File veeam_credential_dump.rb
has 724 lines of code (exceeds 250 allowed). Consider refactoring. Open
require 'metasploit/framework/credential_collection'
class MetasploitModule < Msf::Post
include Msf::Post::Common
include Msf::Post::File
Method run
has a Cognitive Complexity of 38 (exceeds 5 allowed). Consider refactoring. Open
def run
current_action = action.name.downcase
if current_action == 'decrypt' && !datastore['VBR_CSV_FILE'] && !datastore['VOM_CSV_FILE']
fail_with(Msf::Exploit::Failure::BadConfig, 'You must set either the VBR_CSV_FILE or VOM_CSV_FILE advanced options')
end
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method decrypt_vbr_db
has a Cognitive Complexity of 33 (exceeds 5 allowed). Consider refactoring. Open
def decrypt_vbr_db(csv_dataset)
current_row = 0
decrypted_rows = 0
plaintext_rows = 0
blank_rows = 0
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method decrypt_vbr_db
has 99 lines of code (exceeds 25 allowed). Consider refactoring. Open
def decrypt_vbr_db(csv_dataset)
current_row = 0
decrypted_rows = 0
plaintext_rows = 0
blank_rows = 0
Class MetasploitModule
has 26 methods (exceeds 20 allowed). Consider refactoring. Open
class MetasploitModule < Msf::Post
include Msf::Post::Common
include Msf::Post::File
include Msf::Post::Windows::MSSQL
include Msf::Post::Windows::Powershell
Method decrypt_vom_db
has a Cognitive Complexity of 20 (exceeds 5 allowed). Consider refactoring. Open
def decrypt_vom_db(csv_dataset)
current_row = 0
decrypted_rows = 0
plaintext_rows = 0
blank_rows = 0
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method initialize
has 58 lines of code (exceeds 25 allowed). Consider refactoring. Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Veeam Backup and Replication Credentials Dump',
Method decrypt_vom_db
has 54 lines of code (exceeds 25 allowed). Consider refactoring. Open
def decrypt_vom_db(csv_dataset)
current_row = 0
decrypted_rows = 0
plaintext_rows = 0
blank_rows = 0
Method db_conf_build
has 47 lines of code (exceeds 25 allowed). Consider refactoring. Open
def db_conf_build(db_conf)
db_instance_path = db_conf['DATA SOURCE']
db_name = db_conf['INITIAL CATALOG']
db_user = db_conf['USER ID']
db_pass_enc = db_conf['PASSWORD']
Method dump_db
has 43 lines of code (exceeds 25 allowed). Consider refactoring. Open
def dump_db(target)
target_name = target.upcase
case target_name
when 'VBR'
sql_query = 'SET NOCOUNT ON;
Method decrypt
has a Cognitive Complexity of 13 (exceeds 5 allowed). Consider refactoring. Open
def decrypt(csv_file, target)
target_name = target.upcase
targets = resolve_target(target_name)
fail_with(Msf::Exploit::Failure::Unknown, "Could not resolve Veeam product '#{target_name}'") if targets.nil?
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method dump_db
has a Cognitive Complexity of 13 (exceeds 5 allowed). Consider refactoring. Open
def dump_db(target)
target_name = target.upcase
case target_name
when 'VBR'
sql_query = 'SET NOCOUNT ON;
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method run
has 39 lines of code (exceeds 25 allowed). Consider refactoring. Open
def run
current_action = action.name.downcase
if current_action == 'decrypt' && !datastore['VBR_CSV_FILE'] && !datastore['VOM_CSV_FILE']
fail_with(Msf::Exploit::Failure::BadConfig, 'You must set either the VBR_CSV_FILE or VOM_CSV_FILE advanced options')
end
Method decrypt
has 37 lines of code (exceeds 25 allowed). Consider refactoring. Open
def decrypt(csv_file, target)
target_name = target.upcase
targets = resolve_target(target_name)
fail_with(Msf::Exploit::Failure::Unknown, "Could not resolve Veeam product '#{target_name}'") if targets.nil?
