CoCalc -- enum_chocolatey

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/documentation/modules/post/windows/gather/enum_chocolatey_applications.md
Views: ¹⁹⁰⁴

Vulnerable Application

This module will enumerate all installed applications on a Windows system that are installed with Chocolatey.

Verification Steps

Start msfconsole
Get meterpreter or shell session
Do: use post/windows/gather/enum_chocolatey_applications
Do: set SESSION <session id>
Do: run

Options

ChocoPath

This is here for the incredibly rare cases where chocolatey is not on the system path. It allows you to set the path of the chocolatey executable ahead of time. Unless this is changed, it assumes to use chocolatey from the path.

Scenarios

Windows 10 Pro (21H2 Build 19044.1586).

msf6 exploit(multi/handler) > [*] Meterpreter session 12 opened (192.168.56.1:4444 -> 192.168.56.112:49906 ) at 2022-03-27 15:57:39 -0400

msf6 exploit(multi/handler) > use post/windows/gather/enum_chocolatey_applications 
msf6 post(windows/gather/enum_chocolatey_applications) > set SESSION 12
SESSION => 12
msf6 post(windows/gather/enum_chocolatey_applications) > run

[*] Enumerating applications installed on DESKTOP-LB04G7R
[*] Targets Chocolatey version: 1.0.0
[*] Getting chocolatey applications.
[+] Successfully grabbed all items
Installed Chocolatey Applications
=================================

Name                       Version
----                       -------
GoogleChrome               99.0.4844.82
SQLite                     3.38.1
chocolatey                 1.0.0
chocolatey-core.extension  1.3.5.1
notepadplusplus            8.3.3
notepadplusplus.install    8.3.3
sublimetext3               3.2.2

[+] Results stored in: /home/rad10/.msf4/loot/20220327160034_default_192.168.56.112_host.application_704988.txt
[*] Post module execution completed