Path: blob/master/modules/auxiliary/parser/unattend.rb
19758 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary67def initialize(info = {})8super(9update_info(10info,11'Name' => 'Auxiliary Parser Windows Unattend Passwords',12'Description' => %q{13This module parses Windows answer files (Unattend files) in the target directory.1415See also: post/windows/gather/enum_unattend16},17'License' => MSF_LICENSE,18'Author' => [19'Ben Campbell',20],21'References' => [22['URL', 'https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/ff715801(v=win.10)'],23['URL', 'https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-vista/cc749415(v=ws.10)'],24['URL', 'https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732280(v=ws.10)'],25['URL', 'https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/update-windows-settings-and-scripts-create-your-own-answer-file-sxs?view=windows-11'],26],27'Notes' => {28'Stability' => [CRASH_SAFE],29'SideEffects' => [],30'Reliability' => []31}32)33)3435register_options([36OptPath.new('PATH', [true, 'Directory or file to parse.']),37OptBool.new('RECURSIVE', [true, 'Recursively check for files', false]),38])39end4041def run42if datastore['RECURSIVE']43ext = '**/*.xml'44else45ext = '/*.xml'46end4748if datastore['PATH'].ends_with?('.xml')49filepath = datastore['PATH']50else51filepath = File.join(datastore['PATH'], ext)52end5354Dir.glob(filepath) do |item|55print_status "Processing #{item}"56file = File.read(item)57begin58xml = REXML::Document.new(file)59rescue REXML::ParseException => e60print_error("#{item} invalid xml format.")61vprint_line(e.message)62next63end6465results = Rex::Parser::Unattend.parse(xml)66table = Rex::Parser::Unattend.create_table(results)67print_line table.to_s unless table.nil?68print_line69end70end71end727374