Method init_veeam_db
has 33 lines of code (exceeds 25 allowed). Consider refactoring. Open
def init_veeam_db
print_status('Get Veeam SQL Parameters ...')
if vbr?
if datastore['VBR_MSSQL_INSTANCE'] && datastore['VBR_MSSQL_DB']
print_status('VBR_MSSQL_INSTANCE and VBR_MSSQL_DB advanced options set, connect to VBR SQL using SSPI')
Method get_vom_database_config
has 33 lines of code (exceeds 25 allowed). Consider refactoring. Open
def get_vom_database_config
# MachineKey DPAPI with static entropy twist
# Static entropy is a BINARY_BLOB of UTF-16LE text "{F0F8C9DE-AB1E-48b6-8221-665E5B016E70}"
# This value is burned into VeeamRegSettings.dll
reg_key = 'HKLM\\SOFTWARE\\Veeam\\Veeam ONE Monitor\\db_config'
Method db_conf_build
has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring. Open
def db_conf_build(db_conf)
db_instance_path = db_conf['DATA SOURCE']
db_name = db_conf['INITIAL CATALOG']
db_user = db_conf['USER ID']
db_pass_enc = db_conf['PASSWORD']
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method get_vom_database_config
has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring. Open
def get_vom_database_config
# MachineKey DPAPI with static entropy twist
# Static entropy is a BINARY_BLOB of UTF-16LE text "{F0F8C9DE-AB1E-48b6-8221-665E5B016E70}"
# This value is burned into VeeamRegSettings.dll
reg_key = 'HKLM\\SOFTWARE\\Veeam\\Veeam ONE Monitor\\db_config'
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method get_install_path
has 29 lines of code (exceeds 25 allowed). Consider refactoring. Open
def get_install_path(target)
target_name = target.upcase
case target_name
when 'VBR'
reg_key = 'HKLM\\SOFTWARE\\Veeam\\Veeam Backup and Replication'
Method set_veeam_build
has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring. Open
def set_veeam_build(target_name, target_version)
case target_name
when 'VBR'
@vbr_build = target_version
if vbr?
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method plunder
has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring. Open
def plunder(rowset)
rowset.each_with_index do |row, idx|
next if idx == 0 # Skip header row
next unless (loot_pass = row['Plaintext'])
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method init_veeam_db
has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring. Open
def init_veeam_db
print_status('Get Veeam SQL Parameters ...')
if vbr?
if datastore['VBR_MSSQL_INSTANCE'] && datastore['VBR_MSSQL_DB']
print_status('VBR_MSSQL_INSTANCE and VBR_MSSQL_DB advanced options set, connect to VBR SQL using SSPI')
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method init_module
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def init_module
veeam_hostname = get_env('COMPUTERNAME')
print_status("Hostname #{veeam_hostname} IPv4 #{rhost}")
require_sql = action.name.downcase == 'export' || action.name.downcase == 'dump'
get_version('VBR')
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method read_csv_file
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def read_csv_file(file_name)
fail_with(Msf::Exploit::Failure::NoTarget, "CSV file #{file_name} not found") unless ::File.file?(file_name)
csv_rows = ::File.binread(file_name)
csv = ::CSV.parse(
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method sql_prepare
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def sql_prepare(sql_query, target)
target_name = target.upcase
case target_name
when 'VBR'
if @vbr_db_integrated_auth
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method get_version
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def get_version(target)
target_name = target.upcase
case target_name
when 'VBR'
return nil unless (vbr_path = get_install_path('VBR'))
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method get_vbr_database_config
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def get_vbr_database_config
# Bog-standard MachineKey DPAPI with no additional entropy
reg_key = 'HKLM\\SOFTWARE\\Veeam\\Veeam Backup and Replication'
fail_with(Msf::Exploit::Failure::NoTarget, "Could not read #{reg_key}") unless registry_key_exist?(reg_key)
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method get_install_path
has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def get_install_path(target)
target_name = target.upcase
case target_name
when 'VBR'
reg_key = 'HKLM\\SOFTWARE\\Veeam\\Veeam Backup and Replication'
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"