diff --git a/lib/msf/core/post/windows/accounts.rb b/lib/msf/core/post/windows/accounts.rb index 40e6c71cc9..672e656b7c 100644 --- a/lib/msf/core/post/windows/accounts.rb +++ b/lib/msf/core/post/windows/accounts.rb @@ -1,7 +1,7 @@ module Msf class Post module Windows - + module Accounts ## @@ -23,39 +23,39 @@ module Accounts # :access_denied - You do not have permission to delete the given user # # OR nil if there was an exceptional windows error (example: ran out of memory) - # + # # Caveats: # nil is returned if there is an *exceptional* windows error. That error is printed. # Everything other than ':success' signifies failure ## def delete_user(username, server_name = nil) - deletion = client.railgun.netapi32.NetUserDel(server_name, username) + deletion = client.railgun.netapi32.NetUserDel(server_name, username) #http://msdn.microsoft.com/en-us/library/aa370674.aspx case deletion['return'] when 2221 # NERR_UserNotFound return :user_not_found - when 2351 # NERR_InvalidComputer - return :invalid_server + when 2351 # NERR_InvalidComputer + return :invalid_server when 2226 # NERR_NotPrimary return :not_on_primary when client.railgun.const('ERROR_ACCESS_DENIED') return :access_denied - when 0 - return :success + when 0 + return :success else error = deletion['GetLastError'] - if error != 0 + if error != 0 print_error "Unexpected Windows System Error #{error}" else # Uh... we shouldn't be here print_error "DeleteUser unexpectedly returned #{deletion['return']}" end end - + # If we got here, then something above failed return nil - end + end ## @@ -71,7 +71,7 @@ module Accounts # Returns: # { # :name => account name (e.g. "SYSTEM") - # :domain => domain where the account name was found. May have values such as + # :domain => domain where the account name was found. May have values such as # the work station's name, BUILTIN, NT AUTHORITY, or an empty string # :type => one of :user, :group, :domain, :alias, :well_known_group, # :deleted_account, :invalid, :unknown, :computer @@ -106,9 +106,9 @@ module Accounts end end - # A reference to the SID data structure. Generally needed when working with sids + # A reference to the SID data structure. Generally needed when working with sids psid = conversion['pSid'] - + # http://msdn.microsoft.com/en-us/library/aa379166(v=vs.85).aspx # TODO: The buffer sizes here need to be reviewed/adjusted/optimized lookup = adv.LookupAccountSidA(system_name, psid, 100, 100, 100, 100, 1) @@ -144,7 +144,7 @@ module Accounts :mapped => true } end - + private ## diff --git a/lib/msf/core/post/windows/priv.rb b/lib/msf/core/post/windows/priv.rb index 1370f9beb6..29e92918d5 100644 --- a/lib/msf/core/post/windows/priv.rb +++ b/lib/msf/core/post/windows/priv.rb @@ -24,7 +24,7 @@ module Priv else return true end - end + end end # @@ -76,7 +76,7 @@ module Priv end return uac end - + def session_has_ext begin return !!(session.railgun and session.sys.config) diff --git a/lib/msf/core/post/windows/registry.rb b/lib/msf/core/post/windows/registry.rb index 9ad276a917..d360e1e92d 100644 --- a/lib/msf/core/post/windows/registry.rb +++ b/lib/msf/core/post/windows/registry.rb @@ -15,7 +15,7 @@ module Registry retval=meterpreter_registry_loadkey(key,file) else retval=shell_registry_loadkey(key,file) - end + end return retval end @@ -24,7 +24,7 @@ module Registry retval=meterpreter_registry_unloadkey(key) else retval=shell_registry_unloadkey(key) - end + end return retval end @@ -152,7 +152,7 @@ protected elsif results =~ /^Error:/ error_hash = win_parse_error(results) else - error_hash = win_parse_error("ERROR:Unknown error running #{cmd}") + error_hash = win_parse_error("ERROR:Unknown error running #{cmd}") end return boo end @@ -167,7 +167,7 @@ protected elsif results =~ /^Error:/ error_hash = win_parse_error(results) else - error_hash = win_parse_error("ERROR:Unknown error running #{cmd} INSPECT: #{error_hash.inspect}") + error_hash = win_parse_error("ERROR:Unknown error running #{cmd} INSPECT: #{error_hash.inspect}") end return boo end @@ -185,7 +185,7 @@ protected elsif results =~ /^Error:/ error_hash = win_parse_error(results) else - error_hash = win_parse_error("ERROR:Unknown error running #{cmd}") + error_hash = win_parse_error("ERROR:Unknown error running #{cmd}") end end end @@ -220,7 +220,7 @@ protected elsif results =~ /^Error:/ error_hash = win_parse_error(results) else - error_hash = win_parse_error("ERROR:Unknown error running #{cmd}") + error_hash = win_parse_error("ERROR:Unknown error running #{cmd}") end end return boo @@ -229,8 +229,8 @@ protected def shell_registry_enumkeys(key) key = normalize_key(key) subkeys = [] - reg_data_types = 'REG_SZ|REG_MULTI_SZ|REG_DWORD_BIG_ENDIAN|REG_DWORD|REG_BINARY|' - reg_data_types << 'REG_DWORD_LITTLE_ENDIAN|REG_NONE|REG_EXPAND_SZ|REG_LINK|REG_FULL_RESOURCE_DESCRIPTOR' + reg_data_types = 'REG_SZ|REG_MULTI_SZ|REG_DWORD_BIG_ENDIAN|REG_DWORD|REG_BINARY|' + reg_data_types << 'REG_DWORD_LITTLE_ENDIAN|REG_NONE|REG_EXPAND_SZ|REG_LINK|REG_FULL_RESOURCE_DESCRIPTOR' begin bslashes = key.count('\\') cmd = "cmd.exe /c reg query \"#{key}\"" @@ -249,7 +249,7 @@ protected end #else # error_hash = win_parse_error("ERROR:Unrecognizable results from #{cmd}") - end + end else error_hash = win_parse_error("ERROR:Unknown error running #{cmd}") end @@ -260,7 +260,7 @@ protected def shell_registry_enumvals(key) key = normalize_key(key) values = [] - reg_data_types = 'REG_SZ|REG_MULTI_SZ|REG_DWORD_BIG_ENDIAN|REG_DWORD|REG_BINARY|' + reg_data_types = 'REG_SZ|REG_MULTI_SZ|REG_DWORD_BIG_ENDIAN|REG_DWORD|REG_BINARY|' reg_data_types << 'REG_DWORD_LITTLE_ENDIAN|REG_NONE|REG_EXPAND_SZ|REG_LINK|REG_FULL_RESOURCE_DESCRIPTOR' begin # REG QUERY KeyName [/v ValueName | /ve] [/s] @@ -368,7 +368,7 @@ protected return true end end - + rescue return false end diff --git a/lib/msf/core/post/windows/registry.rb.ut.rb b/lib/msf/core/post/windows/registry.rb.ut.rb index 0ae5875bd3..55395ff084 100644 --- a/lib/msf/core/post/windows/registry.rb.ut.rb +++ b/lib/msf/core/post/windows/registry.rb.ut.rb @@ -1,6 +1,6 @@ #!/usr/bin/env ruby -$:.unshift(File.join(File.dirname(__FILE__), '..','..','..','..','..', 'lib')) +$:.unshift(File.join(File.dirname(__FILE__), '..','..','..','..','..', 'lib')) require 'msf/core/post/windows/registry' require 'test/unit' diff --git a/lib/msf/core/post/windows/user_profiles.rb b/lib/msf/core/post/windows/user_profiles.rb index d9f3716064..0003fab29c 100644 --- a/lib/msf/core/post/windows/user_profiles.rb +++ b/lib/msf/core/post/windows/user_profiles.rb @@ -8,7 +8,7 @@ module Windows module UserProfiles include Msf::Post::Windows::Registry include Msf::Post::Windows::Accounts - + def grab_user_profiles hives = load_missing_hives() profiles = parse_profiles(hives) @@ -59,10 +59,10 @@ module UserProfiles read_profile_list().each do |hive| hive['OURS']=false if hive['LOADED']== false - if session.fs.file.exists?(hive['DAT']) - hive['OURS'] = registry_loadkey(hive['HKU'], hive['DAT']) + if session.fs.file.exists?(hive['DAT']) + hive['OURS'] = registry_loadkey(hive['HKU'], hive['DAT']) print_error("Error loading USER #{hive['SID']}: Hive could not be loaded, are you Admin?") unless hive['OURS'] - else + else print_error("Error loading USER #{hive['SID']}: Profile doesn't exist or cannot be accessed") end end @@ -86,7 +86,7 @@ module UserProfiles end return hives end - + def loaded_hives hives=[] registry_enumkeys('HKU').each do |k| diff --git a/lib/msf/core/post/windows/user_profiles.rb.ut.rb b/lib/msf/core/post/windows/user_profiles.rb.ut.rb index 67b5ae523c..c6d7c2a776 100644 --- a/lib/msf/core/post/windows/user_profiles.rb.ut.rb +++ b/lib/msf/core/post/windows/user_profiles.rb.ut.rb @@ -1,6 +1,6 @@ #!/usr/bin/env ruby -$:.unshift(File.join(File.dirname(__FILE__), '..','..','..','..','..', 'lib')) +$:.unshift(File.join(File.dirname(__FILE__), '..','..','..','..','..', 'lib')) require 'msf/core/post/windows/user_profiles' require 'test/unit'