ERROR: invalid input when using new Credential API

[Pedro Ribeiro <pedrib () gmail com>]

Hi,

I'm building an aux module that gets the SQL database credentials from
a target. These credentials are provided in the form
hostname-username-password. I'm using the new Credential API and doing
the following:

      service_data = {
        address: loot[database_server_name].split('\\')[0],
        # port is 0 because we can't get it from the packet_reply
        port: 0,
        service_name: loot[database_type],
        protocol: 'tcp',
        workspace_id: myworkspace_id
      }
(full code in [1])

However, when I run the module I get the stack trace on [2].

It seems I cannot set the address to a hostname, only numeric IP values?
Or am I doing something wrong?

Thanks for the help.

Regards,
Pedro


[1]:
      service_data = {
        address: loot[database_server_name].split('\\')[0],
        # port is 0 because we can't get it from the packet_reply
        port: 0,
        service_name: loot[database_type],
        protocol: 'tcp',
        workspace_id: myworkspace_id
      }
      credential_data = {
        origin_type: :service,
        module_fullname: self.fullname,
        private_type: :password,
        private_data: loot[database_pw],
        username: loot[schema_owner] ,
        # We store the SID for Oracle or the instance name for SQL Server.
        # There's no realm_key for SQL Server so store it as Oracle anyway.
        realm_key: Metasploit::Model::Realm::Key::ORACLE_SYSTEM_IDENTIFIER,
        realm_value: loot[database_server_name].split('\\')[1]
      }

      credential_data.merge!(service_data)
      credential_core = create_credential(credential_data)
      login_data = {
        core: credential_core,
        status: Metasploit::Model::Login::Status::UNTRIED
      }
      login_data.merge!(service_data)
      create_credential_login(login_data)



[2]:
[-] Auxiliary failed: ActiveRecord::StatementInvalid
PG::InvalidTextRepresentation: ERROR:  invalid input syntax for type
inet: "SVR-KIT-TI"
LINE 1: ..."hosts".* FROM "hosts"  WHERE "hosts"."address" = 'SVR-KIT-T...
                                                             ^
: SELECT  "hosts".* FROM "hosts"  WHERE "hosts"."address" =
'SVR-KIT-TI' AND "hosts"."workspace_id" = 1 LIMIT 1
[-] Call stack:
[-]   
/opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/postgresql_adapter.rb:1163:in
`async_exec'
[-]   
/opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/postgresql_adapter.rb:1163:in
`exec_no_cache'
[-]   
/opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/postgresql_adapter.rb:660:in
`block in exec_query'
[-]   
/opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/abstract_adapter.rb:280:in
`block in log'
[-]   
/opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activesupport-3.2.17/lib/active_support/notifications/instrumenter.rb:20:in
`instrument'
[-]   
/opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/abstract_adapter.rb:275:in
`log'
[-]   
/opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/postgresql_adapter.rb:659:in
`exec_query'
[-]   
/opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/postgresql_adapter.rb:1262:in
`select'
[-]   
/opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/abstract/database_statements.rb:18:in
`select_all'
[-]   
/opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/abstract/query_cache.rb:63:in
`select_all'
[-]   /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/querying.rb:38:in
`block in find_by_sql'
[-]   /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/explain.rb:26:in
`logging_query_plan'
[-]   /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/querying.rb:37:in
`find_by_sql'
[-]   /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/relation.rb:171:in
`exec_queries'
[-]   /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/relation.rb:160:in
`block in to_a'
[-]   /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/explain.rb:26:in
`logging_query_plan'
[-]   /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/relation.rb:159:in
`to_a'
[-]   
/opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/relation/finder_methods.rb:381:in
`find_first'
[-]   
/opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/relation/finder_methods.rb:122:in
`first'
[-]   /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/relation.rb:119:in
`first_or_create'
[-]   
/opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/metasploit-credential-0.10.1/lib/metasploit/credential/creation.rb:430:in
`create_credential_service'
[-]   
/opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/metasploit-credential-0.10.1/lib/metasploit/credential/creation.rb:309:in
`create_credential_origin_service'
[-]   
/opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/metasploit-credential-0.10.1/lib/metasploit/credential/creation.rb:239:in
`create_credential_origin'
[-]   
/opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/metasploit-credential-0.10.1/lib/metasploit/credential/creation.rb:104:in
`create_credential'
_______________________________________________
https://dev.metasploit.com/mailman/listinfo/framework