Improve handling of the padding bytes. Look for string error codes fi…

…rst. Moved a btw status message
tenable · Oct 15, 2018 · b17957d · b17957d
1 parent b94eba9
commit b17957d
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 6 deletions.
diff --git a/common/winbox_message.cpp b/common/winbox_message.cpp
@@ -675,6 +675,21 @@ bool WinboxMessage::parse_binary(const std::string& p_input)
                             }
                             input.erase(0, length);
                         }
+                        else
+                        {
+                            // its hard to account for the weird seperators that
+                            // MT has inserted mid message. Just mark the entire
+                            // remaining message as raw and get on with life
+                            if (type == variable_type::k_raw)
+                            {
+                                m_raw.insert(std::make_pair(name, input));
+                            }
+                            else
+                            {
+                                m_strings.insert(std::make_pair(name, input));
+                            }
+                            input.clear();
+                        }
                     }
                 }
                 break;
@@ -707,6 +722,17 @@ bool WinboxMessage::parse_binary(const std::string& p_input)
                                 input.erase(0, length);
                             }
                         }
+                        else if (input.size() > 2 && input[0] == 'M' && input[1] == '2')
+                        {
+                            // its hard to account for the weird seperators that
+                            // MT has inserted mid message. Just mark the entire
+                            // remaining message as msg and get on with life
+                            input.erase(0, 2);
+                            WinboxMessage temp;
+                            temp.parse_binary(input);
+                            m_msgs.insert(std::make_pair(name, temp));
+                            input.clear();
+                        }
                     }
                 }
                 break;
@@ -1186,7 +1212,11 @@ std::string WinboxMessage::get_error_string() const
 {
     if (has_error())
     {
-        if (m_u32s.find(variable_names::k_error_code) != m_u32s.end())
+        if (m_strings.find(variable_names::k_error_string) != m_strings.end())
+        {
+            return m_strings.find(variable_names::k_error_string)->second;
+        }
+        else if (m_u32s.find(variable_names::k_error_code) != m_u32s.end())
         {
             switch (m_u32s.find(variable_names::k_error_code)->second)
             {
@@ -1206,10 +1236,6 @@ std::string WinboxMessage::get_error_string() const
                     return "Unknown error code";
             }
         }
-        else
-        {
-            return m_strings.find(variable_names::k_error_string)->second;
-        }
     }
     return std::string();
 }

diff --git a/poc/bytheway/src/main.cpp b/poc/bytheway/src/main.cpp
@@ -84,14 +84,16 @@ namespace
      */
     std::string getPasswords(const std::string& p_ip, const std::string& p_winbox_port)
     {
-        std::cout << "[+] Extracting passwords from " << p_ip << ":" << p_winbox_port << std::endl;
+        std::cout << "[+] Attempting to connect to " << p_ip << ":" << p_winbox_port << std::endl;
         Winbox_Session winboxSession(p_ip, p_winbox_port);
         if (!winboxSession.connect())
         {
             std::cerr << "[!] Failed to connect to the remote host" << std::endl;
             return std::string();
         }
 
+        std::cout << "[+] Extracting user.dat..." << std::endl;
+
         WinboxMessage msg;
         msg.set_to(2, 2);
         msg.set_command(7);