delay }
   it { is_expected.to respond_to :max_send_size }
 
+  before(:example) do
+    creds = double('Metasploit::Framework::CredentialCollection')
+    allow(creds).to receive(:pass_file)
+    allow(creds).to receive(:username)
+    allow(creds).to receive(:password)
+    allow(creds).to receive(:user_file)
+    allow(creds).to receive(:userpass_file)
+    allow(creds).to receive(:prepended_creds).and_return([])
+    allow(creds).to receive(:additional_privates).and_return([])
+    allow(creds).to receive(:additional_publics).and_return(['user'])
+    login_scanner.cred_details = creds
+  end
+
   context 'send_delay' do
     it 'is not valid for a non-number' do
       login_scanner.send_delay = "a"