more spaces at EOL

unstable
James Lee 2011-11-20 11:59:28 +11:00
parent 8f56dc1504
commit 4ac21afcbc
6 changed files with 34 additions and 34 deletions

View File

@ -1,7 +1,7 @@
module Msf
class Post
module Windows
module Accounts
##
@ -23,39 +23,39 @@ module Accounts
# :access_denied - You do not have permission to delete the given user
#
# OR nil if there was an exceptional windows error (example: ran out of memory)
#
#
# Caveats:
# nil is returned if there is an *exceptional* windows error. That error is printed.
# Everything other than ':success' signifies failure
##
def delete_user(username, server_name = nil)
deletion = client.railgun.netapi32.NetUserDel(server_name, username)
deletion = client.railgun.netapi32.NetUserDel(server_name, username)
#http://msdn.microsoft.com/en-us/library/aa370674.aspx
case deletion['return']
when 2221 # NERR_UserNotFound
return :user_not_found
when 2351 # NERR_InvalidComputer
return :invalid_server
when 2351 # NERR_InvalidComputer
return :invalid_server
when 2226 # NERR_NotPrimary
return :not_on_primary
when client.railgun.const('ERROR_ACCESS_DENIED')
return :access_denied
when 0
return :success
when 0
return :success
else
error = deletion['GetLastError']
if error != 0
if error != 0
print_error "Unexpected Windows System Error #{error}"
else
# Uh... we shouldn't be here
print_error "DeleteUser unexpectedly returned #{deletion['return']}"
end
end
# If we got here, then something above failed
return nil
end
end
##
@ -71,7 +71,7 @@ module Accounts
# Returns:
# {
# :name => account name (e.g. "SYSTEM")
# :domain => domain where the account name was found. May have values such as
# :domain => domain where the account name was found. May have values such as
# the work station's name, BUILTIN, NT AUTHORITY, or an empty string
# :type => one of :user, :group, :domain, :alias, :well_known_group,
# :deleted_account, :invalid, :unknown, :computer
@ -106,9 +106,9 @@ module Accounts
end
end
# A reference to the SID data structure. Generally needed when working with sids
# A reference to the SID data structure. Generally needed when working with sids
psid = conversion['pSid']
# http://msdn.microsoft.com/en-us/library/aa379166(v=vs.85).aspx
# TODO: The buffer sizes here need to be reviewed/adjusted/optimized
lookup = adv.LookupAccountSidA(system_name, psid, 100, 100, 100, 100, 1)
@ -144,7 +144,7 @@ module Accounts
:mapped => true
}
end
private
##

View File

@ -24,7 +24,7 @@ module Priv
else
return true
end
end
end
end
#
@ -76,7 +76,7 @@ module Priv
end
return uac
end
def session_has_ext
begin
return !!(session.railgun and session.sys.config)

