Metasploit mailing list archives
ERROR: invalid input when using new Credential API
From: Pedro Ribeiro <pedrib () gmail com>
Date: Thu, 2 Oct 2014 23:19:09 +0100
Hi, I'm building an aux module that gets the SQL database credentials from a target. These credentials are provided in the form hostname-username-password. I'm using the new Credential API and doing the following: service_data = { address: loot[database_server_name].split('\\')[0], # port is 0 because we can't get it from the packet_reply port: 0, service_name: loot[database_type], protocol: 'tcp', workspace_id: myworkspace_id } (full code in [1]) However, when I run the module I get the stack trace on [2]. It seems I cannot set the address to a hostname, only numeric IP values? Or am I doing something wrong? Thanks for the help. Regards, Pedro [1]: service_data = { address: loot[database_server_name].split('\\')[0], # port is 0 because we can't get it from the packet_reply port: 0, service_name: loot[database_type], protocol: 'tcp', workspace_id: myworkspace_id } credential_data = { origin_type: :service, module_fullname: self.fullname, private_type: :password, private_data: loot[database_pw], username: loot[schema_owner] , # We store the SID for Oracle or the instance name for SQL Server. # There's no realm_key for SQL Server so store it as Oracle anyway. realm_key: Metasploit::Model::Realm::Key::ORACLE_SYSTEM_IDENTIFIER, realm_value: loot[database_server_name].split('\\')[1] } credential_data.merge!(service_data) credential_core = create_credential(credential_data) login_data = { core: credential_core, status: Metasploit::Model::Login::Status::UNTRIED } login_data.merge!(service_data) create_credential_login(login_data) [2]: [-] Auxiliary failed: ActiveRecord::StatementInvalid PG::InvalidTextRepresentation: ERROR: invalid input syntax for type inet: "SVR-KIT-TI" LINE 1: ..."hosts".* FROM "hosts" WHERE "hosts"."address" = 'SVR-KIT-T... ^ : SELECT "hosts".* FROM "hosts" WHERE "hosts"."address" = 'SVR-KIT-TI' AND "hosts"."workspace_id" = 1 LIMIT 1 [-] Call stack: [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/postgresql_adapter.rb:1163:in `async_exec' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/postgresql_adapter.rb:1163:in `exec_no_cache' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/postgresql_adapter.rb:660:in `block in exec_query' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/abstract_adapter.rb:280:in `block in log' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activesupport-3.2.17/lib/active_support/notifications/instrumenter.rb:20:in `instrument' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/abstract_adapter.rb:275:in `log' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/postgresql_adapter.rb:659:in `exec_query' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/postgresql_adapter.rb:1262:in `select' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/abstract/database_statements.rb:18:in `select_all' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/connection_adapters/abstract/query_cache.rb:63:in `select_all' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/querying.rb:38:in `block in find_by_sql' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/explain.rb:26:in `logging_query_plan' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/querying.rb:37:in `find_by_sql' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/relation.rb:171:in `exec_queries' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/relation.rb:160:in `block in to_a' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/explain.rb:26:in `logging_query_plan' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/relation.rb:159:in `to_a' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/relation/finder_methods.rb:381:in `find_first' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/relation/finder_methods.rb:122:in `first' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.17/lib/active_record/relation.rb:119:in `first_or_create' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/metasploit-credential-0.10.1/lib/metasploit/credential/creation.rb:430:in `create_credential_service' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/metasploit-credential-0.10.1/lib/metasploit/credential/creation.rb:309:in `create_credential_origin_service' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/metasploit-credential-0.10.1/lib/metasploit/credential/creation.rb:239:in `create_credential_origin' [-] /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/metasploit-credential-0.10.1/lib/metasploit/credential/creation.rb:104:in `create_credential' _______________________________________________ https://dev.metasploit.com/mailman/listinfo/framework
Current thread:
- ERROR: invalid input when using new Credential API Pedro Ribeiro (Oct 02)
- Re: ERROR: invalid input when using new Credential API HD Moore (Oct 02)
- Message not available
- Re: ERROR: invalid input when using new Credential API Pedro Ribeiro (Oct 03)
- Message not available
- Re: ERROR: invalid input when using new Credential API Pedro Ribeiro (Oct 07)
- Re: ERROR: invalid input when using new Credential API HD Moore (Oct 02)