File windows_secrets_dump.rb
has 1041 lines of code (exceeds 250 allowed). Consider refactoring. Open
require 'ruby_smb/dcerpc/client'
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::SMB::Client::Authenticated
include Msf::Exploit::Remote::DCERPC
Method run
has a Cognitive Complexity of 108 (exceeds 5 allowed). Consider refactoring. Open
def run
unless db
print_warning('Cannot find any active database. Extracted data will only be displayed here and NOT stored.')
end
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method dump_ntds_hashes
has a Cognitive Complexity of 94 (exceeds 5 allowed). Consider refactoring. Open
def dump_ntds_hashes
_machine_name, domain_name, dns_domain_name = get_machine_name_and_domain_info
return unless domain_name
print_status('Dumping Domain Credentials (domain\\uid:rid:lmhash:nthash)')
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method dump_ntds_hashes
has 162 lines of code (exceeds 25 allowed). Consider refactoring. Open
def dump_ntds_hashes
_machine_name, domain_name, dns_domain_name = get_machine_name_and_domain_info
return unless domain_name
print_status('Dumping Domain Credentials (domain\\uid:rid:lmhash:nthash)')
Method run
has 155 lines of code (exceeds 25 allowed). Consider refactoring. Open
def run
unless db
print_warning('Cannot find any active database. Extracted data will only be displayed here and NOT stored.')
end
Method print_secret
has a Cognitive Complexity of 30 (exceeds 5 allowed). Consider refactoring. Open
def print_secret(name, secret_item)
if secret_item.nil? || secret_item.empty?
vprint_status("Discarding secret #{name}, NULL Data")
return
end
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Class MetasploitModule
has 32 methods (exceeds 20 allowed). Consider refactoring. Open
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::SMB::Client::Authenticated
include Msf::Exploit::Remote::DCERPC
include Msf::Auxiliary::Report
include Msf::Util::WindowsRegistry
Method parse_user_record
has 82 lines of code (exceeds 25 allowed). Consider refactoring. Open
def parse_user_record(dcerpc_client, user_record)
vprint_status("Decrypting hash for user: #{user_record.pmsg_out.msg_getchg.p_nc.string_name.to_ary[0..].join.encode('utf-8')}")
entinf_struct = user_record.pmsg_out.msg_getchg.p_objects.entinf
rid = entinf_struct.p_name.sid[-4..].unpack('L<').first
Method print_secret
has 74 lines of code (exceeds 25 allowed). Consider refactoring. Open
def print_secret(name, secret_item)
if secret_item.nil? || secret_item.empty?
vprint_status("Discarding secret #{name}, NULL Data")
return
end
Method dump_cached_hashes
has a Cognitive Complexity of 21 (exceeds 5 allowed). Consider refactoring. Open
def dump_cached_hashes(reg_parser, nlkm_key)
print_status('Dumping cached hashes')
cache_infos = reg_parser.cached_infos(nlkm_key)
if cache_infos.nil? || cache_infos.empty?
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method connect_drs
has a Cognitive Complexity of 19 (exceeds 5 allowed). Consider refactoring. Open
def connect_drs
dcerpc_client = RubySMB::Dcerpc::Client.new(
simple.address,
RubySMB::Dcerpc::Drsr,
username: datastore['SMBUser'],
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method dump_cached_hashes
has 59 lines of code (exceeds 25 allowed). Consider refactoring. Open
def dump_cached_hashes(reg_parser, nlkm_key)
print_status('Dumping cached hashes')
cache_infos = reg_parser.cached_infos(nlkm_key)
if cache_infos.nil? || cache_infos.empty?
Method parse_user_record
has a Cognitive Complexity of 16 (exceeds 5 allowed). Consider refactoring. Open
def parse_user_record(dcerpc_client, user_record)
vprint_status("Decrypting hash for user: #{user_record.pmsg_out.msg_getchg.p_nc.string_name.to_ary[0..].join.encode('utf-8')}")
entinf_struct = user_record.pmsg_out.msg_getchg.p_objects.entinf
rid = entinf_struct.p_name.sid[-4..].unpack('L<').first
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method initialize
has 49 lines of code (exceeds 25 allowed). Consider refactoring. Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Windows Secrets Dump',
Method connect_drs
has 45 lines of code (exceeds 25 allowed). Consider refactoring. Open
def connect_drs
dcerpc_client = RubySMB::Dcerpc::Client.new(
simple.address,
RubySMB::Dcerpc::Drsr,
username: datastore['SMBUser'],
Method dump_sam_hashes
has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring. Open
def dump_sam_hashes(reg_parser, boot_key)
print_status('Dumping SAM hashes')
vprint_status('Calculating HashedBootKey from SAM')
hboot_key = reg_parser.get_hboot_key(boot_key)
unless hboot_key.present?
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method get_machine_kerberos_keys
has 30 lines of code (exceeds 25 allowed). Consider refactoring. Open
def get_machine_kerberos_keys(raw_secret, _machine_name)
vprint_status('Calculating machine account Kerberos keys')
# Attempt to create Kerberos keys from machine account (if possible)
secret = []
salt = get_machine_kerberos_salt
Method dump_sam_hashes
has 29 lines of code (exceeds 25 allowed). Consider refactoring. Open
def dump_sam_hashes(reg_parser, boot_key)
print_status('Dumping SAM hashes')
vprint_status('Calculating HashedBootKey from SAM')
hboot_key = reg_parser.get_hboot_key(boot_key)
unless hboot_key.present?
Avoid deeply nested control flow statements. Open
if nlkm_key.nil? || nlkm_key.empty?
print_status('No NLKM key (skip cached hashes dump)')
else
report_info(nlkm_key.unpack('H*')[0], 'host.nlkm_key')
dump_cached_hashes(reg_parser, nlkm_key)
Avoid deeply nested control flow statements. Open
unless report_creds(print_name, key_data, **credential_opts)
vprint_bad("Error when reporting #{print_name} machine kerberos key #{krb_enc_key_to_s(key)}")
end
Method get_service_account
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def get_service_account(service_name)
return nil unless @svcctl
vprint_status("Getting #{service_name} service account")
svc_handle = @svcctl.open_service_w(@scm_handle, service_name)
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method get_boot_key
has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def get_boot_key
print_status('Retrieving target system bootKey')
root_key_handle = @winreg.open_root_key('HKLM')
boot_key = ''.b
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method do_cleanup
has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def do_cleanup
print_status('Cleaning up...')
if @service_should_be_stopped
print_status('Stopping service RemoteRegistry...')
svc_handle = @svcctl.open_service_w(@scm_handle, 'RemoteRegistry')
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method get_default_login_account
has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def get_default_login_account
vprint_status('Getting default login account')
begin
username = @winreg.read_registry_key_value(
'HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon',
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"