From 1ba33ff7f86912f667edee08a1c723c9af7aaa7e Mon Sep 17 00:00:00 2001 From: Vincent Yiu Date: Sun, 12 Jun 2016 13:00:44 +0100 Subject: [PATCH] Fixed MSFTidy Fixed MSFTidy stuff --- .../windows/gather/enum_trusted_locations.rb | 78 +++++++++---------- 1 file changed, 38 insertions(+), 40 deletions(-) diff --git a/modules/post/windows/gather/enum_trusted_locations.rb b/modules/post/windows/gather/enum_trusted_locations.rb index 414d47b30f..8cedf20021 100644 --- a/modules/post/windows/gather/enum_trusted_locations.rb +++ b/modules/post/windows/gather/enum_trusted_locations.rb @@ -36,49 +36,47 @@ class MetasploitModule < Msf::Post if reg_keys.nil? print_status('Failed to enumerate Office.') else - print_status('') + print_status('') print_status('Found Office:') #find version to use reg_keys.each do |path| - if not /[0-9][0-9].0/.match(path).nil? - val1 = path - print_status("Version found: #{val1}") - reg_keys2 = registry_enumkeys("HKCU\\SOFTWARE\\Microsoft\\Office\\#{val1}", reg_view) - if reg_keys2.nil? - print_status('Failed to enumerate applications.') - else - print_status('Found applications.') - #find version to use - reg_keys2.each do |path2| - val2 = path2 - reg_keys3 = registry_enumkeys("HKCU\\SOFTWARE\\Microsoft\\Office\\#{val1}\\#{val2}\\Security\\Trusted Locations", reg_view) - if not reg_keys3.nil? - print_status('Found trusted locations.') - - #find version to use - reg_keys3.each do |path3| - val3 = path3 - #print_status(path3) - print_status('') - reg_vals = registry_getvaldata("HKCU\\SOFTWARE\\Microsoft\\Office\\#{val1}\\#{val2}\\Security\\Trusted Locations\\#{val3}", "Description", reg_view) - if not reg_vals.nil? - print_status("Description: #{reg_vals}") - end - reg_vals2 = registry_getvaldata("HKCU\\SOFTWARE\\Microsoft\\Office\\#{val1}\\#{val2}\\Security\\Trusted Locations\\#{val3}", "AllowSubFolders", reg_view) - - reg_vals = registry_getvaldata("HKCU\\SOFTWARE\\Microsoft\\Office\\#{val1}\\#{val2}\\Security\\Trusted Locations\\#{val3}", "Path", reg_view) - if not reg_vals.nil? - if not reg_vals2.nil? - print_status("Path: #{reg_vals}, AllowSub: True") - else - print_status("Path: #{reg_vals}, AllowSub: False") - end - end - end - end - end - end - end + if not /[0-9][0-9].0/.match(path).nil? + val1 = path + print_status("Version found: #{val1}") + reg_keys2 = registry_enumkeys("HKCU\\SOFTWARE\\Microsoft\\Office\\#{val1}", reg_view) + if reg_keys2.nil? + print_status('Failed to enumerate applications.') + else + print_status('Found applications.') + #find version to use + reg_keys2.each do |path2| + val2 = path2 + reg_keys3 = registry_enumkeys("HKCU\\SOFTWARE\\Microsoft\\Office\\#{val1}\\#{val2}\\Security\\Trusted Locations", reg_view) + if not reg_keys3.nil? + print_status('Found trusted locations.') + #find version to use + reg_keys3.each do |path3| + val3 = path3 + #print_status(path3) + print_status('') + reg_vals = registry_getvaldata("HKCU\\SOFTWARE\\Microsoft\\Office\\#{val1}\\#{val2}\\Security\\Trusted Locations\\#{val3}", "Description", reg_view) + if not reg_vals.nil? + print_status("Description: #{reg_vals}") + end + reg_vals2 = registry_getvaldata("HKCU\\SOFTWARE\\Microsoft\\Office\\#{val1}\\#{val2}\\Security\\Trusted Locations\\#{val3}", "AllowSubFolders", reg_view) + reg_vals = registry_getvaldata("HKCU\\SOFTWARE\\Microsoft\\Office\\#{val1}\\#{val2}\\Security\\Trusted Locations\\#{val3}", "Path", reg_view) + if not reg_vals.nil? + if not reg_vals2.nil? + print_status("Path: #{reg_vals}, AllowSub: True") + else + print_status("Path: #{reg_vals}, AllowSub: False") + end + end + end + end + end + end + end end path = store_loot('host.trusted_locations', 'text/plain', session, reg_keys.join("\r\n"), 'trusted_locations.txt', 'Trusted Locations') print_good("Results stored in: #{path}")