View File

@ -15,7 +15,7 @@ module Registry
retval=meterpreter_registry_loadkey(key,file)
else
retval=shell_registry_loadkey(key,file)
end
end
return retval
end
@ -24,7 +24,7 @@ module Registry
retval=meterpreter_registry_unloadkey(key)
else
retval=shell_registry_unloadkey(key)
end
end
return retval
end
@ -152,7 +152,7 @@ protected
elsif results =~ /^Error:/
error_hash = win_parse_error(results)
else
error_hash = win_parse_error("ERROR:Unknown error running #{cmd}")
error_hash = win_parse_error("ERROR:Unknown error running #{cmd}")
end
return boo
end
@ -167,7 +167,7 @@ protected
elsif results =~ /^Error:/
error_hash = win_parse_error(results)
else
error_hash = win_parse_error("ERROR:Unknown error running #{cmd} INSPECT: #{error_hash.inspect}")
error_hash = win_parse_error("ERROR:Unknown error running #{cmd} INSPECT: #{error_hash.inspect}")
end
return boo
end
@ -185,7 +185,7 @@ protected
elsif results =~ /^Error:/
error_hash = win_parse_error(results)
else
error_hash = win_parse_error("ERROR:Unknown error running #{cmd}")
error_hash = win_parse_error("ERROR:Unknown error running #{cmd}")
end
end
end
@ -220,7 +220,7 @@ protected
elsif results =~ /^Error:/
error_hash = win_parse_error(results)
else
error_hash = win_parse_error("ERROR:Unknown error running #{cmd}")
error_hash = win_parse_error("ERROR:Unknown error running #{cmd}")
end
end
return boo
@ -229,8 +229,8 @@ protected
def shell_registry_enumkeys(key)
key = normalize_key(key)
subkeys = []
reg_data_types = 'REG_SZ|REG_MULTI_SZ|REG_DWORD_BIG_ENDIAN|REG_DWORD|REG_BINARY|'
reg_data_types << 'REG_DWORD_LITTLE_ENDIAN|REG_NONE|REG_EXPAND_SZ|REG_LINK|REG_FULL_RESOURCE_DESCRIPTOR'
reg_data_types = 'REG_SZ|REG_MULTI_SZ|REG_DWORD_BIG_ENDIAN|REG_DWORD|REG_BINARY|'
reg_data_types << 'REG_DWORD_LITTLE_ENDIAN|REG_NONE|REG_EXPAND_SZ|REG_LINK|REG_FULL_RESOURCE_DESCRIPTOR'
begin
bslashes = key.count('\\')
cmd = "cmd.exe /c reg query \"#{key}\""
@ -249,7 +249,7 @@ protected
end
#else
# error_hash = win_parse_error("ERROR:Unrecognizable results from #{cmd}")
end
end
else
error_hash = win_parse_error("ERROR:Unknown error running #{cmd}")
end
@ -260,7 +260,7 @@ protected
def shell_registry_enumvals(key)
key = normalize_key(key)
values = []
reg_data_types = 'REG_SZ|REG_MULTI_SZ|REG_DWORD_BIG_ENDIAN|REG_DWORD|REG_BINARY|'
reg_data_types = 'REG_SZ|REG_MULTI_SZ|REG_DWORD_BIG_ENDIAN|REG_DWORD|REG_BINARY|'
reg_data_types << 'REG_DWORD_LITTLE_ENDIAN|REG_NONE|REG_EXPAND_SZ|REG_LINK|REG_FULL_RESOURCE_DESCRIPTOR'
begin
# REG QUERY KeyName [/v ValueName | /ve] [/s]
@ -368,7 +368,7 @@ protected
return true
end
end
rescue
return false
end

View File

@ -1,6 +1,6 @@
#!/usr/bin/env ruby
$:.unshift(File.join(File.dirname(__FILE__), '..','..','..','..','..', 'lib'))
$:.unshift(File.join(File.dirname(__FILE__), '..','..','..','..','..', 'lib'))
require 'msf/core/post/windows/registry'
require 'test/unit'

View File

@ -8,7 +8,7 @@ module Windows
module UserProfiles
include Msf::Post::Windows::Registry
include Msf::Post::Windows::Accounts
def grab_user_profiles
hives = load_missing_hives()
profiles = parse_profiles(hives)
@ -59,10 +59,10 @@ module UserProfiles
read_profile_list().each do |hive|
hive['OURS']=false
if hive['LOADED']== false
if session.fs.file.exists?(hive['DAT'])
hive['OURS'] = registry_loadkey(hive['HKU'], hive['DAT'])
if session.fs.file.exists?(hive['DAT'])
hive['OURS'] = registry_loadkey(hive['HKU'], hive['DAT'])
print_error("Error loading USER #{hive['SID']}: Hive could not be loaded, are you Admin?") unless hive['OURS']
else
else
print_error("Error loading USER #{hive['SID']}: Profile doesn't exist or cannot be accessed")
end
end
@ -86,7 +86,7 @@ module UserProfiles
end
return hives
end
def loaded_hives
hives=[]
registry_enumkeys('HKU').each do |k|

View File

@ -1,6 +1,6 @@
#!/usr/bin/env ruby
$:.unshift(File.join(File.dirname(__FILE__), '..','..','..','..','..', 'lib'))
$:.unshift(File.join(File.dirname(__FILE__), '..','..','..','..','..', 'lib'))
require 'msf/core/post/windows/user_profiles'
require 'test/unit'