Skip to content

Feature request - update metasploit::credential::core to support target service metadata #166

@adfoster-r7

Description

@adfoster-r7

Request:

Update metasploit::credential::core to contain references to services where the credential can be used against.

I think this metadata is different to metasploit::credential::login - which verifies whether the creds works or not, versus this feature request of allowing cores to differentiate between where creds came from and where they could be used against (verified or not)

Context:

The requirement originally came when adding support for Kerberos tickets #165 - which allows you to authenticate with kerberos, and receive a ticket that can be used against a different target system.

This scenario also comes up when running post modules against targets, i.e.:

  • a .env file containing database credentials that exist on a different service to the origin that the creds were found
  • Finding ssh creds on a compromised host that should work against known targets, but they haven't been verified

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions