Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star
modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb

Summary

Maintainability
F
6 days
Test Coverage

File thycotic_secretserver_dump.rb has 644 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'metasploit/framework/credential_collection'

class MetasploitModule < Msf::Post
  include Msf::Post::Common
  include Msf::Post::File
Severity: Major
Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 1 day to fix

    Method decrypt_thycotic_db has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def decrypt_thycotic_db(csv_dataset)
    current_row = 0
    decrypted_rows = 0
    plaintext_rows = 0
    blank_rows = 0
    Severity: Minor
    Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method decrypt_thycotic_db has 90 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def decrypt_thycotic_db(csv_dataset)
    current_row = 0
    decrypted_rows = 0
    plaintext_rows = 0
    blank_rows = 0
    Severity: Major
    Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 3 hrs to fix

      Method thycotic_encryption_config_decrypt_legacy has a Cognitive Complexity of 24 (exceeds 5 allowed). Consider refactoring.
      Open

        def thycotic_encryption_config_decrypt_legacy(enc_conf_bytes)
    res = {}
    # Burned-in static keys and IV
    aes_key_legacy = ['020216980119760c0b79017097830b1d'].pack('H*')
    aes_iv_legacy = ['7a790a22020b6eb3630cdd080310d40a'].pack('H*')
      Severity: Minor
      Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 3 hrs to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Class MetasploitModule has 25 methods (exceeds 20 allowed). Consider refactoring.
      Open

      class MetasploitModule < Msf::Post
  include Msf::Post::Common
  include Msf::Post::File
  include Msf::Post::Windows::MSSQL
  include Msf::Post::Windows::Powershell
      Severity: Minor
      Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 2 hrs to fix

        Method thycotic_encryption_config_decrypt_modern has a Cognitive Complexity of 19 (exceeds 5 allowed). Consider refactoring.
        Open

          def thycotic_encryption_config_decrypt_modern(enc_conf_bytes)
    res = {}
    # Burned-in static keys and IV
    aes_key = ['83fb558645767abb199755eafb4fbc5167113da8ee69f13267388dc3adcdb088'].pack('H*')
    aes_iv = ['ad478c63f93d5201e0a1bbfff0072b6b'].pack('H*')
        Severity: Minor
        Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 2 hrs to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method init_thycotic_db has 51 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def init_thycotic_db(ss_web_path)
    print_status('Decrypt database.config ...')
    ss_db_config_file = ss_web_path + 'database.config'
    vprint_status('Database configuration file path:')
    vprint_status("\t#{ss_db_config_file}")
        Severity: Major
        Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 2 hrs to fix

          Method init_thycotic_encryption has 50 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def init_thycotic_encryption(ss_web_path)
    print_status('Decrypt encryption.config ...')
    ss_enc_config_file = ss_web_path + 'encryption.config'
    vprint_status('Encryption configuration file path:')
    vprint_status("\t#{ss_enc_config_file}")
          Severity: Minor
          Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 2 hrs to fix

            Method thycotic_secret_decrypt has a Cognitive Complexity of 15 (exceeds 5 allowed). Consider refactoring.
            Open

              def thycotic_secret_decrypt(options = {})
    secret_id = options.fetch(:secret_id)
    secret_field = options.fetch(:secret_field)
    secret_value = options.fetch(:secret_value)
    secret_key = options.fetch(:secret_key)
            Severity: Minor
            Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 1 hr to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method initialize has 43 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Delinea Thycotic Secret Server Dump',
            Severity: Minor
            Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 1 hr to fix

              Method thycotic_secret_decrypt has 39 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def thycotic_secret_decrypt(options = {})
    secret_id = options.fetch(:secret_id)
    secret_field = options.fetch(:secret_field)
    secret_value = options.fetch(:secret_value)
    secret_key = options.fetch(:secret_key)
              Severity: Minor
              Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 1 hr to fix

                Method thycotic_encryption_config_decrypt_modern has 38 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def thycotic_encryption_config_decrypt_modern(enc_conf_bytes)
    res = {}
    # Burned-in static keys and IV
    aes_key = ['83fb558645767abb199755eafb4fbc5167113da8ee69f13267388dc3adcdb088'].pack('H*')
    aes_iv = ['ad478c63f93d5201e0a1bbfff0072b6b'].pack('H*')
                Severity: Minor
                Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 1 hr to fix

                  Method thycotic_encryption_config_decrypt_legacy has 35 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def thycotic_encryption_config_decrypt_legacy(enc_conf_bytes)
    res = {}
    # Burned-in static keys and IV
    aes_key_legacy = ['020216980119760c0b79017097830b1d'].pack('H*')
    aes_iv_legacy = ['7a790a22020b6eb3630cdd080310d40a'].pack('H*')
                  Severity: Minor
                  Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 1 hr to fix

                    Method decrypt has 33 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def decrypt(csv_file)
    unless (csv = read_csv_file(csv_file))
      print_error('No records imported from CSV dataset')
      return false
    end
                    Severity: Minor
                    Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 1 hr to fix

                      Method run has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
                      Open

                        def run
    fail_with(Msf::Exploit::Failure::NoTarget, 'Could not initialize') unless init_module
    current_action = action.name.downcase
    if current_action == 'export' || current_action == 'dump'
      print_status('Performing export of Secret Server SQL database to CSV file')
                      Severity: Minor
                      Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 1 hr to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      Method dump_thycotic_db has 29 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def dump_thycotic_db
    if @ss_build <= 8.7 # REALLY old-style: ItemKey and MekIV do not exist
      sql_query = 'SET NOCOUNT ON;SELECT s.SecretID,s.Active,CONVERT(VARBINARY(256),t.SecretTypeName) SecretType,
        CONVERT(VARBINARY(256),s.SecretName) SecretName,i.IsEncrypted,i.IsSalted,i.Use256Key,
        CONVERT(VARBINARY(256),f.SecretFieldName) SecretFieldName,i.ItemValue,i.ItemValue2,i.IV
                      Severity: Minor
                      Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 1 hr to fix

