From b0bad9fc857070d1908ad0d4ecdc5d88962c2cc2 Mon Sep 17 00:00:00 2001 From: Grant Willcox Date: Wed, 30 Sep 2020 12:26:32 -0500 Subject: [PATCH] Fix up small issue with one of the checks and update the documentation with the new SESSION_PATH option --- .../modules/post/windows/gather/credentials/securecrt.md | 9 +++++++++ modules/post/windows/gather/credentials/securecrt.rb | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/documentation/modules/post/windows/gather/credentials/securecrt.md b/documentation/modules/post/windows/gather/credentials/securecrt.md index d495ded1de..91007a5cfa 100644 --- a/documentation/modules/post/windows/gather/credentials/securecrt.md +++ b/documentation/modules/post/windows/gather/credentials/securecrt.md @@ -60,6 +60,15 @@ The configuration password that was set when SecureCRT was installed, if one was Note that if this value is not supplied and SecureCRT was set up to use a configuration password, it will not be possible to decrypt the encrypted SecureCRT passwords that are retrieved. +### SESSION_PATH +The path to the SecureCRT session directory on the target's computer. By default this is normally +stored at `C:\\Users\\*current user name*\\AppData\\Roaming\\VanDyke\\Config\\Sessions` if SecureCRT +is installed on the system, however SecureCRT also has a portable version that stores the session information +in a local folder along with the SecureCRT binary itself, allowing users to easily transfer their session +information between machines. In this case, users can set the `SESSION_PATH` option to the location +of the session directory within the portable folder to allow them to obtain SecureCRT session +information even if a portable version of SecureCRT is utilized on the target. + ## Scenarios ### Windows Server 2019 Standard Edition with SecureCRT v8.7.3 Build 2279 (Configuration Password Enabled) diff --git a/modules/post/windows/gather/credentials/securecrt.rb b/modules/post/windows/gather/credentials/securecrt.rb index ba9980af03..25584aef66 100644 --- a/modules/post/windows/gather/credentials/securecrt.rb +++ b/modules/post/windows/gather/credentials/securecrt.rb @@ -176,7 +176,7 @@ class MetasploitModule < Msf::Post parent_key = 'HKEY_CURRENT_USER\\Software\\VanDyke\\SecureCRT' # get session file path root_path = registry_getvaldata(parent_key, 'Config Path') - securecrt_path = expand_path(root_path + session.fs.file.separator + 'Sessions') if !root_path.nil? + securecrt_path = expand_path(root_path + session.fs.file.separator + 'Sessions') if !root_path.to_s.empty? else securecrt_path = expand_path(datastore['SESSION_PATH']) end