[FixRM rapid7#8525] undefined method `+' for nil:NilClass in enum_ie

wchen-r7 · wchen-r7 · commit 1d0a3aad701c · 2013-10-25T00:26:38.000-05:00
Looks like for some reason if CryptUnprotectData fails, the decrypt_reg()
method will return "". And when you unpack "", you produce an array of nils.
Since you cannot add something to nil, this should cause an
"undefined method `+' for nil:NilClass" error.

This will check if we get an array of nils, we jump to the next iteration.
diff --git a/modules/post/windows/gather/enum_ie.rb b/modules/post/windows/gather/enum_ie.rb
@@ -321,6 +321,12 @@ def run
           dec = decrypt_reg(url, data)
           #decode data and add to creds array
           header = dec.unpack("VVVVVV")
+
+          # If CryptUnprotectData fails, decrypt_reg() will return "", and unpack() will end up
+          # returning an array of nils. If this happens, we can cause an "undefined method
+          # `+' for NilClass." when we try to calculate the offset, and this causes the module to die.
+          next if header == [nil, nil, nil, nil, nil, nil]
+
           offset = header[0] + header[1] #offset to start of data
           cnt = header[5]/2 # of username/password combinations
           secrets = dec[offset,dec.length-(offset + 1)].split("\x00\x00")