                        Method init_module has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
                        Open

                          def init_module
    @ss_hostname = get_env('COMPUTERNAME')
    print_status("Hostname #{@ss_hostname} IPv4 #{rhost}")
    get_sql_client
    unless @sql_client == 'sqlcmd'
                        Severity: Minor
                        Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 1 hr to fix

                        Cognitive Complexity

                        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                        A method's cognitive complexity is based on a few simple rules:

                        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                        • Code is considered more complex for each "break in the linear flow of the code"
                        • Code is considered more complex when "flow breaking structures are nested"

                        Further reading

                        Method init_thycotic_db has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
                        Open

                          def init_thycotic_db(ss_web_path)
    print_status('Decrypt database.config ...')
    ss_db_config_file = ss_web_path + 'database.config'
    vprint_status('Database configuration file path:')
    vprint_status("\t#{ss_db_config_file}")
                        Severity: Minor
                        Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 1 hr to fix

                        Cognitive Complexity

                        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                        A method's cognitive complexity is based on a few simple rules:

                        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                        • Code is considered more complex for each "break in the linear flow of the code"
                        • Code is considered more complex when "flow breaking structures are nested"

                        Further reading

                        Method init_module has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def init_module
    @ss_hostname = get_env('COMPUTERNAME')
    print_status("Hostname #{@ss_hostname} IPv4 #{rhost}")
    get_sql_client
    unless @sql_client == 'sqlcmd'
                        Severity: Minor
                        Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 1 hr to fix

                          Method decrypt has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
                          Open

                            def decrypt(csv_file)
    unless (csv = read_csv_file(csv_file))
      print_error('No records imported from CSV dataset')
      return false
    end
                          Severity: Minor
                          Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 45 mins to fix

                          Cognitive Complexity

                          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                          A method's cognitive complexity is based on a few simple rules:

                          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                          • Code is considered more complex for each "break in the linear flow of the code"
                          • Code is considered more complex when "flow breaking structures are nested"

                          Further reading

                          Method get_thycotic_database_config has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
                          Open

                            def get_thycotic_database_config(db_conf_bytes)
    res = {}
    # Burned-in static keys and IV
    aes_key = ['020216980119760c0b79017097830b1d'].pack('H*')
    aes_iv = ['7a790a22020b6eb3630cdd080310d40a'].pack('H*')
                          Severity: Minor
                          Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 35 mins to fix

                          Cognitive Complexity

                          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                          A method's cognitive complexity is based on a few simple rules:

                          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                          • Code is considered more complex for each "break in the linear flow of the code"
                          • Code is considered more complex when "flow breaking structures are nested"

                          Further reading

                          Method dump_thycotic_db has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
                          Open

                            def dump_thycotic_db
    if @ss_build <= 8.7 # REALLY old-style: ItemKey and MekIV do not exist
      sql_query = 'SET NOCOUNT ON;SELECT s.SecretID,s.Active,CONVERT(VARBINARY(256),t.SecretTypeName) SecretType,
        CONVERT(VARBINARY(256),s.SecretName) SecretName,i.IsEncrypted,i.IsSalted,i.Use256Key,
        CONVERT(VARBINARY(256),f.SecretFieldName) SecretFieldName,i.ItemValue,i.ItemValue2,i.IV
                          Severity: Minor
                          Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 35 mins to fix

                          Cognitive Complexity

                          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                          A method's cognitive complexity is based on a few simple rules:

                          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                          • Code is considered more complex for each "break in the linear flow of the code"
                          • Code is considered more complex when "flow breaking structures are nested"

                          Further reading

                          Method init_thycotic_encryption has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
                          Open

                            def init_thycotic_encryption(ss_web_path)
    print_status('Decrypt encryption.config ...')
    ss_enc_config_file = ss_web_path + 'encryption.config'
    vprint_status('Encryption configuration file path:')
    vprint_status("\t#{ss_enc_config_file}")
                          Severity: Minor
                          Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 35 mins to fix

                          Cognitive Complexity

                          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                          A method's cognitive complexity is based on a few simple rules:

                          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                          • Code is considered more complex for each "break in the linear flow of the code"
                          • Code is considered more complex when "flow breaking structures are nested"

                          Further reading

                          Method read_csv_file has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
                          Open

                            def read_csv_file(file_name)
    unless File.exist?(file_name)
      print_error("CSV file #{file_name} not found")
      return false
    end
                          Severity: Minor
                          Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 35 mins to fix

                          Cognitive Complexity

                          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                          A method's cognitive complexity is based on a few simple rules:

                          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                          • Code is considered more complex for each "break in the linear flow of the code"
                          • Code is considered more complex when "flow breaking structures are nested"

                          Further reading

                          Avoid too many return statements within this method.
                          Open

                                return false
                          Severity: Major
                          Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 30 mins to fix

                            Method aes_cbc_decrypt has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
                            Open

                              def aes_cbc_decrypt(ciphertext_bytes, aes_key, aes_iv)
    return false unless aes_iv.length == 16

    case aes_key.length
    when 16
                            Severity: Minor
                            Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 25 mins to fix

                            Cognitive Complexity

                            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                            A method's cognitive complexity is based on a few simple rules:

                            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                            • Code is considered more complex for each "break in the linear flow of the code"
                            • Code is considered more complex when "flow breaking structures are nested"

                            Further reading

                            There are no issues that match your filters.

                            Category
                            Status