infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixing Bug w/ XP Method & Improving formatting for smart_hashdump 

1.) Addressed obvious bug in registry read for XP hint gathering code
2.) Cleaned up the formatting for smart_hashdump which needed
additional tabs
unstable
Jonathan Claudius 2012-08-21 07:56:52 -05:00
parent a3bad0b3ae
commit c5623cae4c
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/post/windows/gather/hashdump.rb
View File

@ -201,7 +201,7 @@ class Metasploit3 < Msf::Post
#Attempt to get Hints (from WinXP Location) only if it's not set yet #Attempt to get Hints (from WinXP Location) only if it's not set yet
if users[rid][:UserPasswordHint].nil? if users[rid][:UserPasswordHint].nil?
begin begin
uk_hint = @client.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Hints\\#{usr}", KEY_READ) uk_hint = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Hints\\#{usr}", KEY_READ)
users[rid][:UserPasswordHint] = uk_hint.query_value("").data users[rid][:UserPasswordHint] = uk_hint.query_value("").data
rescue ::Rex::Post::Meterpreter::RequestError rescue ::Rex::Post::Meterpreter::RequestError
users[rid][:UserPasswordHint] = nil users[rid][:UserPasswordHint] = nil

6
modules/post/windows/gather/smart_hashdump.rb
View File

@ -163,7 +163,7 @@ class Metasploit3 < Msf::Post
#Attempt to get Hints (from WinXP Location) only if it's not set yet #Attempt to get Hints (from WinXP Location) only if it's not set yet
if users[rid][:UserPasswordHint].nil? if users[rid][:UserPasswordHint].nil?
begin begin
uk_hint = @client.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Hints\\#{usr}", KEY_READ) uk_hint = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Hints\\#{usr}", KEY_READ)
users[rid][:UserPasswordHint] = uk_hint.query_value("").data users[rid][:UserPasswordHint] = uk_hint.query_value("").data
rescue ::Rex::Post::Meterpreter::RequestError rescue ::Rex::Post::Meterpreter::RequestError
users[rid][:UserPasswordHint] = nil users[rid][:UserPasswordHint] = nil
@ -307,11 +307,11 @@ class Metasploit3 < Msf::Post
users.keys.sort{|a,b| a<=>b}.each do |rid| users.keys.sort{|a,b| a<=>b}.each do |rid|
#If we have a hint then print it #If we have a hint then print it
if !users[rid][:UserPasswordHint].nil? && users[rid][:UserPasswordHint].length > 0 if !users[rid][:UserPasswordHint].nil? && users[rid][:UserPasswordHint].length > 0
print_good("#{users[rid][:Name]}:\"#{users[rid][:UserPasswordHint]}\"") print_good("\t#{users[rid][:Name]}:\"#{users[rid][:UserPasswordHint]}\"")
hint_count += 1 hint_count += 1
end end
end end
print_good("No users with password hints on this system") if hint_count == 0 print_good("\tNo users with password hints on this system") if hint_count == 0
print_status("\tDumping password hashes...") print_status("\tDumping password hashes...")
users.keys.sort{|a,b| a<=>b}.each do |rid| users.keys.sort{|a,b| a<=>b}.each do |rid|