CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/rex/parser/dbeaver.rb
Views: 11779
1
module Rex

2
  module Parser

3
    # @author Kali-Team

4
    module Dbeaver

5


6
      module Error

7
        class DbeaverError < StandardError

8
        end

9


10
        class ParserError < DbeaverError

11
        end

12


13
        class DecryptionError < ParserError

14
        end

15
      end

16


17
      SECRET_KEY = 'sdf@!#$verf^wv%6Fwe%$$#FFGwfsdefwfe135s$^H)dg'.freeze

18
      AES_KEY = "\xBA\xBBJ\x9FwJ\xB8S\xC9l-e=\xFETJ".freeze

19
      # decrypt_dbeaver_credentials

20
      #

21
      # @param credentials_config_data [String]

22
      # @return [String] plaintext

23
      def decrypt_dbeaver_credentials(credentials_config_data)

24
        aes = OpenSSL::Cipher.new('AES-128-CBC')

25
        begin

26
          aes.decrypt

27
          aes.key = AES_KEY

28
          plaintext = aes.update(credentials_config_data)

29
          plaintext << aes.final

30
        rescue OpenSSL::Cipher::CipherError => e

31
          raise Error::DecryptionError, 'Unable to decrypt dbeaver credentials'

32
        end

33
        return plaintext[plaintext.index('{"')..]

34
      end

35


36
      # parse_credentials

37
      #

38
      # @param credentials_config_data [String]

39
      # @return [Hash] result_hashmap

40
      def parse_credentials(credentials_config_data)

41
        decrypt_data = decrypt_dbeaver_credentials(credentials_config_data)

42
        result_hashmap = Hash.new

43
        begin

44
          result_hashmap = JSON.parse(decrypt_data)

45
        rescue ::JSON::ParserError => e

46
          raise Error::ParserError, "[parse_credentials] #{e.class} - #{e}"

47
        end

48
        return result_hashmap

49
      end

50


51
      # parse_data_sources

52
      #

53
      # @param data_sources_data [String]

54
      # @param credentials_config_data [String]

55
      # @return [Hash] result_hashmap

56
      def parse_data_sources(data_sources_data, credentials_config_data)

57
        credentials = parse_credentials(credentials_config_data)

58
        result_hashmap = Hash.new

59
        if credentials.empty?

60
          return result_hashmap

61
        end

62


63
        begin

64
          data_sources = JSON.parse(data_sources_data)

65
          connections = data_sources['connections']

66
          if connections.nil? || connections.empty?

67
            return result_hashmap

68
          end

69


70
          connections.each do |data_source_id, item|

71
            next if item['configuration'].nil?

72


73
            result_hashmap[data_source_id] = Hash[

74
              'name' => item['name'] || '',

75
              'provider' => item['provider'] || '',

76
              'host' => item['configuration']['host'] || '',

77
              'port' => item['configuration']['port'] || '',

78
              'user' => credentials.key?(data_source_id) ? credentials[data_source_id]['#connection']['user'] : '',

79
              'password' => credentials.key?(data_source_id) ? credentials[data_source_id]['#connection']['password'] : '',

80
              'database' => item['configuration']['database'] || '',

81
              'url' => item['configuration']['url'] || '',

82
              'type' => item['configuration']['type'] || ''

83
          ]

84
          end

85
        rescue ::JSON::ParserError => e

86
          raise Error::ParserError, "[parse_data_sources] #{e.class} - #{e}"

87
        end

88
        return result_hashmap

89
      end

90


91
      # decrypt_dbeaver_6_1_3

92
      #

93
      # @param base64_string [String]

94
      # @return [String]

95
      def decrypt_dbeaver_6_1_3(base64_string)

96
        plaintext = ''

97
        if base64_string.nil?

98
          return plaintext

99
        end

100


101
        data = Rex::Text.decode_base64(base64_string)

102
        for i in 0..data.length - 3

103
          xor_data = Rex::Text.xor(data[i], SECRET_KEY[i % SECRET_KEY.length])

104
          plaintext += xor_data

105
        end

106
        return plaintext

107
      end

108


109
      # parse_data_sources_xml

110
      #

111
      # @param data_sources_data [String]

112
      # @return [Hash] result_hashmap

113
      def parse_data_sources_xml(data_sources_data)

114
        mxml = REXML::Document.new(data_sources_data).root

115
        unless mxml

116
          raise Error::ParserError, '[parse_data_sources_xml] XML parsing error'

117
        end

118
        result_hashmap = Hash.new

119
        mxml.elements.to_a('//data-sources//data-source//connection//').each do |node|

120
          next unless node.name == 'connection'

121


122
          data_source_id = node.parent.attributes['id']

123
          result_hashmap[data_source_id] = Hash[

124
            'name' => node.parent.attributes['name'] || '',

125
            'provider' => node.parent.attributes['provider'] || '',

126
            'host' => node.attributes['host'] || '',

127
            'port' => node.attributes['port'] || '',

128
            'user' => node.attributes['user'] || '',

129
            'password' => decrypt_dbeaver_6_1_3(node.attributes['password']),

130
            'database' => node.attributes['database'] || '',

131
            'url' => node.attributes['url'] || '',

132
            'type' => node.attributes['type'] || ''

133
        ]

134
        end

135
        return result_hashmap

136
      end

137


138
    end

139
  end

140
end

141


142