Used msf library for digest, fixed name.

2012-01-12 12:49:50 -05:00 · 2012-01-12 12:49:50 -05:00 · cb146f9021
parent 8d19bca2a9
commit cb146f9021
1 changed files with 10 additions and 21 deletions
--- a/modules/post/windows/gather/enum_artifacts.rb
+++ b/modules/post/windows/gather/enum_artifacts.rb
@ -10,18 +10,20 @@
 ##

 require 'digest/md5'
-require 'msf/core'
 require 'rex'
+require 'msf/core'
+require 'msf/core/post/file'
 require 'msf/core/post/windows/registry'

 class Metasploit3 < Msf::Post

 	include Msf::Auxiliary::Report
+	include Msf::Post::File
 	include Msf::Post::Windows::Registry
 	
 	def initialize(info={})
 		super( update_info( info,
-			'Name'          => 'Check a machine for the presence of a list of artifacts (ie registry entries and files).',
+			'Name'          => 'Windows File and Registry Artifacts Enumeration',
 			'Description'   => %q{ This module will check the file system and registry for particular artifacts. The 
 								   list of artifacts is read from data/post/artifacts or a user specified file. Any
 								   matches are written to the loot. },
@ -61,34 +63,21 @@ class Metasploit3 < Msf::Post
 				if line =~ /^reg/
 					type, reg_key, val, data = line.split("|")
 					reg_data = registry_getvaldata(reg_key, val)
-			        if reg_data.to_s == data
-			            found << "Matching registry entry: #{reg_key}\\#{val}"
-			        end
+				        if reg_data.to_s == data
+						found << "Matching registry entry: #{reg_key}\\#{val}"
+					end
 				end
 				
 				if line =~ /^file/
-					digest = Digest::MD5.new
 					type, file, hash = line.split("|")
-			        fd = session.fs.file.new(file, "rb")
-
-			        # Load file into digest object
-			        until fd.eof?
-				        digest << fd.read
-			        end
-
-			        # Finished loading the file, close fd
-			        fd.close
-
-			        if digest.hexdigest == hash then found << "Matching file entry: #{file}" end
-
-			    end
-			    
+					digest = file_remote_digestmd5(file)
+					if digest == hash then found << "Matching file entry: #{file}" end
+				end
 			end

 			print_status("Artifacts file processed successfully.")
 		else
 			print_error("Artifacts file does not exist!")
-			return [], []
 		end

 		if found.length > 0