Merge pull request #20920 from rudraditya21/fix/cracker-auto-action

Handle ACTION=auto with CRACKER_PATH in password crackers

Author: smcintyre-r7

lib/msf/core/auxiliary/password_cracker.rb

@@ -82,7 +82,7 @@ def new_password_cracker(cracking_application)
         optimize: datastore['OptimizeKernel'],
         wordlist: datastore['CUSTOM_WORDLIST']
       )
-      cracker.cracker = cracking_application
+      cracker.cracker = resolve_cracking_application(cracking_application, cracker)
       begin
         cracker.binary_path
       rescue Metasploit::Framework::PasswordCracker::PasswordCrackerNotFoundError => e
@@ -97,6 +97,36 @@ def new_password_cracker(cracking_application)
       cracker
     end
 
+    def resolve_cracking_application(cracking_application, cracker)
+      return cracking_application unless cracking_application == 'auto'
+
+      if cracker.cracker_path.present?
+        basename = ::File.basename(cracker.cracker_path).downcase
+        return 'john' if basename.start_with?('john')
+        return 'hashcat' if basename.start_with?('hashcat')
+
+        fail_with(
+          Msf::Module::Failure::BadConfig,
+          "CRACKER_PATH '#{cracker.cracker_path}' does not look like john or hashcat; set ACTION to 'john' or 'hashcat'."
+        )
+      end
+
+      %w[john hashcat].each do |candidate|
+        cracker.cracker = candidate
+        begin
+          cracker.binary_path
+          return candidate
+        rescue Metasploit::Framework::PasswordCracker::PasswordCrackerNotFoundError
+          next
+        end
+      end
+
+      fail_with(
+        Msf::Module::Failure::BadConfig,
+        'No suitable john/hashcat binary was found on the system. Set CRACKER_PATH or ACTION.'
+      )
+    end
+
     # This method instantiates a {Metasploit::Framework::JtR::Wordlist}, writes the data
     # out to a file and returns the {Rex::Quickfile} object.
     #

spec/lib/msf/core/auxiliary/password_cracker_spec.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Msf::Auxiliary::PasswordCracker do
+  class DummyPasswordCracker
+    include Msf::Auxiliary::PasswordCracker
+
+    attr_accessor :datastore, :framework
+
+    def initialize
+      self.datastore = {}
+      db = Struct.new(:active).new(true)
+      self.framework = Struct.new(:db).new(db)
+    end
+
+    def fail_with(_type, message)
+      raise RuntimeError, message
+    end
+  end
+
+  subject(:helper) { DummyPasswordCracker.new }
+
+  describe '#resolve_cracking_application' do
+    it 'infers john from CRACKER_PATH when ACTION is auto' do
+      helper.datastore['CRACKER_PATH'] = '/opt/john/run/john'
+      cracker = Metasploit::Framework::PasswordCracker::Cracker.new(cracker_path: helper.datastore['CRACKER_PATH'])
+
+      expect(helper.resolve_cracking_application('auto', cracker)).to eq('john')
+    end
+
+    it 'infers hashcat from CRACKER_PATH when ACTION is auto' do
+      helper.datastore['CRACKER_PATH'] = '/opt/hashcat/hashcat'
+      cracker = Metasploit::Framework::PasswordCracker::Cracker.new(cracker_path: helper.datastore['CRACKER_PATH'])
+
+      expect(helper.resolve_cracking_application('auto', cracker)).to eq('hashcat')
+    end
+
+    it 'raises a BadConfig style error when CRACKER_PATH is unknown with ACTION auto' do
+      helper.datastore['CRACKER_PATH'] = '/opt/tools/myawesomecracker'
+      cracker = Metasploit::Framework::PasswordCracker::Cracker.new(cracker_path: helper.datastore['CRACKER_PATH'])
+
+      expect {
+        helper.resolve_cracking_application('auto', cracker)
+      }.to raise_error(RuntimeError, /CRACKER_PATH .* set ACTION to 'john' or 'hashcat'/)
+    end
+
+    it 'falls back to PATH discovery when CRACKER_PATH is unset' do
+      helper.datastore['CRACKER_PATH'] = nil
+      cracker = Metasploit::Framework::PasswordCracker::Cracker.new
+
+      allow(cracker).to receive(:binary_path) do
+        if cracker.cracker == 'john'
+          raise Metasploit::Framework::PasswordCracker::PasswordCrackerNotFoundError
+        end
+        '/usr/bin/hashcat'
+      end
+
+      expect(helper.resolve_cracking_application('auto', cracker)).to eq('hashcat')
+    end
+  end
+end