better handling of hosts with no USB History

git-svn-id: file:///home/svn/framework3/trunk@14153 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-03 22:59:39 +00:00 · 2011-11-03 22:59:39 +00:00 · f23389390b
parent 86a7807b97
commit f23389390b
1 changed files with 36 additions and 35 deletions
--- a/modules/post/windows/gather/usb_history.rb
+++ b/modules/post/windows/gather/usb_history.rb
@ -51,49 +51,50 @@ class Metasploit3 < Msf::Post
 		usb_drive_classes = enum_subkeys('HKLM\\SYSTEM\\CurrentControlSet\\Enum\\USBSTOR')
 		usb_uids_to_info = {}
-		usb_drive_uids = []
+		if not usb_drive_classes.nil?
-
+			usb_drive_classes.each do |x|
-		usb_drive_classes.each do |x|
+				enum_subkeys(x).each do |y|
-			enum_subkeys(x).each do |y|
+					begin
-				begin
+						vals = enum_values(y)
-					vals = enum_values(y)
+						# enumerate each USB device used on the system
-					# enumerate each USB device used on the system
+						usb_uids_to_info.store(x.match(/HKLM\\SYSTEM\\CurrentControlSet\\Enum\\USBSTOR\\(.*)$/)[1], vals)
-					usb_uids_to_info.store(x.match(/HKLM\\SYSTEM\\CurrentControlSet\\Enum\\USBSTOR\\(.*)$/)[1], vals)
+					rescue
-				rescue
+					end
 				end
 			end
 		end
-		usb_uids_to_info.each do |u, v|
+			usb_uids_to_info.each do |u, v|
-			guid = '##?#USBSTOR#' << u << '#' << '{53f56307-b6bf-11d0-94f2-00a0c91efb8b}'
+				guid = '##?#USBSTOR#' << u << '#' << '{53f56307-b6bf-11d0-94f2-00a0c91efb8b}'
-			out = "#{v['FriendlyName']}\n" << "="*85 << "\n"
+				out = "#{v['FriendlyName']}\n" << "="*85 << "\n"
-			if isadmin
+				if isadmin
-				mace = registry_getkeylastwritetime('HKLM\\SYSTEM\\CurrentControlSet\\Control\\DeviceClasses\\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\\' << guid)
+					mace = registry_getkeylastwritetime('HKLM\\SYSTEM\\CurrentControlSet\\Control\\DeviceClasses\\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\\' << guid)
-				if mace
+					if mace
-					keytime = ::Time.at(mace)
+						keytime = ::Time.at(mace)
-				else
+					else
-					keytime = "Unknown"
+						keytime = "Unknown"
 					end
 					out << sprintf("%25s\t%50s\n", "Disk lpftLastWriteTime", keytime)
 				end
 				if( not v.key?('ParentIdPrefix') )
 					print_status(info_hash_to_str(out, v))
 					next
 				end
 				guid =	'##?#STORAGE#RemoveableMedia#' << v['ParentIdPrefix'] << '&RM#' << '{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
 				if isadmin
 					mace = registry_getkeylastwritetime('HKLM\\SYSTEM\\CurrentControlSet\\Control\\DeviceClasses\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\' << guid)
 					if mace
 						keytime = ::Time.at(mace)
 					else
 						keytime = "Unknown"
 					end
 					out << sprintf("%25s\t%50s\n", "Volume lpftLastWriteTime", keytime)
 				end
 				out << sprintf("%25s\t%50s\n", "Disk lpftLastWriteTime", keytime)
 			end
 			if( not v.key?('ParentIdPrefix') )
 				print_status(info_hash_to_str(out, v))
 				next
 			end
-			guid =	'##?#STORAGE#RemoveableMedia#' << v['ParentIdPrefix'] << '&RM#' << '{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
+		else
-			if isadmin
+			print_error("No USB devices appear to have been connected to theis host.")
 				mace = registry_getkeylastwritetime('HKLM\\SYSTEM\\CurrentControlSet\\Control\\DeviceClasses\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\' << guid)
 				if mace
 					keytime = ::Time.at(mace)
 				else
 					keytime = "Unknown"
 				end
 				out << sprintf("%25s\t%50s\n", "Volume lpftLastWriteTime", keytime)
 			end
 			print_status(info_hash_to_str(out, v))
 		end
 	end
 	#-------------------------------------------------------------------------------