From 8fef1479edccae0ab64a1acb25de86b39f2fa0af Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 15 Jul 2012 23:12:40 -0500 Subject: [PATCH] Trim string fields at first null --- modules/post/windows/gather/cachedump.rb | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/post/windows/gather/cachedump.rb b/modules/post/windows/gather/cachedump.rb index d71e8f1b19..77989df456 100644 --- a/modules/post/windows/gather/cachedump.rb +++ b/modules/post/windows/gather/cachedump.rb @@ -231,7 +231,7 @@ class Metasploit3 < Msf::Post hash = dec_data[i...i+0x10] i+=72 - username = dec_data[i...i+(s.userNameLength)] + username = dec_data[i...i+(s.userNameLength)].split("\x00").first i+=s.userNameLength i+=2 * ( ( s.userNameLength / 2 ) % 2 ) @@ -245,56 +245,56 @@ class Metasploit3 < Msf::Post i+=s.domainNameLength if( s.dnsDomainNameLength != 0) - dnsDomainName = dec_data[i...i+s.dnsDomainNameLength+1] + dnsDomainName = dec_data[i...i+s.dnsDomainNameLength+1].split("\x00").first i+=s.dnsDomainNameLength i+=2 * ( ( s.dnsDomainNameLength / 2 ) % 2 ) vprint_good "DNS Domain Name\t: #{dnsDomainName}" end if( s.upnLength != 0) - upn = dec_data[i...i+s.upnLength+1] + upn = dec_data[i...i+s.upnLength+1].split("\x00").first i+=s.upnLength i+=2 * ( ( s.upnLength / 2 ) % 2 ) vprint_good "UPN\t\t\t: #{upn}" end if( s.effectiveNameLength != 0 ) - effectiveName = dec_data[i...i+s.effectiveNameLength+1] + effectiveName = dec_data[i...i+s.effectiveNameLength+1].split("\x00").first i+=s.effectiveNameLength i+=2 * ( ( s.effectiveNameLength / 2 ) % 2 ) vprint_good "Effective Name\t: #{effectiveName}" end if( s.fullNameLength != 0 ) - fullName = dec_data[i...i+s.fullNameLength+1] + fullName = dec_data[i...i+s.fullNameLength+1].split("\x00").first i+=s.fullNameLength i+=2 * ( ( s.fullNameLength / 2 ) % 2 ) vprint_good "Full Name\t\t: #{fullName}" end if( s.logonScriptLength != 0 ) - logonScript = dec_data[i...i+s.logonScriptLength+1] + logonScript = dec_data[i...i+s.logonScriptLength+1].split("\x00").first i+=s.logonScriptLength i+=2 * ( ( s.logonScriptLength / 2 ) % 2 ) vprint_good "Logon Script\t\t: #{logonScript}" end if( s.profilePathLength != 0 ) - profilePath = dec_data[i...i+s.profilePathLength+1] + profilePath = dec_data[i...i+s.profilePathLength+1].split("\x00").first i+=s.profilePathLength i+=2 * ( ( s.profilePathLength / 2 ) % 2 ) vprint_good "Profile Path\t\t: #{profilePath}" end if( s.homeDirectoryLength != 0 ) - homeDirectory = dec_data[i...i+s.homeDirectoryLength+1] + homeDirectory = dec_data[i...i+s.homeDirectoryLength+1].split("\x00").first i+=s.homeDirectoryLength i+=2 * ( ( s.homeDirectoryLength / 2 ) % 2 ) vprint_good "Home Directory\t\t: #{homeDirectory}" end if( s.homeDirectoryDriveLength != 0 ) - homeDirectoryDrive = dec_data[i...i+s.homeDirectoryDriveLength+1] + homeDirectoryDrive = dec_data[i...i+s.homeDirectoryDriveLength+1].split("\x00").first i+=s.homeDirectoryDriveLength i+=2 * ( ( s.homeDirectoryDriveLength / 2 ) % 2 ) vprint_good "Home Directory Drive\t: #{homeDirectoryDrive}" @@ -316,7 +316,7 @@ class Metasploit3 < Msf::Post vprint_good "Additional groups\t: #{relativeId.join ' '}" if( s.logonDomainNameLength != 0 ) - logonDomainName = dec_data[i...i+s.logonDomainNameLength+1] + logonDomainName = dec_data[i...i+s.logonDomainNameLength+1].split("\x00").first i+=s.logonDomainNameLength i+=2 * ( ( s.logonDomainNameLength / 2 ) % 2 ) vprint_good "Logon domain name\t: #{logonDomainName}"