fix to comptuer browser discovery to output properly and sotre as loot

added additional option to save detected hosts in the db.
2011-11-17 14:17:28 -08:00 · 2011-11-17 14:17:28 -08:00 · 3bfe7e9b98
parent 4c90b68b4f
commit 3bfe7e9b98
3 changed files with 11 additions and 4 deletions
--- a/modules/post/windows/gather/credentials/imvu.rb
+++ b/modules/post/windows/gather/credentials/imvu.rb
@ -24,7 +24,7 @@ class Metasploit3 < Msf::Post

 	def initialize(info = {})
 		super(update_info(info, 
-			'Name'           => 'IMVU Password Extractor',
+			'Name'           => 'Windows Gather IMVU Saved Password Extraction',
 			'Description'    => %q{
 				This module extracts account Userame & password From IMVU Client and stores
 				it as loot.
--- a/modules/post/windows/gather/forensics/duqu_check.rb
+++ b/modules/post/windows/gather/forensics/duqu_check.rb
@ -17,7 +17,7 @@ class Metasploit3 < Msf::Post

 	def initialize(info={})
 		super( update_info( info,
-			'Name'           => 'Duqu Registry Check',
+			'Name'           => 'Windows Forensics Duqu Infection Registry Check',
 			'Description'    => %q{ This module searches for CVE-2011-3402 [Duqu] related registry artifacts.},
 			'License'        => MSF_LICENSE,
 			'Author'         => [ 'Marcus J. Carey <mjc[at]threatagent.com>'],
--- a/modules/post/windows/recon/computer_browser_discovery.rb
+++ b/modules/post/windows/recon/computer_browser_discovery.rb
@ -15,6 +15,8 @@ require 'rex'

 class Metasploit3 < Msf::Post

+	include Msf::Auxiliary::Report
+
 	def initialize(info={})
 		super( update_info( info,
 				'Name'          => 'Windows Recon Computer Browser Discovery',
@ -40,7 +42,8 @@ class Metasploit3 < Msf::Post
 		register_options(
 			[
 				OptString.new('LTYPE',  [true, 'Account informations (type info for known types)', 'WK']),
-				OptString.new('DOMAIN', [false, 'Domain to perform lookups on, default is current domain',nil])
+				OptString.new('DOMAIN', [false, 'Domain to perform lookups on, default is current domain',nil]),
+				OptBool.new('SAVEHOSTS', [true, 'Save Discovered Hosts to the Database', false])
 			], self.class)
 	end

@ -154,6 +157,7 @@ client.railgun.add_function( 'netapi32', 'NetUserEnum', 'DWORD',[
 				print '.'
 				result = client.railgun.ws2_32.getaddrinfo(x[:cname], nil, nil, 4 )
 				if result['GetLastError'] == 11001
+					print_error("There was an error resolving the IP for #{x[:cname]}")
 					next
 				end
 				addrinfo = client.railgun.memread( result['ppResult'], size )
@ -161,6 +165,7 @@ client.railgun.add_function( 'netapi32', 'NetUserEnum', 'DWORD',[
 				sockaddr = client.railgun.memread( ai_addr_pointer, size/2 )
 				ip = sockaddr[4,4].unpack('N').first
 				x[:ip] = Rex::Socket.addr_itoa(ip)
+				x[:ip] = '' unless x[:ip]
 			end
 		rescue ::Exception => e
 			print_error(e)
@ -177,8 +182,10 @@ client.railgun.add_function( 'netapi32', 'NetUserEnum', 'DWORD',[

 		netview.each do |x|
 			results << [x[:type], x[:ip], x[:cname], "#{x[:major_ver]}.#{x[:minor_ver]}", x[:comment]]
+			report_host(:host => x[:ip]) if datastore['SAVEHOSTS'] and !(x[:ip].empty?)
 		end
-		print_status(results.inspect)
+		print_status(results.to_s)
+		store_loot("discovered.hosts", "text/plain", session, results.to_s, "discovered_hosts.txt", "Computer Browser Discovered Hosts")

 		print_status('If none of the IP addresses show up you are running this from a Win2k or older system')
 		print_status("If a host doesn't have an IP it either timed out or only has an IPv6 address assinged to it")